Still Under DDOS, but here is a status update anyway. The Tor network is breaking.
/d/Dread icon

/d/Dread

238,199 subscribers

The official community for Dread announcements, discussion, and feedback. Come post any bugs!

Only posts relating to this site in this subdread allowed! Posts here are manually reviewed before public posting!

The Dread Canary

by /u/newbieforever2018 ☆Cares About Noobs☆ · 3 votes · 2 months ago

Okay so me and another member are going back and forth on this and we both believe that we are correct so please help us resolve the issue.

My problem was that I did not realize that the canary history is not available, only the current valid one expiring Monday and the previous one that expired.

My understanding is that either admin can update the canary depending upon which one notices its expiration pending first and that settles it.

My friend insists that both Paris and HB each have to update it, thinking that they each have their own canary and both must have unexpired updates of the canary simultaneously.

For example my friend thinks that Paris's canary is expired and does not think that HB's current unexpired canary suffices.

Sorry for the novel but who is right?

1. As long as one admin updates the canary all is well

or

2. Both Paris and HB need to update the canary and each have his own unexpired update at all times for everything to be solid.

Comments (47)
/u/Shakybeats M · 1 votes · 2 months ago (Pinned post) · Link

Man the amount of messages we have been getting about the canary lately. I'll do my best to try and answer as much as I can,

Lets start with the basics. The canary is not a full proof method to prove anything. If Paris or Hugbunter gave their pgp keys to LE they could sign a message. This means don't just blindly trust the canary! Don't post sensitive things on Dread and you will be fine even if LE had our servers.

Paris and Hugbunter are both real people. Or maybe they are the same. Or maybe I'm both Paris and Hug. You'll never know! The point is, they have real lives. They go do real things and are not sitting on Dread all day every day. With all the shit we take care of behind the scenes and all the recent ddos attacks. The canary is one of the last things on the list. Again you shouldn't be blindly trusting it.

Whenever either admin is going to be gone for a prolonged period of time staff members are informed so we don't have to worry, or block their access. Same for mods. If I were to go missing without anyone knowing my account is locked. If anyone is wondering. Yes if hug or paris goes missing for too long without letting someone know we will move servers, and block their access. It has been done before, and probably will again in the future. We have a lot of systems in our back end to make sure each of us is safe.

Now for the main details both canaries you see are signed by the admins individual keys. They do not share a key. Hug signs one message. Paris signs one.

/u/Hugbunter was the only one that used to be in charge of the canary. He was against even having on Dread. But he added it to make some people happy. Hug also has a lot of shit come up in his real life that can take him away from Dread. He is also working very hard on new exciting things that will be coming out soon....The point is, hug almost always forgets his canary so much so that it became a joke on Dread how expired will hugs canary be?

Now for /u/Paris he added a signed message because we kept getting messages all the time that hug didn't update the canary. We were getting a few of them a day. So to cut down on those message he added his signature, and I usually kept up on reminding him to update it. Like Hug, Paris also has a life and is working on a lot of new projects. The canary is not something he always gets to.

I can't stress this enough. Don't blindly accept the canary. Don't post sensitive things on Dread, and use PGP.

/u/HugBunter A · 1 votes · 2 months ago · Link

Of all the times this subject has come up so severely, my canary was actually up to date, who'd have thought it?

Updating now on time too!

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

Definitely right on time!

/u/Shakybeats M · 1 votes · 2 months ago · Link

Oh shit sound the alarms. Hugs canary was updated on time, AND not expired. /u/Paris /u/solar something is very wrong.

/u/HugBunter A · 1 votes · 2 months ago · Link

Don't worry, I'll balance it out and leave it to expire for 4 months now

/u/Paris A · 1 votes · 2 months ago · Link

Been so busy the canary just got put on the back of my mind. Got it updated!

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

Thank you. So much of my time was spent discussing the canary this week, time in my life that I will never get back.

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

Thanks for the detailed response. Now I am beginning to fear for the life of coal miners. What if they use a particularly robust canary and he doesn't die when he was supposed to? This could mean lives lost. Perhaps there should be a backup parrot?

/u/oliver_closov · 1 votes · 2 months ago · Link

I've also been curious about this. From what I've gathered from my (albeit very limited) time here, 1 seems to be correct, at least in practice, more often than not.

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

Thank you

/u/SpiderCrawl · 1 votes · 2 months ago · Link

As far as I know, one canary's update is sufficient as long as attached to Dread's public PGP key.

/u/Expectant · 1 votes · 2 months ago · Link

Except there is no standardized Dread PGP. :']

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

Exactly and there is no member canary.

/u/Expectant · 1 votes · 2 months ago · Link

I'd say that's something to speculate on. Whilst there is no member canary explicitly, there's a Dread canary, which may or may not be used in-directly as member canary, as in it's signed with member's personal key. 🤷

It's still a bit crazy, how one simple thing can get so complicated. :D Seems like most people have no idea either. A crack in the system.

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

There is no crack. Neither admin will update the canary if LE seizes dread so it will work as it was intended to. It is not complicated.

My hope is that when the current one expires on Monday that /u/paris updates it because then you will see that HB will not update it in that case which would prove my point or you will change your story to then state HB's canary expired.

/u/Expectant · 1 votes · 2 months ago · Link

Even if LE seizes Dread, the canary may kept getting updated for a few reasons. Seizure is vague term. And perhaps one of the Admins may forfeit their keys even, maybe on an accident, who knows. Maybe Dread has got some safety precaution for this matter.

The future will tell, also yes -> Hug's canary will expire tomorrow.

I would even classify the Dread's canary as expired now, because I would consider the Dread's canary to be valid when 2 members signed it as it should be, but you think that one member is enough, that's a subjective preference and you also think they also take turns each, that I disagree with.

I don't think it matters who signed the canary last. Paris and Hug signs it independently of each other, but that to them to answer.

Again, this is a scenario how I think it should be in perfect world, just because they are always late doesn't matter. :D

/u/Paris

/u/HugBunter

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

This was the reason that I mentioned that you can't scroll back in the canary history beyond the current two. If you could then you would see that there never was a time when the canary was updated by both admins for a given time period. Regardless, watch what happens. Only one dread admin will update it when it expires. If your theory were true they both would.

We disagree about everything!!!

The canary would not be updated by anyone if LE seized dread. If things such as that occurred that would make a canary a stool pigeon, totally different breed.

/u/Expectant · 1 votes · 2 months ago · Link

But how can you know they were never updated by both admins for given time period? You remember it never happened? Maybe you are right, but I don't think it's for the reason because one dread admin updated it an therefore the other doesn't need to, one simply forgot about it.

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

No. I rarely even check the canary. I meant that if we had the canary history to check it would prove my case but because there are only two entries that is why you believe that Paris's canary is expired when in fact it was simply a case of HB most recently updating it.

/u/Expectant · 1 votes · 2 months ago · Link

We'll either need the canary history or Dread Admins to resolve this for us)).

/u/HugBunter A · 1 votes · 2 months ago · Link

It would take us both being busted for anything to go un-noticed, canary being updated but we're not actively responding? It's time for the kill switch. Can't authenticate with each other, kill switch. There's a lot more in place than just having the community alert each other based on a signed message.

/u/Shakybeats M · 2 votes · 2 months ago · Link

Shaky doesn't get a response to the countless notes/messages he leaves. Killswitch.

/u/Kel · 1 votes · 2 months ago · Link

/u/solar you still here ?

/u/Solar M · 1 votes · 2 months ago · Link

24/7/365

/u/SpiderCrawl · 1 votes · 2 months ago · Link

interesting enough...

I wonder why not publishing a Dread public PGP key for further authentication, just like any service does nowadays.

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

Because unlike on markets where you could be phished and deposit money into a scammers wallet there is no dread wallet so if you are on a fake dread you could read and comment as normal. In fact it would be great to have a fake dread so that when the real one was down due to ddos we would still have the fake dread.

/u/SpiderCrawl · 1 votes · 2 months ago · Link

Using a fake dread account could lead to serious side-phishing attacks knowing majority of users are using the same credentials everywhere.

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

I do so hope this is not true. No one should have credentials here that match their credentials anywhere else. Dread and each market account should have unique user names and passwords for every member here.

/u/HugBunter A · 1 votes · 2 months ago · Link

/u/newbieforever2018 funny you should mention this, I decided we'd do this as we need a standardized PGP key for automated signatures for the XMR addresses etc in the future too. We'll have a shared key both me and /u/Paris have access to in the next week.

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

Wow. That is amazing. I totally did not think that would happen. Thanks for the info!

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

The admin who updates it does so with his personal signed pgp message, not dreads pgp.

/u/SpiderCrawl · 1 votes · 2 months ago · Link

Then it's a faulty practice I guess.

Service's canary should ALWAYS be signed with the service's public PGP key, not a personal key.

Has it always been the case on Dread ? Or only occurred recently ?

/u/Expectant · 1 votes · 2 months ago · Link

There is no service key and never was. It was first signed by the admin HugBunter and then later on with Admin Paris. They both are operating the Dread infrastructure and they both verify they still have the ability to do so at the Dread's canary. If suddenly Paris won't update his canary and only HB will, does that mean Paris lost his access or what? I don't know, I would presume so and it would worry me a little.

However /u/newbieforever2018 seems to disagree with it. He thinks that one Admin at a time is enough to make Dread canary valid, that's probably subjective. But what he also says, the Admins are taking turns, and that I disagree with it. Because if they would take turns, it would look like that:

This Monday - Paris

Next Monday - Hug

Next Monday - Paris

Next Monday - Hug

But I think it's not happening like that. I think they simply update it whenever they have time. I believe it doesn't matter who updated it the last time.

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

No. I did not take say that they take turns. Read the topic again>>

"My understanding is that either admin can update the canary depending upon which one notices its expiration pending first and that settles it."

Furthermore. I also said that I hope that Paris updates it this time because you currently claim that Paris's canary expired. If Paris updates it then by your theory you would say that HB's canary is expired based upon them having personal, rather than a dread canary.

/u/Expectant · 1 votes · 2 months ago · Link

OK, sorry. My bad.

But I still think it does not matter who notices it first. I think they should both update it if 'their canary' (yes their) expires.

So if Paris sees Hug's canary is still valid. (Yes I refer to it as Hug's canary) at the Dread's Canary page, and Paris canary is now invalid/expired. He should still update his canary, so two of the canaries are valid at the same time.

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

It is perfectly fine for you to believe, in your opinion, that both admins should update the canary every time but that is based upon the assumption that one admin might update the canary even though dread was seized.

TBH if dread was seized I doubt that either admin would have access to it nor could we.

Examples: https://www.smokeyschemsite.com/

https://www.therealrc.com/

/u/Expectant · 1 votes · 2 months ago · Link

There were cases like this, servers seized but relocated and operation was running as a honeypot by the police. Paris or Hug would probably not give up their keys, but you may never know for sure.

and yes, I believe that both admins should update the canary every time theirs expires. So both should be valid at the same time, not just one.

yes, it usually does not happen for both to be valid, because they are both are usually late. You on the other hand seem to think it happens because there is no need for both Admins to update the canary, so long one of them keeps it updated.

also yes, whether or not the dread's canary is valid, we should still treat the same the same way. Means, we still should (not) trust it.

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

" You on the other hand seem to think it happens because there is no need for both Admins to update the canary, so long one of them keeps it updated. "

That is exactly my position and my reasoning being that if LE seized Dread both admins would know about it and neither would update the canary. So if we should still not trust it then it should not matter to you whether one or both admins update it.

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

The canary is meant to show that LE has not seized Dread. If one admin lost access to dread and the other admin repeatedly updated the canary it would still serve its purpose.

/u/Expectant · 1 votes · 2 months ago · Link

That is true, albeit I also think the Canary is meant to represent that each admin has got access to Dread infrastructure and is alive and well. Not just one.

Unless he prior to disappearing signs a message of resigning.

/u/SpiderCrawl · 1 votes · 2 months ago · Link

Security and OPSEC shall never be subjective but considered as a priority.

For a service like Dread, which has been running for almost a decade storing and hosting sensitive content and data, the minimum required would be for their admin to come up with a strict security system .

I've answered another post in this topic where I'm stating a securely-hosted public key, whose access could be shared between HB and Paris ( just the access to the key, not the key itself )

Now ,if you really want to enforce a Canary system with 2 admin's personal key, I suggest such pattern:

1 - HB and Paris agree on a range of 5 days. They then publish the figures while announcing publicly through a Dread's sticky.

For our example, we will set these days to the 26,27,28,29,30.

We Dread users now expect to see the updated canary signed with BOTH admin's key on one of these days.

( this step just aims at adding a bit more entropy to the signing-system )

2 - Every month, prior to the 5 chosen days, HB and Paris will have to securely communicate and pick up a fixed day within the chosen range.

For our example: we set that day to the 28.

3 - On the 28th, both admins have to sign the updated canary with their private key.

If one fails to do so on the chosen fixed day: Dread should immediately go offline as preventive security measures ( until they are able to complete the process and inform the public )

4 - If the canary has failed to been updated between the chosen range of days publicly announced: Dread should go offline and users shall never try to log-back in.

/u/Expectant · 1 votes · 2 months ago · Link

Maybe you are right and maybe what I'm going to say is going to come out as reckless behavior, but isn't that a bit of an over-kill?

I'm sure you have it's reasons, but as much as I wish for the canary to be updated, it should not be relied upon anyway. This is just a messaging forum. People give up information they decide to give up, and it should be assumed that LEA will one day read them all, if not already. It shouldn't matter whether a canary is signed or not. That's why we have encryption for sensitive information.

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

Wow, this has evolved into quite the topic. What is the difference between a dread admin updating with his personal pgp key rather than there being a shared public key?

I will answer my own question. If one dread admin took over dread due to a disagreement with the other one then having the public key would allow him to sign the message as either HB or Paris.

/u/SpiderCrawl · 1 votes · 2 months ago · Link

....while on the other hand cops could easily pretend to be HG or Paris using their private / personal key in case of a major Ops,

That would not happen if the use of a public shared key was a consensus, supposing the key is hosted on a secure / off-the-network server ( not stored on a local machine ).

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

I sincerely doubt that LE is going to bother, even if possible, confiscating the private key of a dread admin to update the canary. There are higher priorities than controlling dread. Imho it will be an all or nothing. Either LE will seize and shutdown dread or if one of the admins realized that LE had found a backdoor into dread that they would pull the plug on it.

No transactions take place here so Dread is as useful alive and well to LE as it is to members here as a source of information.

/u/CinCan · 1 votes · 2 months ago · Link

Hmm, historically speaking there have been times where one of the canaries was expired for a longer period of time. And I think there has been one time where both were expired for maybe a day? But I might stand corrected.

My understanding is that they cannot update each others canary.

Considering they are dealing with the DDOS I would cut them a lot of slack.

/u/newbieforever2018 ☆Cares About Noobs☆ OP · 1 votes · 2 months ago · Link

I believe that there have been times that it expired and this was more about differing opinions about the canary itself that I had with another member. My thinking being that either admin updating it is sufficient and his being that both should update it each time. This is not Earth shaking debate I realize.