Which spez responds to and says: "I've been advised not to say anything". Only explanation I can see is NSL.

Which leaves open the possibility of the nefarious catch-22 of the pre-emptive NSL: the NSL that threatens you to take down the canary before they have to issue you a substantive NSL!

This is not how an NSL works.

But if you knew how an NSL worked, how could you say?

People see NSA everywhere they want to. Yet, domesric authority here is FBI which compels SIGINT-enabling for NSA per leaks. Court order, NSL, or backdoor are all FBI if coerced.

So, one disadvantage of these loophole canaries is that they only work once. What happens when another NSL is issued at a later date?

Moreover. The state, as an actor, should simply generate constant stream of NSL requests to trip as many canaries as possible. They have the time and resources. This would basically nullify the effectiveness of canaries as a concept.

"Hey George, did you hear Reddit has a canary now too. Ok, add it to the list. Pick a user there and issue an NSL. And don't forget about Google and FB this month as well, they are about to reset theirs".

Putting oneself in the shoes of such an actor this is a rational approach to take.

In theory, a NSL still requires a good faith belief by the issuing agency that the recipient possesses information relevant to a national security matter. That's not to say agencies couldn't use them maliciously, but it would require implying deliberate malice or deception on the part of the human agent who decided to issue the fraudulent NSL. Then again, any organization over a certain size is likely to have some conversation in their records that could be deemed nominally relevant.

> would require implying deliberate malice or deception on the part of the human agent who decided to issue the fraudulent NSL

Can be done by re-interpreting what is happening -- "we are not issuing bogus NSLs to troll them, we are fighting terrorism and these sites deliberately shelter and protect terrorists and other criminals. We want to periodically issue NSLs to establish protocols and methods so we can more effectively protect our country and do our work".

So it has to be story which will look good on paper and workers will tell themselves without feeling like they are doing something illegal.

Another way is to do it as a side-effect of something else -- say "we decided to double our efforts to track down drug dealers on these sites, therefore we'll put 2x more people on it and they will conduct research and open new cases and so on". So simply by allocating more resources to the "problem" they'll ensure any of these large sites will simply get a constant stream of NSLs without explictly writing that down as "we are busting the canaries" as a goal anywhere.

Either way even better, don't have to pick a particular one.

It doesn't matter.

Once is all it takes, from that point forward you can't fully trust anything they say about their privacy / security.

The only real questions are: is this an april fools? And does it matter?

I suspect you were being tongue in cheek about it, but I don't think this would be an April Fools' matter for Reddit.

They could bring it back but with a catch: "between 1 April 2016 and (today) we have not received any NSLs, etc." But if you're gonna do that, you could do: "Yesterday, (date), we did not revive any NSLs, etc."

THAT would definitely draw the ire of the law. They're even limited in how many regular orders they received to ranges of 500.

But as has been said before, it's undecided if warrent canaries are even legal. So until we get a ruling on wether they are legal or not, we really have no way of knowing what we can and can't do.