If the ``warrant canary'' indicating that Cloudflare has not provided information to the government is not functioning, it will become a fuss and the CEO will come down and explain



Cloudflare, which provides a content delivery network (CDN), has released a document `` Writ Canary '' indicating that it has not provided information to law enforcement agencies. However, due to the fact that the ``Writ Canary'' public page has not been updated since December 2020 and the transparency report for the second half of 2022 has not been published as of July 2023, ``Cloudflare's ``Writ Canary'' ' is not working, ' speculation was posted on the social news site Hacker News. At the time of writing the article, Cloudflare's CEO Matthew Prince descended on the thread and acknowledged the fact that the 'warrant canary' has not been updated.

What is a Warrant Canary? | Cloudflare

https://www.cloudflare.com/ja-jp/learning/privacy/what-is-warrant-canary/



CloudFlare's last Warrant Canary was published over a year ago | Hacker News
https://news.ycombinator.com/item?id=36937413

A 'warrant canary' is a list of sentences such as 'I have never provided encryption keys to others' and 'I have never done XX', and the sentence 'I have never done XX' is Sentences are deleted when they are no longer true. ``Writ Canary'' is published by multiple services other than Cloudflare, and users can check ``Writ Canary'' to know changes in the service so that they can detect poison gas in coal mines based on the life and death of canaries. can. For example, in 2016, the online bulletin board Reddit reported that a document saying ``I have never received a confidential request for national security documents or user information, etc.'' was deleted and became a big topic.

Cloudflare publishes the following six points as `` warrant canaries '' at the time of writing the article.



However, since Cloudflare's ``Writ Canary'' public page has stopped updating since December 2020, the social news site Hacker News said, ``Cloudflare's ``Writ Canary'' is not working. Isn't it?' The speculation flew.

If the 'Writ Canary' public page has not been updated, there is a possibility that 'a situation that really deletes a passage of 'Writ Canary' has not occurred', but Cloudflare has ' transparency ' There is also the problem that sex reports are only available until the first half of 2022. It is not a problem that the report for the first half of 2023 has not been published as of July 2023, but it is possible to say that the 'Canary Warrant' public page has not been updated, and the report for the second half of 2022 has not been published. It has been pointed out that Cloudflare's stance on transparency may be slowing down based on the two points that there is no.

In the midst of a heated debate on Hacker News, Cloudflare CEO Matthew Prince descended on the thread and said , ``I unequivocally declare that they are all protected at this time,'' and six ``warrant canaries.'' has been maintained even at the time of article creation. On the other hand, Prince CEO sees the fact that the `` warrant canary '' public page has not been updated for a long time, and has indicated his intention to confirm with the legal department and the trust & safety department.

Also, in the thread, ``The `` law enforcement agencies '' described in the `` warrant canary '' do not include the Central Intelligence Agency (CIA) and the US National Security Agency (NSA). A question was posted , but CEO Prince said, ``Cloudflare considers both the CIA and the NSA to be ``law enforcement agencies. I have not done any of the acts described in Canary.'

On the other hand, Prince said about the item `` 5. Cloudflare has never changed the intended destination of DNS responses in response to requests from law enforcement agencies or other third parties '' (item 5), `` Item 5 is most at risk due to the lawsuits facing Germany, Italy and Australia.' Depending on the outcome of the lawsuit held at the time of writing, one item will disappear from the `` warrant canary ''. showing possibilities.

in Web Service,   Security, Posted by log1o_hf