Skip to main content
Warrant canary

Statement format (sample before the first release).

This block will show the real signed statement after the first public release. The format and the logic are described below.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CHIMERA Warrant Canary — YYYY-MM-DD

As of this date:
  1. CHIMERA has NOT received National Security Letters, gag orders,
     or equivalent secret court orders.
  2. CHIMERA has NOT been compelled to modify the software, insert
     backdoors, or install wiretaps.
  3. CHIMERA has NOT been required to hand over cryptographic keys of
     users, nodes, or any infrastructure component.
  4. No state / LE / corporate actor has taken legal or extra-legal
     control over any part of CHIMERA.
  5. Release-signing key fingerprint — unchanged since the previous canary.

Next scheduled update: YYYY-MM-DD.

Headlines from YYYY-MM-DD (proof of freshness):
  * [headline #1]
  * [headline #2]
  * [headline #3]

-----BEGIN PGP SIGNATURE-----

[real GPG signature block here after first release]

-----END PGP SIGNATURE-----
How to verify the signature
# 1. Get the operator's PGP key (verify the fingerprint against the Tor mirror)
gpg --keyserver hkps://keys.openpgp.org --recv-keys 0xCHIMERA0001

# 2. Download the statement
curl -O https://chimera.tw/canary/latest.asc

# 3. Verify
gpg --verify latest.asc

If the signature is invalid or the key is wrong — either you are being MITM'd, or the canary is fabricated. Verify the fingerprint independently: through Tor, through an archive (archive.today), through a Signal contact.