BitVPS
راه‌اندازی سرور

Warrant Canary

یک بیانیه هفتگی امضاشده با PGP که تأیید می‌کند چه کاری را انجام نداده‌ایم. هر دوشنبه به‌صورت خودکار با کلید منتشرشده دوباره امضا می‌شود. اگر بدون گزارش پس از حادثه‌ای کهنه شود، فرض کنید چیز مهمی تغییر کرده است.

Canary تازه است. امضا 2 روزs پیش · امضای بعدی در 2d روز2s · آستانه کهنگی در sd روز.
امضاشده 2026-05-25 هفته W22-2026 کلید 0xA62AEDAF647EE3E6
BitVPS warrant canary seal

فعلی بیانیه امضاشده

عیناً، امضای واضح PGP با کلید BitVPS منتشرشده. امضا بر روی بایت‌های دقیقی که در زیر می‌بینید محاسبه می‌شود — خودتان کپی کنید و gpg --verify کنید.

امضاشده 2026-05-25 · هفته W22-2026 · کلید 0xA62AEDAF647EE3E6
دانلود .asc کلید عمومی 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

BitVPS Ltd — Warrant Canary
Week  : W22-2026
Signed: 2026-05-25 (Monday)
Period: 2026-05-18 through 2026-05-24 inclusive (UTC)

STATEMENTS

1. BitVPS Ltd has NOT received, as of the date of this signing:
   - any National Security Letter from any jurisdiction;
   - any gag order or prior-restraint order from any jurisdiction;
   - any bulk-metadata retention or bulk-surveillance order from any jurisdiction;
   - any order requiring BGP route injection, DNS hijack, or active tampering with
     customer traffic;
   - any request to install surveillance equipment or to provide a backdoor into
     our hypervisor, control panel, billing, or support systems.

2. BitVPS Ltd has NOT been compelled to transfer ownership or operational
   control of any Infrastructure to any third party.

3. BitVPS Ltd's signing key (the key whose fingerprint appears on the
   published signature below) remains in the sole custody of the original two
   founding engineers, unmodified, and has NOT been replaced, compromised or
   surrendered since its publication on 2026-04-22.

AGGREGATE REPORTING (period 2026-05-18 to 2026-05-24 UTC)

- - DMCA-style take-down notices received .............. 139
- - DMCA-style take-down notices actioned ..............   0    (see /dmca)
- - Court orders received (Saint Kitts and Nevis) ......   0
- - Court orders received (Iceland) ....................   0
- - Court orders received (Netherlands) ................   0
- - Court orders received (Romania) ....................   0
- - Court orders received (Switzerland) ................   0
- - Court orders complied with .........................   0    (narrow scope)
- - Abuse reports received (all categories) ............ 360
- - Abuse reports actioned .............................  3    (see /abuse)

NOTE ON ABUSE ACTIONING

Abuse reports were actioned solely where the underlying content was
child sexual abuse material (CSAM). No other category — copyright /
DMCA take-downs, defamation claims, terms-of-service complaints, nor
jurisdiction-specific content requests — triggered any removal,
suspension, or upstream disclosure during this reporting period.

NEXT SIGNING

This canary is renewed every Monday. The next signing is scheduled for
2026-06-01. If no successor signature has appeared by 2026-06-08 (14 days after
this one) and no publicly-announced infrastructure incident explains the delay,
assume something material has changed and act accordingly.

The current public key is fingerprint:
  4DCF 5D6D 10AF F2AA 47E2  070E A62A EDAF 647E E3E6

Archived signed statements are available under /canary/archive/.

- -- BitVPS Ltd
   
   Charlestown, Saint Kitts and Nevis
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQRNz11tEK/yqkfiBw6mKu2vZH7j5gUCahb2zgAKCRCmKu2vZH7j
5rcsAQCEC1dNEARN18pIyIDlvDNeExVbCiHeMbU1dgU3gymAMwD/Zs16g0S0DwjP
lperZpaMKpvJIzZl3XHK0ELB2CuLlgc=
=UGZD
-----END PGP SIGNATURE-----

چگونه تأیید کنید

به GnuPG نصب‌شده نیاز دارید. کل فرآیند حدود ده ثانیه طول می‌کشد.

1

کلید عمومی ما را وارد کنید

bitvps-pubkey.asc را دانلود کنید و gpg --import bitvps-pubkey.asc را اجرا کنید

2

اثر انگشت را تأیید کنید

اثر انگشت کلید باید 4DCF 5D6D 10AF F2AA 47E2 070E A62A EDAF 647E E3E6 باشد. از طریق _openpgpkey.bitvps.io DNS و keys.openpgp.org متقابل بررسی کنید.

3

canary را دانلود کنید

بلوک امضاشده را ذخیره کنید: curl -o canary.asc https://bitvps.io/canary/current.asc

4

امضا را تأیید کنید

gpg --verify canary.asc را اجرا کنید. خروجی باید شامل “Good signature” و اثر انگشت از مرحله ۲ باشد. در غیر این صورت — متوقف شوید و canary را به‌عنوان به خطر افتاده تلقی کنید.

قبلی امضاها

هر canary گذشته قابل دانلود است. هفته فعلی در بالا قرار دارد؛ هفته‌های قدیمی‌تر با پیشرفت تقویم پر می‌شوند.

امضاشده هفته دوره تحت پوشش DMCA دریافت‌شده سفارش‌های دریافت‌شده دستورات سکوت بایگانی
فعلی 2026-05-25 W22-2026 2026-05-18 / 2026-05-24 139 0 0 .asc
2026-05-18 W21-2026 2026-05-11 / 2026-05-17 167 1 0 هنوز نه
2026-05-11 W20-2026 2026-05-04 / 2026-05-10 141 0 0 .asc
2026-05-04 W19-2026 2026-04-27 / 2026-05-03 187 0 0 .asc
2026-04-27 W18-2026 2026-04-20 / 2026-04-26 158 0 0 .asc
2026-04-20 W17-2026 2026-04-13 / 2026-04-19 121 0 0 .asc
2026-04-13 W16-2026 2026-04-06 / 2026-04-12 182 0 0 هنوز نه
2026-04-06 W15-2026 2026-03-30 / 2026-04-05 114 1 0 هنوز نه
2026-03-30 W14-2026 2026-03-23 / 2026-03-29 153 0 0 هنوز نه
2026-03-23 W13-2026 2026-03-16 / 2026-03-22 124 1 0 هنوز نه
2026-03-16 W12-2026 2026-03-09 / 2026-03-15 136 1 0 هنوز نه
2026-03-09 W11-2026 2026-03-02 / 2026-03-08 140 0 0 هنوز نه

ردیف‌های علامت‌گذاری‌شده با “هنوز نه” هفته‌های آینده یا محقق‌نشده هستند — هر کدام در اولین بارگذاری صفحه پس از آن دوشنبه به یک .asc قابل دانلود تبدیل می‌شوند.

چرا این را منتشر می‌کنیم

A warrant canary is not a cryptographic proof of anything positive — it is a ritual of negative disclosure. In jurisdictions where a legal order can compel a provider not to speak about the order itself, the order cannot compel the provider to continue to publish a signed statement that the order has not occurred. The absence of the expected signature therefore communicates information that the issuing authority cannot lawfully block.

Our canary is renewed every Monday. If the W22-2026 signing is not followed by a 2026-06-01 signing (or a same-week infrastructure-incident post-mortem on /status that explains the delay), the reasonable inference after 2026-06-08 is that BitVPS Ltd has received a category of order described above and has been compelled to remain silent about it. You should then migrate away, rotate credentials, and treat our infrastructure as hostile until the canary returns with a fresh post-mortem.

This document is governed by the Terms of Service and the operational policies at /privacy, /abuse, and /dmca. It is not legal advice; it is an operational signal.

Warrant canary سؤالات متداول

How the canary works, how to verify it, what a missing signature means and which jurisdictions it covers.

warrant canary چیست؟
A warrant canary is a routinely published statement asserting that the publisher has not received certain classes of secret legal process — typically a National Security Letter, a gag-bound subpoena, or a bulk-surveillance order. If the statement disappears or fails to renew, the inference is that such an order has been received and the publisher has been compelled to remain silent about it.
What does a missing canary mean?
If the canary is more than seven days late and there is no infrastructure post-mortem on /status explaining the delay, treat BitVPS as compromised: migrate workloads, rotate credentials and assume any data on our infrastructure is at risk. Latency alone is not proof of compulsion, but it is the only signal we are legally able to give.
How do I verify the PGP signature?
Fetch our master public key from /pgp/, import it with gpg --import, confirm the fingerprint matches the one published on this page, then run gpg --verify canary.asc against the clearsigned text above. The output must contain “Good signature” and the matching fingerprint — anything else means the canary is invalid.
Why weekly and not daily?
Weekly cadence balances signal freshness against operational risk: signing requires a human operator to physically reach an offline keystore. Daily signing increases the chance of a benign miss (travel, illness, hardware failure) being misread as compulsion. Seven days gives readers a clear staleness threshold while keeping the signing ritual sustainable.
Has the canary ever been late?
No. Every weekly signing since the canary was established has been published on schedule with a valid PGP signature. The full archive is available below — each entry is independently verifiable against the public key, and historical signings remain on the site permanently so the chain cannot be silently rewritten.
What jurisdictions does this canary cover?
The canary covers BitVPS Ltd. and its operating subsidiaries in every jurisdiction where we hold infrastructure: Iceland, the Netherlands, Romania and Switzerland. It explicitly disclaims receipt of any National Security Letter, gag order, bulk-surveillance order or equivalent compelled-silence instrument from any government in those jurisdictions or their mutual legal assistance partners.