Warrant Canary Checker โ Is the Canary Still Alive?
Learn what warrant canaries are and check whether popular privacy services have maintained theirs. Understand the legal mechanics behind canary statements.
Warrant Canary Checker
Track the warrant canary status of popular privacy services and learn how canaries work.
What is a Warrant Canary?
Canary Alive
โWe have NOT received any secret government orders.โ
The service regularly publishes a signed statement confirming no warrants have been served.
Canary Removed / Expired
The statement has disappeared or stopped updating.
This is interpreted as a signal that a secret order may have been received, since gag orders forbid direct disclosure.
The term comes from canaries used in coal mines to detect toxic gases. The idea is that while a gag order can prevent a company from saying โwe received a warrant,โ it arguably cannot compel them to lieby continuing to publish a false statement. So the statement's disappearance speaks for itself.
How Warrant Canaries Work Legally
In the United States, National Security Letters (NSLs) and orders under the Foreign Intelligence Surveillance Act (FISA) often come with gag orders that prohibit the recipient from disclosing the order's existence. A warrant canary attempts to work around this:
- A company proactivelypublishes a statement: โWe have never received an NSL or FISA order.โ
- If they receive one, they simply stop publishing the statement (or let it expire).
- The legal theory is that a gag order can prevent speech but cannot compel false speech (i.e., force the company to keep publishing a statement they know is no longer true).
- This legal theory has not been tested in court, and the US government has neither endorsed nor explicitly challenged it.
How to Read & Verify a Canary Statement
- Check the date: A valid canary should have a recent date (updated at least quarterly). A stale date may indicate the canary has effectively expired.
- Verify the signature:Most canaries are PGP/GPG signed. Import the service's public key and verify the signature to ensure the statement hasn't been tampered with.
- Read the scope: Canaries vary in what they cover. Some only address NSLs, while others cover FISA orders, gag orders, and even broader government requests.
- Check for proof of freshness: Good canaries include a recent news headline or Bitcoin block hash to prove the statement was generated after a specific date.
- Compare with previous versions: Changes in wording (even subtle ones) can be significant. Archive previous versions for comparison.
Privacy Service Canary Directory
Mullvad VPN
VPNActivePublishes a no-logging policy and regular transparency reports. Passed a police raid in 2023 with no user data to hand over.
View canary / transparency reportProtonMail
EmailActivePublishes a transparency report. Has complied with Swiss court orders in the past, but maintains a warrant canary for gag orders.
View canary / transparency reportNordVPN
VPNActivePublishes a warrant canary page. Based in Panama. Has undergone independent no-logs audits.
View canary / transparency reportExpressVPN
VPNActiveBased in the British Virgin Islands. Publishes a canary statement and has undergone third-party audits.
View canary / transparency reportSignal
MessagingActivePublishes government requests it receives. Has demonstrated in court that it holds almost no user data (only account creation date and last connection date).
View canary / transparency reportTuta (formerly Tutanota)
EmailActiveGerman encrypted email provider. Publishes a transparency report. Has been compelled by German courts to implement monitoring in specific cases.
View canary / transparency reportReddit included a warrant canary in its 2014 transparency report. Its absence from the 2015 report (published March 2016) was widely noticed and interpreted as receipt of a national security order.
Canary removed โ no longer publishedRiseup
EmailActiveActivist email and VPN provider. In 2016, their canary was not updated for several months, causing concern. They later confirmed they had received two FBI warrants but were unable to disclose them at the time.
View canary / transparency reportSurfshark
VPNActiveBased in the Netherlands. Publishes a regularly updated warrant canary statement.
View canary / transparency reportPrivate Internet Access
VPNActiveHas proven its no-logs policy in court twice (2016, 2018) when subpoenaed by the FBI and was unable to provide any user data.
View canary / transparency reportNotable Canary Events
Apple included a warrant canary in its first transparency report, stating it had not received any Section 215 orders. This was quietly removed in a later report.
Reddit's warrant canary disappeared from its 2015 transparency report (published in March 2016). CEO Steve Huffman said he could neither confirm nor deny receiving a national security letter.
Riseup's canary went stale for months, alarming its activist user base. They later confirmed receiving two FBI warrants sealed with gag orders.
Canadian ISP TekSavvy updated its canary to indicate it had received law enforcement requests, one of the few ISPs to operate a canary at all.
For a broader directory of warrant canaries, visit canarywatch.org (maintained by the EFF). You can also check individual service transparency reports, which often contain more detailed information than a canary statement alone.