firstlookmedia/autocanary firstlookmedia/autocanary

  • This repository has been archived on 01/Feb/2023
  • Stars
    star
    147
  • Rank 249,824 (Top 5 %)
  • Language
    Python
  • License
    Other
  • Created over 9 years ago
  • Updated over 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
firstlookmedia/autocanary
github

firstlookmedia

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Makes generating machine-readable, digitally signed warrant canary statements simpler

AutoCanary

AutoCanary is a simple, open source, desktop program for Windows, macOS, and Linux that makes the process of generating machine-readable, digitally signed warrant canary statements simpler.

A warrant canary is a published statement that a service provider has not received legal process that it is prohibited from disclosing to the public, such as a national security letter. Once a service provider receives a legal request that contains a gag order, the canary statement is removed. For more information, see EFF's Warrant Canary FAQ.

Download Windows and macOS X binaries from the Releases page. Linux users can build from source with these instructions.

How it works

AutoCanary

Before you begin:

  • Choose one person in your organization (probably your General Counsel) to be responsible for signing warrant canary statements. This person must have a PGP key.
  • Choose how often you wish to issue canary statements (available options include weekly, monthly, quarterly, and semi-annually).
  • Set a recurring event with a reminder in your calendar to sign your canary statement. This is important: failing to publish your canary statement on time could result in automated alarms ringing. If your canary stops tweeting, it may lead your users to believe you've received a gag order when you haven't.
  • Create a page on your website to publish your warrant canary message, something like this.

When you run AutoCanary for the first time, first choose how frequently you'd like to publish a warrant canary message. Then choose "All good" for status" -- the other available option, "It's complicated", is there if you need it and are legally allowed to use it. If you do receive a gag order, contact a lawyer to decide how to proceed. Then write your canary statement message. You should customize it to fit your organization, and end with the name of the person who will be signing. Finally, select the PGP key that you'll be using to sign your canary statement.

If you'd like, you can include recent news headlines with each of your canary statements by checking the "Add Recent News Headlines" checkbox. This will prove that the statement was written no earlier than the date you claim it was written.

When you click Save and Sign all of these settings will be saved, so the next time you run AutoCanary you won't have to change anything. If you'd wish to sign a warrant canary that's different just this one time and not save your changes, you can click One-Time Sign instead.

After clicking a sign button, you may be prompted to enter your PGP passphrase. You'll then see your final digitally-signed warrant canary message. If it looks good to you, post it to your website.

If the person who digitally signs the canary messages knows how to update the website themselves, they can click Copy to Clipboard, edit the warrant canary page, and paste it. Otherwise they can click Save to File, and then email that file to the person in charge of updating the warrant canary page on the website. Make sure they update it promptly to prevent the canary from expiring.

Every time your warrant canary calendar event notifies you, open AutoCanary, generate a new canary message, and update it on your website.

Installing

Windows or macOS

For Windows and macOS, download the latest release from the GitHub releases page.

Debian or Ubuntu

Make sure you have apt-transport-https installed, and add the FLM code repository key:

sudo apt update
sudo apt install -y curl gnupg apt-transport-https
curl -L https://packagecloud.io/firstlookmedia/code/gpgkey | sudo apt-key add -

Add the repository, depending on your operating system:

  • Ubuntu 18.04 (bionic) 
    echo "deb https://packagecloud.io/firstlookmedia/code/ubuntu/ bionic main" | sudo tee -a /etc/apt/sources.list.d/firstlookmedia_code.list
  • Ubuntu 19.04 (disco) 
    echo "deb https://packagecloud.io/firstlookmedia/code/ubuntu/ disco main" | sudo tee -a /etc/apt/sources.list.d/firstlookmedia_code.list
  • Ubuntu 19.10 (eoan) 
    echo "deb https://packagecloud.io/firstlookmedia/code/ubuntu/ eoan main" | sudo tee -a /etc/apt/sources.list.d/firstlookmedia_code.list
  • Debian 10 (buster) 
    echo "deb https://packagecloud.io/firstlookmedia/code/debian/ buster main" | sudo tee -a /etc/apt/sources.list.d/firstlookmedia_code.list
  • Debian 11 (bullseye) 
    echo "deb https://packagecloud.io/firstlookmedia/code/debian/ bullseye main" | sudo tee -a /etc/apt/sources.list.d/firstlookmedia_code.list

Install AutoCanary:

sudo apt update
sudo apt install -y autocanary

Fedora

We have repositories for Fedora 30 and 31. Add this repository following these instructions, or by running this script:

curl -s https://packagecloud.io/install/repositories/firstlookmedia/code/script.rpm.sh | sudo bash

Install AutoCanary:

sudo dnf install -y autocanary

More Repositories

1

pdf-redact-tools

a set of tools to help with securely redacting and stripping metadata from documents before publishing
Python
524
star
2

gpgsync

πŸ”’ GPG Sync is designed to let users always have up-to-date public keys for other members of their organization
Python
344
star
3

react-scripts

βš™ shared react app configs
JavaScript
220
star
4

dangerzone-converter

dangerzone has moved to https://github.com/freedomofpress/dangerzone
Python
39
star
5

aws-profile-gpg

πŸ” ☁️ Run aws-cli commands using IAM Access Keys stored in a GPG-encrypted credentials file
Python
37
star
6

flock-agent

πŸ¦‰ Agent for Flock, the privacy-preserving fleet management system
Python
32
star
7

flock-server

πŸ¦‰ Flock is a privacy-preserving fleet management system powered by osquery and the Elastic Stack
Python
19
star
8

keylist-rfc

πŸ” turning the system behind GPG Sync into an Internet standard
Makefile
16
star
9

gpgsync-firstlook-fingerprints

Signed list of OpenPGP fingerprints for First Look employees
15
star
10

firstlookmedia.github.io

11
star
11

deployables

πŸ—‘οΈ a basket of deploy scripts
Shell
10
star
12

homebrew-firstlookmedia

🍻 homebrew tap for first look media projects
Ruby
3
star
13

dangerzone.rocks

dangerzone has moved to https://github.com/freedomofpress/dangerzone
CSS
3
star
14

hagrid-verifier

Submit all the keys on a keylist to keys.openpgp.org, and request email verification for all UIDs
Python
3
star
15

whistleblower

Headless browser testing utils via Jest and Puppeteer
JavaScript
2
star
16

deployables2

Python
2
star
17

keylist

First Look Media's keylist
Python
2
star
18

listcrunch

A JS port of MuckRock's listcrunch python library
TypeScript
1
star
19

ecstatic

:squirrel: πŸ” automatically update ecs agents and report issues via webhook
Python
1
star
20

pst

Clojure library to parse PFF databases.
Clojure
1
star
21

docker-placeholder-app

HTTP app intended to be used as a placeholder when spinning up an ECS cluster
Shell
1
star
22

docker-https-redirect

↩️ redirect http to https
1
star