Update (2018/08/09): Based on user feedback we have re-issued the most recent canary to include the “all clear” message that was inadvertently missing from the original August 2018 update. You can access the canary at https://spideroak.com/canary.
At SpiderOak, our core value is to protect our users and their data.
All products that value security have to do a complex juggling act between user experience (UX) and security. The most secure thing is really inconvenient to use, and the most convenient thing to use is usually not that secure.
Of course “secure” is a dynamic notion. It depends on what you recognize as a threat. So you might argue that there are a lot of products that have great UX and are extremely secure. You wouldn’t be wrong, but they probably have a very different threat model than we have.
Among the many things we do to pursue these goals, we decided to publish a warrant canary every 6 months. The process has gone without failure so far, and we are happy we’ve never had to stop updating it.
The warrant canary effectiveness as a method is arguable. And in our experience, it has added some confusion among some of our users.
The way the canary is built happens by one of us writing the contents of it, cryptographically signing it, then distributing it among 2 other spideroakers in 2 other parts of the world to sign it as well. This process takes time, as people keep their canary signing keys in a secure offline machine (UX vs security juggling act) and also have to deal with all the other tasks they have. So it’s not a perfect science the exact moment when the canary gets published. It might vary for a day or two, and that has added some understandable stress to some users.
On top of this, the canary’s effectiveness as a tool has been questioned, the usage of it at other companies is not consistent, and verifying it and keeping track of it is complicated for users.
So after thinking about this for some time, we have decided to move away from signed warrant canaries and instead publish a transparency report located at https://spideroak.com/transparency that will get updated as events happen.
We realize that this change doesn’t carry the same “cryptographic weight” as the signed canaries. The value is equivalent though since the people that sign the canary are the same people that are behind the code that you’re running when you run our products. And that code is designed to give us, SpiderOak, information that nobody but you can make sense of.
Originally published at SpiderOak.com on August 3, 2018.
