We know what you must be thinking: what on earth is a ‘warrant canary?’ A warrant for an arrest issued by a canary? Or an insurance for canaries? None of that, here’s a hint: coalminers used canaries to alert them of high levels of carbon monoxide in the mines. As canaries are more sensitive to this toxic gas, miners had one with them to release it deep down in the mines. If the bird died, the miners would be aware of the danger and would never attempt going deeper to their certain doom.
In case of VPN providers, warrant canaries work the same way as their real-life bird counterparts, only figuratively: they warn customers if the company received any secret notice from authorities regarding user logs.
A Method Based on Secure Assumptions
In some countries the law allows authorities to send secret warrants to companies like ISPs or VPN providers, forcing them to hand over customers’ logs. And before you think that these strict laws are exclusive to less fortunate countries, think again: our infamous Patriot Act is actually one of these laws. As a matter of fact, this is the reason why it’s common to see top-tier providers located in foreign countries: they are not subject to U.S. laws, but to the ones of the countries they’re based in, where laws are usually more permissive. Thus, they can evade these warrants alongside accompanying legal orders that prevent the affected company to directly warn customers about the ongoing investigation.
Warrant canaries are ‘released’ by VPN companies for this very reason. When displayed on a website that didn’t receive a secret subpoena by government agencies, they would usually tell something like ‘company X didn’t receive any legal notice for Y amount of time.’ However, if these warrant canaries simply disappear or stop being updated overnight, then it is safe to assume that the affected company received a secret notice and shall, therefore, be considered a ‘red zone’ until further notice. Interestingly, having a warrant canary placed on the site is entirely legal, because no law prohibits companies from reporting legal processes that they have not received.
With warrant canaries on their side users can easily – albeit indirectly – learn for how long their VPN provider has been left alone by government agencies. And, as Private Internet Access (PIA) fittingly stated, a warrant canary actually tells a lot about a company’s no-log policy.
The Reverse of the Medal
On the other hand, as PIA is a provider based in the U.S., many people take the company’s words with a pinch of salt, even though the company has a public court record that clearly states nothing is logged that can identify users. Additionally, PIA reminds doubters that it immediately terminated their operations in Russia when the country’s regime wanted to force the company to start logging users’ identities.
VPN Providers With Warrant Canaries
Trust.Zone is a relatively newcomer VPN company that has been operating since 2014. As the company’s headquarters are located outside the U.S. – in Seychelles to be more precise – the Patriots Act doesn’t apply to it, but for reasons of “transparency and accountability” it still created a warrant canary in November 1 2017.
According to the company, the warrant canary ensures the protection of customers in case Trust.Zone is “required by law to be silent about any searches, seizures of data or requirements to log any actions” of their clients. The canary is updated on a daily basis, with fresh news headlines to further prove it, meaning that users will know what to do in case Trust.Zone stops with the updates.
NordVPN is the champion of security among VPN providers thanks to the double encryption it provides. Although the company is headquartered in Panama, it didn’t prevent NordVPN from creating its own warrant canary, which has been at users’ service since June 20 2017.
According to its own words, NordVPN was neither compromised nor it suffered any data breaches or received any secret warrants – at least at the time of writing. As in most cases of similar VPN providers, the warrant canary is updated every day, so visiting the company’s site on a daily basis for new updates is advisable.
Although SlickVPN is out of spotlight, its relative obscurity is what makes this VPN service provider so appealing for many. Contrary to the VPN providers listed above, this one has its headquarters on American soil, plus its warrant canary is updated month by month instead on a daily basis. However, SlickVPN’s canary includes important news topics related to the always current update to confirm its reliability, plus it sports some cryptographically signed messages for advanced users with familiarity with OpenPGP alongside a command line to use for proper verification.
Best VPN Services of 2018