Warrant canary

Signed 2026-06-19 · next update on or before 2026-09-19

Verify the block below against our published key — fingerprint 4B01 B8B1 132F 33C5 DC06 7DC2 6893 22E3 4899 BB1B. An unsigned or non-verifying canary means nothing.

A warrant canary is a statement we can publish freely — but that the law, in most places, cannot compel us to keep publishing once it is false. If it stops being updated, or the signature stops verifying, that silence is itself the signal.

In plain words

The name comes from coal mines: miners carried a canary, and if the bird fell quiet, the air had turned poisonous — leave, now. The warning was the silence, not a shout.

This page works the same way. A government can force a service to hand over data and forbid it from saying so — a gag order. What the law generally cannot do is force us to lie. So instead of staying silent, we publish a signed “we have not been compelled” statement and re-sign it on a schedule. While it keeps appearing — fresh and signed — the air is clear. If it ever goes stale or quietly vanishes, that absence is the message — and we never had to break a gag order to send it.

Statement

As of 2026-06-19, YGOOW — the operators of ygoow.com and the YGOOW relay:

We would rather remove this page entirely than publish a statement we know to be false.

How to read it

Verify it yourself

You do not have to take our word that the signature is real — checking it takes about a minute with any OpenPGP tool (GnuPG is free: built into most Linux and macOS, and Gpg4win on Windows):

  1. Import our key. Download our public key, then run gpg --import ygoow.asc. Check the fingerprint reads 4B01 B8B1 132F 33C5 DC06 7DC2 6893 22E3 4899 BB1B.
  2. Save the block. Copy everything in the box below — from -----BEGIN to the final -----END — into a file called canary.asc.
  3. Check it. Run gpg --verify canary.asc. An untampered canary prints Good signature from "YGOOW <security@ygoow.com>".

No Good signature line, or a date that has gone stale? Then treat the canary as having done its job.

Signature

Published key: /static/pgp/ygoow.asc — fingerprint 4B01 B8B1 132F 33C5 DC06 7DC2 6893 22E3 4899 BB1B. The block below is the canonical signed statement; the prose above is for reading.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

YGOOW WARRANT CANARY

As of 2026-06-19, YGOOW — the operators of ygoow.com and the YGOOW relay:

  1. has NOT received any subpoena, warrant, court order, or national
     security letter compelling the disclosure of user data;
  2. has NOT received any request or order to add a backdoor, weaken
     cryptography, or hand over keys or signing material;
  3. has NOT received any gag order preventing us from updating this
     statement;
  4. has NOT been compelled to modify our systems, builds, or releases in
     any way that would undermine the protections described in our whitepaper
     (https://ygoow.com/whitepaper/);
  5. retains full, sole control of our infrastructure and signing keys.

We would rather remove this statement entirely than publish one we know to be
false. This canary is re-signed at least quarterly. If the date above is stale,
or this signature does not verify against our published key, treat the canary as
having done its job.

Verification key: https://ygoow.com/static/pgp/ygoow.asc
Next scheduled update: on or before 2026-09-19.

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRLAbixEy8zxdwGfcJokyLjSJm7GwUCajWW+AAKCRBokyLjSJm7
G+h+AP9CHqUTLb91e/RvimzcCVTNSHqsB/guG1z3qeXMp2lr4gD/XoI58FF/4vRW
3KaudhKYu9pbP1QLirNFNMaG+cL+EQU=
=XEIA
-----END PGP SIGNATURE-----