I thought this would be interesting to share. I’m not aware of the legalities of this in countries other than the US and will need to confirm the same with my lawyer friends. Nevertheless, I found it to be very clever when I first encountered it.
So canaries are birds that coal mine workers used to carry with them to work. In coal mines, there’s always a danger of increased levels of hazardous gases. The canaries served as a warning system for the mine workers. When concentration of hazardous gases increased beyond what’s normal, the canary would die, warning the mine workers to leave before it gets dangerous for human beings (and hence the phrase canary in a coal mine).
A warranty canary serves a similar purpose for users of a website. In US (unsure about other nations), the governments and national security agencies can secretly order any organization to hand over user/customer data, and along with that order comes a gag prohibiting that company from discussing the order with anyone (its users, for example). Now internet companies needed a way to still circumvent this gag order (and maintain trust with their users, especially for companies like VPN and mail providers where trust is critical), and that’s where the canary comes into picture.
Warranty Canary
The ‘warranty canary’ is a line of text mentioned on the website stating something similar to this:
Until now we have not received any letters, gag orders or warrants from any government
That’s it. This line says that the organization has never received any of the said requests. Once they do get such a request, they have to adhere to it. When they do, they remove the canary, hinting to their customers/users that their systems have been compromised by some government body but not violating the gag order that might be associated with the request. Clever!
For examples, see NordVPN or Cloudflare. For a list of major companies with warranty canaries, see the Wikipedia page. It can be seen that Apple and Reddit removed their warranty canaries which may indicate that they had been contacted by intelligence agencies.
That’s it for this little ELI5. Thank you for reading.