pull down to refresh
I still think about your comment in the discussion about OpenSats letting their canary expire last December (#1334028) -- probably more often than I should.
For a canary to be useful, it seems that we must treat it with deadly seriousness. If we treat it that way, it must be used perfectly or not at all.
Still feeling weird about Open Sats.
If we treat it that way, it must be used perfectly or not at all.
Still feeling weird about Open Sats.
Right! So let's believe them at face value and they just forgot to renew it. They suffered reputation loss for letting the canary expire (at least they did with me and sounds like they did with you too) which is exactly why they shouldn't have had the canary in the first place. Because without it, there wouldn't have been a problem.
I understand that it is totally relevant to people that had to doxx themselves for receiving some sats. But... it doesn't help. They have your data. A subpoena won't be prevented by it. Them cooperating won't be prevented either, nor will them getting hacked. You lost all your financial privacy the moment you sent them that W9; not when you read that the canary didn't refresh.
I'd recommend against canaries. Better to spend energy on figuring out ways to not doxx your trading partners.
You're not wrong about that. The timestamp now requires less trust than the rest of the canary. Lowest common denominator is still the trust on the author and the key.
In practice we anyway often see canaries expire through human error (and then technically we should burn that relation, but we rarely do) so generally a canary offers no protection at all. You're too late by the time you figure out something is up through the canary anyway.
That's why running a canary isn't really useful. I certainly don't consume them because the only way to deal with the type of nasty situations that a canary alludes to is prevention: if I don't provide any sensitive information to you, it doesn't matter if you are compromised.