Cryptographic Warrant Canary

Integrity and independence declaration of the ITYLOS infrastructure.

STATUS: VALID Last update: April 26, 2026 | Recommended expiration: May 26, 2026
Signature generated offline via PGP key stored on a secure hardware device.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ITYLOS WARRANT CANARY - --------------------- Date: 2026-04-26 Signature: Itylos CANARY (Automated via USB Protocol) Key Fingerprint: B0F9E2E0014FFCF931A792B10500711F096D70E8 STATEMENT: 1. We have NOT received any National Security Letter. 2. We have NOT been served with any secret court order. 3. We have NOT placed any backdoors in our hardware or software. 4. We have NOT received any gag order. If this file is not updated within 30 days, please assume the service is compromised or seized. Previous Block Hash (SHA-256): 04e0c44eac6268ed0898f89852cbed9afd3cf0461e5467e04376986fee473a2d -----BEGIN PGP SIGNATURE----- iQJiBAEBCABMFiEEsPni4AFP/Pkxp5KxBQBxHwltcOgFAmnt7a4bFIAAAAAABAAO bWFudTIsMi41KzEuMTEsMiwxEhxjYW5hcnlAaXR5bG9zLmNvbQAKCRAFAHEfCW1w 6PM1EACL0Cavw0zFbvV/i5k47dxgookHxKG45TtRluLcgElL5wEtd0pp/SJjzF8q /v4/WdLEnSzu8MQ8aVz/4xre2TfaHp0CVEjFTcdF3uyHsoCInyjsJ/1n3sr9xi4L r1ic2wGySmErZgLXiSeZ+z81UhyFaooNc3st26gvnf+51Nc59kSipqAGyIc5IeAA csR72cdknperTlGkKodxVwAsV9nMysvb43EuHaACvmMs274+iCJy8q4jVTkn4VwD LmZ1s0NISk0o5Pbl7IWt6dnpQLalFGzr/ZjBl+qAB9/D39gTamxhw9wMaI/TaQZ6 3JbjGyH18JgY8TznUDXDpODEVuBbnSC5zDM+2/jzeospBZuwM/l9aP1Eo1vz+huW UhK2pGHEJn31Eajwobbflspt2frfFUX+94/C3IfOaZ8+J1+Z1rRBqS4KBBeLHolw SO/2s348NirHt/voaLbOu1pG8zZs6HcaUtTAzUS9Yxb6x7tCE+Z9tgevGng77AQ6 6txytA+IXQMwx/tc1SVtFs45fJKssxmDILILaddZm5sBgUdHusUtDXyQ1FyeEmLF RYjDEESH306sha6MeVoZXj2+w/el3CnR9x2g6GH5bBe+nNOy3N/B6A+CZ5qS9Ef4 Q8sdGTSx1Aap7b/B2AY+Y8/xT3VjPxQeof/YNnfXPQ++hjAMZw== =6If2 -----END PGP SIGNATURE-----
Download Canary (.txt) Download PGP Key
SHA-256 document fingerprint
12d6e96cc9e24df54b41a832f51ceba3d523bfe78306b504b6136d69da266ad7
PGP key fingerprint
B0F9 E2E0 014F FC93 17A9 2B10 5007 11F0 96D7 0E08

Monitored threats

The Canary publicly signals the absence of:

  • Secret injunction (Gag order)
  • De National Security Letter
  • Confidential court order
  • Known compromise of hardware or software infrastructure

Verification with GPG (CLI)

To verify the cryptographic signature of the document from your terminal:

# 1. Import the ITYLOS public key gpg --import itylos-pubkey.asc # 2. Verify the document gpg --verify warrant_canary.txt

Canary Limitations

A Warrant Canary is a powerful transparency mechanism.

It does not guarantee the absolute absence of surveillance, but allows publicly signaling the integrity of the service at a given point in time. True security relies on our client-side encryption model.

Public Archival & History

Previous versions of the Warrant Canary can be publicly archived to allow historical verification of service integrity.

  • April 26, 2026 (Current)
  • April 1, 2026
  • March 1, 2026

Independence and sovereignty

ITYLOS adopts a strict approach to cryptographic sovereignty.

Data is encrypted locally and decryption keys never pass through our servers. The Canary complements this model by providing a continuous integrity declaration.

Cryptographic transparency

ITYLOS publishes a set of transparency mechanisms for independent audit:

  • Public cryptographic registry (Append-only)
  • Verifiable destruction proofs (Ed25519)
  • This signed Warrant Canary

Frequently Asked Questions

Understanding the security monitoring mechanism

What is a Warrant Canary?
A Warrant Canary is a public declaration confirming that no secret request for access to data or infrastructure has been received by our technical team.
How to verify this Canary?
The embedded PGP signature allows mathematically verifying that the document originates from the ITYLOS infrastructure and has not been altered in any way.
What happens if the Canary disappears?
The absence, removal, or failure to renew the Canary beyond the recommended expiration date may indicate that an external legal constraint (gag order) is preventing our team from publishing it. You should then consider the infrastructure as potentially compromised.
Why use PGP?
PGP (Pretty Good Privacy) is a robust cryptographic standard that allows publicly signing a document and verifying its authenticity offline, without ever relying on a third-party server or centralized certificate authority.