I wonder what event triggered them to add this. The mention of US Patriot Act is intriguing considering they're a French company (I thought the app was maintained by one Frenchman, but following the LinkedIn link on their website shows it's a company in Nancy, France). But I guess it's a copy-paste Warrant Canary.
> I thought the app was maintained by one Frenchman, but following the LinkedIn link on their website shows it's a company in Nancy, France
The mobile apps are published by the frenchman who seems to live in UK but Joplin Cloud seems to be run by the french company (https://annuaire-entreprises.data.gouv.fr/entreprise/joplin-...)
«We have introduced a publicly signed warrant canary for Joplin.
A warrant canary is a regularly updated statement confirming that, as of the stated date, the project has not received secret legal orders, gag orders, or demands requiring the introduction of backdoors into the software or its infrastructure».
I never really understood warrant canaries. Wouldn't they be still vulnerable to rubber-hose cryptanalysis? An attacker could coerce you to continue updating your canary as if nothing had happened.
Assuming US, I think that the gov't can't actually compel speech from an entity e.g. force to keep signing the canary. Warrant canaries are the way entities can circumvent the narrow case where the gov't actually can restrict your free speech, by creating a case where your lack of speak is telling. By this framework we can then come around again to the first point.
The trick is they can just take over maintaining the canary themselves after black-bagging you.
But in general the idea works - in theory.
The point of a canary is that it's cryptographically signed, and it's possible to set up a duress passphrase that will delete the key when entered, so if everything works correctly an unauthorized party can't keep posting signed canaries.
In the US you can legally be compelled to keep certain warrants a secret. They can not legally compel you to make a statement, even if the lack of a statement reveals a warrant's existence.
Yes, but usually something like that leaves other signs. If men with guns take away a lot of people in your company in theory other people will notice.