Every month, a Zoza officer signs a statement confirming we have received no secret subpoenas, National Security Letters, or gag orders that prevent us from telling you. The statement below is signed by Zoza's Shield root key. If the canary stops being updated, or the signature stops verifying, stop trusting us and assume hostile legal pressure has been applied.
This is the standard warrant canary pattern used by Reddit (2014-2016), Apple (2013-2014), and Cloudflare (still running). It works because US law compels silence but does not compel speech. We can be forbidden from telling you a subpoena arrived, but we cannot be forbidden from stopping a routine monthly statement.
As of the date signed below, Zoza has:
— NOT received any National Security Letter.
— NOT received any gag order or non-disclosure order compelling silence.
— NOT received any secret subpoena or FISA court order targeting Shield or Messenger user data.
— NOT been compelled to insert any backdoor, disable any security feature, or hand over the Shield root signing key.
— NOT rotated the Shield root signing key except as recorded in the public audit log.
If this page is not updated within 35 days of the date signed below, OR the signature fails to verify, assume all of the above statements have become false.
This page fetches /.well-known/shield-canary.json and verifies it against the hardcoded
Shield root public key. No trust in us required. If verification fails, the banner above turns red.
Every past canary is archived. If any historical signature fails to verify, that month is marked stale.
In several jurisdictions (US NSLs, UK s.49 RIPA, India's IT Act), a company can be compelled to produce user data AND forbidden from telling users. A warrant canary side-steps the forced silence by having the company instead stop saying something they previously said. Speech cannot be compelled. The absence of expected speech is itself a signal.
Once a month, at most 30 days apart, a designated Zoza officer produces a timestamped statement. They
sign it using the Shield root Ed25519 key (via the same HSM + 2-of-3
multisig that signs the dApp registry). The signed JSON is published at
/.well-known/shield-canary.json. This page fetches, verifies, and displays it.
If 35 days pass with no new canary, or the signature does not verify against our published root key, this page will show red. Do not uninstall Shield on day 36 in a panic — start asking questions, check the audit log, and wait for an explanation. Legitimate reasons for a late canary are rare (key ceremony logistics, holidays) and should be announced in advance.
Warrant canaries are a signal, not proof. A sophisticated adversary could compel a signing officer privately while also barring them from stopping the canary. The legal consensus in the US is that compelled false speech is not permitted, but this has never been fully tested in court for canaries specifically. Treat the canary as one piece of evidence, not the only piece.