FUTO Warrant Canary
FUTO confirmed its systems' integrity, stating no private keys were disclosed and no classified requests for user information were received. A canary statement will be re-signed in 2025 for transparency.
Read original article
FUTO has confirmed the integrity of its systems, stating that no private encryption keys have been disclosed and that there has been no forced modification of their system to allow unauthorized access or information leakage. The organization has not received any National Security Letters, FISA court orders, or classified requests for user information, nor has it been subject to any gag orders from a FISA court. FUTO plans to re-sign this canary statement on April 20, 2025, and will include a link to a recent news article in each update to verify that the signature was not pre-generated. The last signing occurred on August 8, 2024.
- FUTO asserts that its systems remain secure and have not been compromised.
- The organization has not received any classified requests for user information.
- A canary statement will be re-signed in 2025 to maintain transparency.
- Each update will include a link to a news article for verification purposes.
Related
FUTO Keyboard
The FUTO Keyboard is a privacy-focused offline application with features like voice input, swipe typing, and themes. Users can download it from various platforms and support its development with a license.
Lessons from CrowdStrike's Buggy Update
Recent events underscored the importance of robust release processes in the software industry. A buggy update to CrowdStrike's Falcon security software caused system crashes, emphasizing the need for comprehensive testing, integrity verification, staged rollouts, and transparent communication. Justin Cappos highlighted the necessity of software supply chain validation mechanisms like in-toto for enhanced security.
Secure Boot useless on PCs from major vendors after key leak
A study by Binarily found that hundreds of PCs from major manufacturers are vulnerable due to a leaked 12-year-old test platform key, allowing attackers to bypass Secure Boot protections.
Mozilla follows Google in losing trust in Entrust's TLS certificates
Mozilla will stop trusting Entrust as a root certificate authority after November 30, 2024, following compliance failures. Google previously made a similar decision, citing inadequate responses from Entrust.
Welcome to our new website: "Turn on Privacy"
Tuta has rebranded with a new name and logo to emphasize online privacy, being the first to offer encrypted email and calendar services, and plans to expand its offerings.
1 commentsUpdate: From 2014, but Moxie Marlinspike comments that "every lawyer we've spoken to has confirmed that [warrant canaries] would not work":
> If it's illegal to advertise that you've received a court order of some kind, it's illegal to intentionally and knowingly take any action that has the effect of advertising the receipt of that order. A judge can't force you to do anything, but every lawyer I've spoken to has indicated that having a "canary" you remove or choose not to update would likely have the same legal consequences as simply posting something that explicitly says you've received something.
https://web.archive.org/web/20141027143819/https://github.co...
Related
FUTO Keyboard
The FUTO Keyboard is a privacy-focused offline application with features like voice input, swipe typing, and themes. Users can download it from various platforms and support its development with a license.
Lessons from CrowdStrike's Buggy Update
Recent events underscored the importance of robust release processes in the software industry. A buggy update to CrowdStrike's Falcon security software caused system crashes, emphasizing the need for comprehensive testing, integrity verification, staged rollouts, and transparent communication. Justin Cappos highlighted the necessity of software supply chain validation mechanisms like in-toto for enhanced security.
Secure Boot useless on PCs from major vendors after key leak
A study by Binarily found that hundreds of PCs from major manufacturers are vulnerable due to a leaked 12-year-old test platform key, allowing attackers to bypass Secure Boot protections.
Mozilla follows Google in losing trust in Entrust's TLS certificates
Mozilla will stop trusting Entrust as a root certificate authority after November 30, 2024, following compliance failures. Google previously made a similar decision, citing inadequate responses from Entrust.
Welcome to our new website: "Turn on Privacy"
Tuta has rebranded with a new name and logo to emphasize online privacy, being the first to offer encrypted email and calendar services, and plans to expand its offerings.