Warrant Canary

Existing and proposed laws, especially as those related to the US Patriot Act, dictate the authority to issue secret warrants, searches and seizures of data from online users. These laws can cause criminal penalties for revealing the warrant, search or seizure, disallowing disclosure related to these events that would negatively affect both the users of a VPN service and SlickVPN.com. The principals and employees of SlickVPN must comply with such warrants and their provisions for secrecy.

Due to these circumstances, SlickVPN stands prepared and will make available, on a monthly basis, a “warrant canary” in the form of a cryptographically signed message containing the following:

A declaration that states, up to the stated point of time, no warrants have been served, nor have any searches or seizures taken place. This will also include a pasted headline from a selected major news source, establishing and as a verification on the true date of issue. Special note should be taken if these messages ever cease being updated or are unchanged for more than thirty (30) days, or are removed from this page.

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

As of March 1th, 2019, SlickVPN.com, Slick Networks, Inc., Slick Network, LTD., (“SlickVPN”) has not received any National Security Letters or FISA court orders, and we have not been subject to any gag order(s) by a FISA court, or any other similar court(s) of any government. SlickVPN has never placed any backdoors in our hardware or software and has not received any requests to do so. SlickVPN has never disclosed any user communications to any third party. No searches or seizures of any kind have ever been performed on SlickVPN assets.

Recent headlines:

Tesla cuts price of Model 3 to $35,000 and moves sales online – https://www.bbc.com/news/business-47410636

Trudeau: The scandal that could unseat Canada’s PM – https://www.bbc.com/news/world-us-canada-47408239

—–BEGIN PGP SIGNATURE—–

iQEzBAEBCgAdFiEE/bVXuR7Yj+4bZdgmvCW01obfY1gFAlx5RvIACgkQvCW01obf
Y1gXHwf7B9iw8W00hcvYHpMUzW0nGEfn/qk22iSnRMgEKXQpPmg513G5XvpY/CM6
0RIKPhhKC4HFDuF2kj8J9CNefeDHbyrkjPSqqrCVvAJq7KTe4wUmqJqF9qztjuGo
lauy/y6kjm3TX7bdYxyH05A8E62Mv3QOJnC90ZuMY6KLd+jjT5yBc6mvbX76TZy4
Le3k8X5UZhAh77gCWUyAbAJj74+nd7qbuVW6/AYJSYZa55uYsH7i6iwkqsTR7aL/
bu9oJUqi0HTA9Gla2TkYbwvqJMWmKRN23u/0j1LlMHICl4qjhz/rZu2YCTgVWmOy
3WSgaLdtM94bADhuzbKnt0ii7ote4w==
=lomq
—–END PGP SIGNATURE—–

Verification:

Warning: this process is pretty technical, it requires familiarity with OpenPGP and the command-line. It assumes you have the program gpg installed.

Import SlickVPN’s OpenPGP key

On the terminal, import SlickVPN’s public OpenPGP key from a keyserver:

$ gpg --keyserver keys.gnupg.net --recv-key BA1EAEB0
$ gpg2 --fingerprint BA1EAEB0

The first line will import the key into your keyring, but there is no guarantee that you actually imported the right key. The ” –fingerprint” command allows you to see the fingerprint of the key and actually confirm you imported the correct key. You should see an output that contains the following information:

Key fingerprint = 74FA 4FB8 3586 6246 6827 7F72 0738 ACDA BA1E AEB0

There is no particular reason that you should trust this key on its own. Instead, you can verify and authenticate the key by those who have confirmed and verified the key:

gpg --list-sigs BA1EAEB0

Verify SlickVPN’s Certificate

Now that you have imported SlickVPN’s public key, you can verify that the fingerprints listed on this page are really from SlickVPN.com.

Copy and paste the above statement and save it to a text file named:  SlickVPN_Canary_message.asc

Then run this command in a terminal:

gpg --verify SlickVPN_Canary_message.asc

You should get output that says:

gpg: Good signature from "SlickVPN Team"

You should make sure that it says “Good signature” in the output! If this text has been altered, then this information should not be trusted. Unless you have taken explicit steps to build a trust path to the SlickVPN Collective key, you will see a warning message similar to:

gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.

However, you still should see the “Good signature”.

Compare the fingerprints

Now that you verified that the above message contains the fingerprints for our certificate, you can compare this value to the value provided by your browser. In most browsers, to find the fingerprint of the certificate your browser sees you can click on the lock icon located in the location bar. This should bring up details about the certificate being used, including the fingerprint.

If the values match, and you trust the SlickVPN public OpenPGP key, then you can be confident you are really communicating with SlickVPN.com servers.