Warrant canary · Zoza Auth · monthly

If this canary ever goes silent, infer the worst.

Every month, a Zoza officer signs a statement confirming Zoza Auth has received no secret subpoenas, National Security Letters, RBI gag-orders, CERT-In compelled-assistance orders, or any other legal process that compels us to impersonate a user, forge a challenge, weaken the Curve25519 parameters, or hand over customer data without informing the customer bank. The statement is signed with our offline canary key and pinned below. If the statement stops being updated, or changes substantively, draw your own conclusion.

Current statement — April 2026

Signed · Fresh Last signed: 2026-04-17 UTC. Next update: 2026-05-17.

On 2026-04-17, I, the signing officer for Zoza Auth, state the following is true for the period 2026-03-18 through 2026-04-17:

  • We have received no court order, subpoena, or NSL compelling us to backdoor the server-side Curve25519 private key for any customer's app.
  • We have received no order compelling us to produce, in secret, the list of device public keys registered to any specific customer bank.
  • We have received no order compelling us to forge a challenge response (i.e. generate an HKDF proof without the corresponding user actually tapping approve) on behalf of a law enforcement agent.
  • We have received no order compelling us to weaken the rate limit, TTL, or constant-time comparison behaviour in a way that would enable brute-force or side-channel attack.
  • We have not voluntarily provided any of the above to any party other than the customer bank the data belongs to, under a DPDP-compliant consent chain.

We have during this period responded to 0 law-enforcement data requests within scope of our 90-day metadata retention (challenge IDs, app IDs, timestamps). Scope-of-request totals will be published quarterly on this page — never as a surprise.

Signed using the Zoza Auth offline canary key (fingerprint below). Verified by any party with our published public key.

Signed at: 2026-04-17T00:00:00Z
Signing fingerprint: auth-canary-ed25519: TO BE PUBLISHED ON FIRST SIGNING
Signature over: SHA-256 of the plaintext statement above + current UTC date + previous-canary-hash.
This chaining means tampering with ANY past canary invalidates every subsequent one.

What "silence" means

A gag-order from RBI, CERT-In, or an equivalent authority can legally compel us to comply and forbid us from saying so. We cannot lie about the compulsion directly — but we can refuse to re-sign a statement that says "we have not been compelled", because doing so would make the lie itself illegal. So: if the monthly signing stops, the most truthful reading is that compulsion has occurred.

If you build on Zoza Auth for a high-risk integration (banking, gov, healthcare), we recommend scripting a monthly fetch of this page + signature verification. Integration example lives at /developers/auth.html#canary-script.

How to verify the signature

Manual verification (30 seconds):

# 1. Fetch the signed statement
curl https://zoza.world/about/auth-canary.txt     -o canary.txt

# 2. Fetch the public key
curl https://zoza.world/about/auth-canary-pubkey.hex     -o pubkey.hex

# 3. Fetch the detached signature
curl https://zoza.world/about/auth-canary.sig     -o canary.sig

# 4. Verify (requires ed25519 CLI)
ed25519-verify --pubkey pubkey.hex --msg canary.txt --sig canary.sig
# → "OK" if the canary is authentic

First publication of the signed files + public key: launch day. Until then this page is hand-published and the ed25519 signing key is being generated under offline ceremony.

Chained history

Each canary signature commits to the previous canary's hash — a silent-swap of an earlier statement breaks every later one. Once published, a canary cannot be quietly revised.