NEWS

Proxy.sh triggers warrant canary. What next?

Proxy.sh is a Seychelles-based VPN provider. Like many VPN providers, Proxy.sh uses a warrant canary to reassure customers that it has not been compromised and served a gag order.

Now… as I have discussed before, I usually consider such warrant canaries to be primarily promotional fluff for companies who keen to display their privacy-friendly credentials. In my view, they are of only very limited use as a practical security measure.

A big part of the reason for this is that even when they are triggered (often out of sheer laziness over updating them!), they are simply ignored. This defeats their entire purpose!

On 2 June, however, Proxy.sh issued a very specific warning,

France 8 removed from warrant canary until further notice

We would like to inform our users that we do not wish any longer to mention France 8 (85.236.153.236) in our warrant canary until further notice.”

Proxy.sh warrent canary

When questioned about the move, Proxy.sh said,

We recommend our users to no longer connect to it. We are striving to do whatever it takes to include that node into our warrant canary again. The warrant canary has been particularly designed to make sure we could still move without being legally able to answer questions in a more detailed manner. We are happy to see it put to use after all and that our users are made aware of it.

This leaves little room for doubt – Proxy.sh has been issued with a legally binding surveillance order, and is not allowed to talk about it (at least directly).

Interestingly, the website that first noticed the warning also noted that it had largely fallen on deaf ears. Despite being very specific that users should avoid France 8, Proxy.sh customers have continued to use the popular server almost unabated.

Most worryingly it would appear that the clear announcement coupled with the removal of the France 8 server from the warrant canary has fallen on deaf ears. The France 8 server coupled with their French servers in general continue to be some of the most utilised of their network.

Somewhat peculiar is that the wording of the warning goes far beyond the usual method of triggering a warrant canary via inaction. The idea behind warrant canaries is that a government can legally silence an individual, but that it cannot force them to tell a lie (i.e. to falsely update the warrant canary).

In the US it is argued that the First Amendment protects against compelled speech. As the Electronic Frontier Foundation (EFF) notes,

While the government may be able to compel silence through a gag order, it may not be able to compel an ISP to lie by falsely stating that it has not received legal process when in fact it has.

By being so specific in its wording, however, Proxy.sh is not so much triggering a warrant canary, as issuing a clear and unambiguous warning. As such, it is likely that any court would find the company in contempt of a legally mandated gag order by issuing such a statement.

It is, of course, possible that the government issuing the gag order has no legal recourse against a company registered in the Seychelles. In this case, however, why even bother couching the warning in terms of warrant canary at all?

So what is a Proxy.sh customer to do?

The first thing, obviously, is to not use the France 8 server! This probably also applies to all servers in France, as the canary warning implies that the server has been compromised by the French government.

Proxy.sh

Should I stay ..?

Alarming as this news is, Proxy.sh has demonstrated a high degree of integrity and transparency by triggering this warrant canary. It clearly takes its responsibilities for keeping its users’ data private very seriously, and is willing to risk its reputation to do so. This is highly commendable, and in my view inspires a great deal of trust.

… Or should I go now?

This is, in fact, not the first time that Proxy.sh has courted controversy. In 2013 Proxy.sh announced that it would install a traffic sniffer in order to catch or deter “hacking activities”. The move divided the VPN community on similar grounds to the current debate.

Many were understand appalled by the decision, while others praised Proxy.sh’s transparency, and the fact that it was willing to admit doing something that many other providers might also do, but in secret. The balance opinion at the time, however, was highly critical of Proxy.sh.

This incident was followed by a report from Ars Tecinica, which called Proxy.sh a “shadowy VPN firm” and generally gave it a good kicking,

In short, Proxy.sh—a company whose employees and origins are completely obscured—asks its customers to simply trust its ethical judgment about perceived user wrongdoing. Without knowing more about the company in the first place, it’s hard to know what impact its policies will have on the Proxy.sh bottom line.

Proxy.sh has since released an improved Ethical Policy which makes the following promise,

We are based in the Republic of Seychelles and if any domestic law or constraint contradicts our mission and values, we will not hesitate to relocate into another location. Additionally, if we cannot find a right location to strive for such principles, we will submit ourselves to ‘Corporate Seppuku’. We will close business and provide refund to all our present customers within the cash budget we have at our disposal.

“Corporate Seppuku” refers to the infamous incident where Lader Levison, owner and operator of secure email service Lavabit, closed down his company. He did this to prevent his customers from being compromised after he received a National Security Letter (and accompanying gag order) from the US government. It is now confirmed that the government was looking for emails belonging to Edward Snowden.

Conclusion

Personally, I am impressed by Proxy.sh’s honesty and transparency in this case. I can fully understand, however, why many might be leery of having anything to do with the company. This is especially true in light of Ars’ finding when it investigated the company (albeit almost 3 years ago). I would therefore be very interesting in what you, dear readers, think about the situation…


Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage

More

6 responses to “Proxy.sh triggers warrant canary. What next?

  1. You show us the real challenge hidden with the words or facts ; influence & privacy.

    But … a gag order is different according on the country & the subject so it does not apply in the real life , the name of that joke is : discretionary power.
    What does it mean ? Without a contract , nothing. And even with a judgement , the value of this ‘agreement is near of zero.
    No , a gag order will not help so they add a vicious condition , a blackmail (they should have to add a codicil : compensation). Their blackmails are violent and expensive.

    A gag order is a rhetoric manner to enter in the game (and other ‘similar things’) is used also as a sophisticated tool , it does not hide any fact and does not avoid any thing , the purpose is declaring an authority.
    Saying that a gag order _ no one must know or it is prohibited to _ is hiding a surveillance warrant is untrue.

    Canary warrant is exactly that : a resistance against these procedures , this process, not accepted as legal. It must be said and written on the canary page if a gag order was done. It is a public watch. It is not written _gag order = irrelevant in this case- so no, none surveillance warrant was made : it is a safe service.

    If a canary warrant failed (in your article ; it is the users who have deaf ears) ; it is the fault of the company (why do they let open a compromised server ? ).

    A gag order can be valuable only if your agreement was given before.
    So, where is the limit of the corruption ?
    Certainly in this obscure sphere where the manipulation of the mind is playing with the privacy.
    That is an influence matter.

    >I don’t think we are in fundamental disagreement here!
    >I would therefore be very interesting in what you, dear readers, think about the situation…
    * if they do obey at a gag order [hiding the fact that a surveillance warrant ..] (why not ? they do not want have any trouble is not it ?) why have they chosen the Seychelles islands ? Malta, Cypria, Bulgaria etc. could have been a better location no ?

    1. Hi v13,

      The Seychelles is a tax haven, and is not directly subject to any 14-Eyes spying. As you note, however, it has close ties with France, which is a 14-Eyes country, and may have used its influence with the Seychelles government to lean on Proxy.sh… Alternatively, an order could have been served to Proxy.sh’s server provider in France. (All just speculation).

      1. > [(All just speculation)]
        [it sounds like a cold war between uk and fr.]
        So, (speculation) they prefer use their influence/corruption but the result is the same : they control the data/server ?
        That is disturbing.

  2. A warrant canary is used for us, users, not for the vpn provider.
    It means that you become with our agreement a chain of trust and you can enter now in a closed club where your reputation is under survey.
    ruggedbox (Bulgaria_web-mail) was also in a strange case but seychelles is in a different location : the culture is french.
    So, you interpreter a bit like a Britain :
    ‘This leaves little room for doubt – Proxy.sh has been issued with a legally binding surveillance order, and is not allowed to talk about it (at least directly).’
    – if it was a legally surveillance , everyone should know it
    immediately.
    – you cannot say legally to someone : you “are not allowed to” without a contract (a trial is considered as that too).
    ‘The idea behind warrant canaries is that a government can legally silence an individual, but that it cannot force them to tell a lie (i.e. to falsely update the warrant canary).’
    One more again, it is a Britain point of view : a warrant canary is an independent way to say no at all pressures (government and others) so no one can legally silence an individual and ; it is because the warrant is made with sincerity & good faith that the lie cannot happen (with pgp often and a date).
    I guess that this warning was written for respecting a polite pedagogy principle because the users do not understand the reason why a server can be prohibited or unsafe and in the same time open.
    I notice that you replace the term ‘policy’ by ‘ethical policy’.
    Ars technica : “In short, Proxy.sh—a company whose employees and origins are completely obscured—asks its customers to simply trust its ethical judgment about perceived user wrongdoing. Without knowing more about the company in the first place, it’s hard to know what impact its policies will have on the Proxy.sh bottom line.”
    – obscured : it is wrong , it is well known who is behind this company.
    – ethical : it is wrong , it is based on a french mentality …
    * sincerity & good faith & trust are not in an ethical area but are rare qualities (in this context, ethical means transparency).
    * the warning like the policy (ethical policy) was made certainly under pressure coming from eff or others privacy actors.
    The influence in seychelles is french.

    1. Hi v13,

      I don’t think we are in fundamental disagreement here! The purpose of a gag order is to hide the fact that a surveillance warrant has been legally served. I usewd the term “Ethical policy” because that’s the title used by Proxy.sh.

Leave a Reply

Your email address will not be published. Required fields are marked *