A signed statement we publish and re-sign on a fixed schedule. As long as it keeps appearing — current and correctly signed — it tells you certain things have not happened.
A warrant canary works by absence. We cannot always tell you when we have been served a secret order, because a gag can make that disclosure itself illegal. What we can do is keep re-affirming, on a predictable cadence, that no such thing has occurred. If the statement stops being refreshed, or the PGP signature stops verifying, that silence is the signal. Draw your own conclusions.
This mechanism only means something if you check it yourself. A canary you trust on our say-so is just a paragraph of text. A canary you verify against a key you already hold is evidence. Below is the signed block, followed by exactly how to confirm it is genuinely ours and genuinely current.
The block above is a template, not a live signature. Until it is wrapped in a real detached or clearsigned PGP signature and dated, treat it as a placeholder only.
Import the HushVPS public key from our contact and PGP details. Ideally you obtained it out of band, before you needed it.
Run the signed text above through your PGP client (gpg --verify). A canary that does not verify against our key is not our canary.
Confirm the signing date is recent and that the next-update date has not lapsed. A stale but valid signature is itself worth noting.
See how the rest of our disclosures fit together on the transparency page, or reach us over encrypted channels via contact.