But could the FISA court order the datacenter operator to loop the feed? We'd never know. And that's scary.

You could trivially detect a loop by examining noise.

You could trivially defeat that by injecting noise.

You could less trivially defeat that by looking for "random" behavior in the datacenter, such as people walking by, vibrations caused by folks moving about, blinking patterns of the ubiquitous network activity LEDs in your rack and other racks, etc.

I think a loop is trivial to detect.

Have your own server's LEDs blink in pseudo-random sequence; have a script monitor the video feed, alerting if the sequence of LEDs doesn't match what is expected

This is the culmination of a very nice subthread. While there is certainly a huge need for a systemic fix, the subthread shows how technology can help us fight the problem on a temporary case-by-case basis. Brilliant!

Also, our names are on lists now.

[I despise the fact that I am making a joke like this, and that it's probably true. I'm writing my folks in congress again.]

Meh. Pay an intern to drop a copy of today's newspaper in front of the camera every morning.

Mount a watch/calendar on the wall.

Not if there was a clock in the frame with accurate date and time.

And then the day the webcam broke, customers fled in droves.

Or, the government simply says, "You have to say that the new server is a web server".

This is why I'm always skeptical of things like "warrant canaries" and the like. If the government can require you lie to your customers about whether they're being monitored, surely they can control the terms of disclosure about what's going on?

I wonder if something like making a donation to the EFF for every week that a warrant has not been served would work. Could they compel you to keep donating?

Maybe, or donate on your behalf, but they could compel you to say you're still donating, and the EFF says that they don't disclose donor info except as compelled by law - so I assume they could be compelled to keep reporting so.

But honestly, this is getting so ridiculous. How would people know that you'd stopped donating? If you had a webpage that said, "We donated this week", the government could just require you keep putting it up. You could give the EFF the ability to disclose your donation - but what, your customers are going to call the EFF every week? The EFF is going to set up a webpage that your customers are going to go to, in order to verify that your donation was received?

Then, let's say you have 500k customers. You get a FISA request or whatever for 1 of them. You stop donations, some webpage somewhere gets updated, and....what happens, exactly?

First off, the customer would have to want to check however mechanism is available, since you certainly can't notify them. So once they check, what do they know, other than someone on the service has received a government request.

Then, now that they know this, what do they do about it? Migrate off? To whom? If all it takes is one request for customer data to trigger the warrant canary, shit, all the government has to do is make one request for every company with a warrant canary. Now there are no available services.

At which point what do your users do? Do you go with an un-canaried provider? Hope that you're not the target of the warrant?

Then, look at it this way, someone, perhaps a less scrupulous provider, will simply lie about not having received a warrant, in order to get the business.

While it's a fun thought exercise, there's absolutely no practical way to do what people are suggesting without using a system that would be so vulnerable to manipulation as to be useless.