The popular email and activism tool site RiseUp.net, which also provides email service for some Wikileaks staff members, may now be compromised.
RiseUp serves many purposes in anarchist and activist communities, aiming to provide a more secure means of communication. It verifies that it is still safe to use by posting a quarterly “canary,” asserting that they have not been compromised or placed under a gag order.
That canary appears to have died, as the page has not been updated since August 16.
“A mechanism to test for unsafe conditions, originating from the use of canaries in coal mines to detect poisonous gases or cave-ins. If the canary died, it was time to get out of the mine,” a statement at the top of the website’s canary page reads. “More recently, the term has been used by some online service providers to refer to an affirmative statement, updated regularly, that the provider has not been subjected to certain legal processes. If the statement is not updated in a timely fashion, users may infer that the canary statement may no longer be true.”
“It is possible that they are just being lazy or that they simply haven’t updated it yet. None of that matters. The point of the Canary is that if it is not updated in a timely fashion you stop using the service. If they update the Canary later then you know you’re good to go,” journalist Tim Pool explained.
Perhaps even more troubling to many activists however, is the strange references that the website staff has been posting, as their songbird remains silent.
Just before the expiration of the August canary, the RiseUp Twitter account shared a portion of Leonard Cohen’s “Listen To The Hummingbird.”
— riseup.net (@riseupnet) November 11, 2016
While the tweet came just says after the death of Cohen and may have just been a tribute — given the situation and the content of the quote, many believe that they were trying to subtly suggest that their users go check the canary.
Other tweets also suggested that people should get offline and into the streets to revolt — but again, could have just been a general sentiment.
On Monday, the RiseUp account tweeted out “we have no plans on pulling the plug,” along with a screenshot of their Frequently Asked Questions page which asserts that they would rather shut down than comply with government orders. This, coupled with the previous tweet saying “don’t listen to me,” has left many on edge.
— riseup.net (@riseupnet) November 21, 2016
While RiseUp is the email server of choice for Wikileaks, and many other organizations, it isn’t time to panic. Wikileaks staff use PGP encryption for all of their communications — meaning that if the government managed to work their way in, all they would see is what appears to be gibberish.
The Electronic Frontier Foundation (EFF) has lots of helpful tools and information if you are interested in protecting your own online communications.
In the meantime, it may be time to exit the coal mine.