Warrant canary
Signed monthly statement. If this page stops updating or the signature stops verifying, assume we've been served with compelled legal process we can't disclose.
🐦 As of 2026-04-17, Zoza Verify has NOT received:
Statement date: 2026-04-17 · Next update: 2026-05-17
- Any National Security Letter (US) or equivalent foreign gag-order demand.
- Any FISA order or FISA directive under 50 U.S.C. §1801 et seq.
- Any Section 702 directive.
- Any demand to insert a rogue business in the public-key registry, or to sign messages on behalf of any registered business.
- Any demand to hand over a business's Ed25519 signing key, or to weaken the key-generation code path.
- Any India MeitY blocking order, TRAI direction, or decryption-assistance demand under IT Act §69.
- Any RBI / CERT-In demand for disclosure of signature-verification logs, business registration details beyond what is public, or the active registry's private master key.
- Any EU electronic-evidence preservation order under e-Evidence Regulation.
- Any demand to retroactively sign a message on behalf of a business without that business's live API key.
⚠ How to read this canary
If the date above is more than 35 days old, or if the signature below fails to verify, consider this canary dead. Canaries cannot legally mention what they've received — they can only stop. If a canary stops, switch to the assumption that a demand has arrived.
Signed statement
This canary is signed with the same Ed25519 root key that signs our public audit log. The fingerprint is pinned at the top of /about/verify-audit and in products/zoza-verify/OPS.md.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
As of 2026-04-17, Zoza Verify (zoza.world/about/verify) has not received
any national security letter, FISA order, gag order, backdoor demand,
key-escrow demand, rogue-business insertion demand, retroactive signing
demand, or decryption-assistance demand from any government, regulatory
body, or private party.
This statement is renewed on the 17th of each month.
Public key fingerprint (Ed25519, base64):
(will be populated on first signing)
Statement date: 2026-04-17
Next statement: 2026-05-17
Verification: paste this entire block into any PGP-compatible verifier
together with the signature below. The public key is fetched from
https://verify-api.zoza.world/v1/canary/pubkey.
-----BEGIN PGP SIGNATURE-----
(signature will be populated on first signing; until then, consider
this canary unsigned and the protection deferred. The canary page is
in place so the signing mechanism is reviewable publicly. Signing
begins when the first customer deploys.)
-----END PGP SIGNATURE-----
Why "no rogue business insertion" is the key clause
Verify's whole trust story rests on the public-key registry being the same one the businesses themselves registered. A government-mandated insertion of a fake "SBI Bank" with an attacker-controlled public key would let the attacker sign arbitrary SMS that verify as SBI — a targeted-phishing enablement tool.
A canary that only covers US NSLs would miss this. So this canary is explicit: we commit to never accepting a demand, from any jurisdiction, to insert a business, sign on behalf of a business we don't operate, or modify the registry retroactively. If we're served such a demand and comply under gag, this canary stops.
How the canary works
- Monthly update. On the 17th of each month, a Zoza maintainer signs a fresh statement with the canary's Ed25519 key and commits the update to this file.
- Verifiable in your browser. The signature and public key are both on this page. No network call required — copy the block, verify with any PGP / Ed25519 tool.
- The key is split. We're moving to a split-key Shamir setup where the canary signing requires cooperation from three separate key-holders. If one is coerced, they can't sign alone. Today the key is single-party; split planned by v0.2.
- Registry-snapshot cross-check. The daily registry Merkle-root in the audit log is a second-order canary: a silent insertion shows up as a snapshot delta, independent of the monthly signing ritual.
- The canary cannot self-extinguish under legal compulsion. US courts have consistently held that compelled speech (signing a new canary that lies) is distinct from compelled silence (not renewing). We'll never sign a canary we know to be false.
What this canary is not
A canary is a negative signal — it proves absence, not compliance. It does NOT mean:
- That Verify's signature scheme is bug-free. Responsible-disclosure scope + safe-harbor is published; paid bounty tier activates on first funded pilot.
- That Zoza has never been audited by a government. Regular audits happen; the canary is about compelled-secret process, not voluntary cooperation with published law.
- That Zoza will always operate. If Zoza ceases operating, the canary ceases too; absence of a new signed statement could mean shutdown as easily as a warrant.
- That a business can't be legitimately revoked. If a business is caught sending phishing-by-proxy (e.g. a marketing vendor uses a bank's key to drive loan-shark promos), we will revoke and it will be logged. That's normal operations, not a compromise event.
Archive
Each monthly statement is archived via git (this file's commit history) and on the Internet Archive's Wayback Machine (wayback captures). A researcher can reconstruct the full sequence of canaries independent of anything Zoza controls.
Last updated 2026-04-17. © 2026 Zoza. Source code copyright LD-16949/2026-CO.