One issue that was identified a while ago when Canary postings were all the rage in other areas was the simple fact that the company could be ordered to maintain any and all Canary measures or government can maintain the Canary measures anyhow.
So many of the sites doing the Canary told everyone that the idea while sounding great has a fatal flaw and in fact it was worse to keep up the Canary measures as it gives an extremely dangerous false sense of security.
This was a big thing many a long year ago and given up.
One of our biggest defenses is the diversity of developers and forum members. In the current world environment it would be nigh on impossible to silence everyone and not have some spread the news via other forums.
NSL only applies to US based companies. It’s why ProtonMail is located in Switzerland, after the previous secure email company was shut down by the owner rather than comply with an NSL.
ProtonMail also maintains a Warrant Canary that updates when new Warrants are received. AFAIK Swiss law does not prohibit and more importantly cannot prevent this. @neo may be referring to Australia where new Australian surveillance laws killed all their canaries in 2015 among some other pretty authoritarian moves down under before and since then. I guess a lack of a constitution in Australia actually has some drawbacks… don’t go and host anything in those sort of places I guess.
EFF has a decent rundown on the positive and negatives, depending on the jurisdiction they can be very effective when done correctly. So yes they can still be very useful and do make things more difficult to subvert your core infrastructure. There is even a machine readable standard coming out now so organisations like the EFF can monitor them at scale, increasing their effectiveness.
“The S&P DJI-branded products will use data from New York-based virtual currency company Lukka on more than 550 of the top traded coins, the companies said.”
And a guy who claims he was scammed out of $1m on that exchange has a Twitter profile that says:
“Always DYOR. Don’t trust. Verify.” Shouldn’t laugh, but…
These are not DeFi products. Everything that has an admin key with which to change the smart contract cannot be and is not a DeFi. UniSwap is DeFi without admin keys. Hex is DeFi without admin keys. Most other things are CeFi - Centralized Finance.
Apparently they’ve cut and run, disappearing without trace and deleting everything, including their website, as they go. I can’t find any news on this that isn’t cut and paste, but how can you know if an exchange is genuine DeFi or not? Apparently this one had been audited. Also, who would put $1m in a random exchange that’s only been running for a month? Fools and their money…
Happy Birthday Javascript
