Existing and proposed laws, especially as those related to the US Patriot Act, dictate the authority to issue secret warrants, searches and seizures of data from online users. These laws can cause criminal penalties for revealing the warrant, search or seizure, disallowing disclosure related to these events that would negatively affect both the users of a VPN service and SlickVPN.com. The principals and employees of SlickVPN must comply with such warrants and their provisions for secrecy.
Due to these circumstances, SlickVPN stands prepared and will make available, on a monthly basis, a “warrant canary” in the form of a cryptographically signed message containing the following:
A declaration that states, up to the stated point of time, no warrants have been served, nor have any searches or seizures taken place. This will also include a pasted headline from a selected major news source, establishing and as a verification on the true date of issue. Special note should be taken if these messages ever cease being updated or are unchanged for more than thirty (30) days, or are removed from this page.
—–BEGIN PGP SIGNED MESSAGE—–
As of July 30th, 2019, SlickVPN.com, Slick Networks, Inc., Slick Network, LTD., (“SlickVPN”) has not received any National Security Letters or FISA court orders, and we have not been subject to any gag order(s) by a FISA court, or any other similar court(s) of any government. SlickVPN has never placed any backdoors in our hardware or software and has not received any requests to do so. SlickVPN has never disclosed any user communications to any third party. No searches or seizures of any kind have ever been performed on SlickVPN assets.
Capital One data breach – https://www.bbc.com/news/world-us-canada-49159859
Google reveals fistful of flaws in Apple’s iMessage app – https://www.bbc.com/news/technology-49165946
—–BEGIN PGP SIGNATURE—–
—–END PGP SIGNATURE—–
Warning: this process is pretty technical, it requires familiarity with OpenPGP and the command-line. It assumes you have the program gpg installed.
Import SlickVPN’s OpenPGP key
On the terminal, import SlickVPN’s public OpenPGP key from a keyserver:
$ gpg --keyserver keys.gnupg.net --recv-key BA1EAEB0 $ gpg2 --fingerprint BA1EAEB0
The first line will import the key into your keyring, but there is no guarantee that you actually imported the right key. The ” –fingerprint” command allows you to see the fingerprint of the key and actually confirm you imported the correct key. You should see an output that contains the following information:
Key fingerprint = 74FA 4FB8 3586 6246 6827 7F72 0738 ACDA BA1E AEB0
There is no particular reason that you should trust this key on its own. Instead, you can verify and authenticate the key by those who have confirmed and verified the key:
gpg --list-sigs BA1EAEB0
Verify SlickVPN’s Certificate
Now that you have imported SlickVPN’s public key, you can verify that the fingerprints listed on this page are really from SlickVPN.com.
Copy and paste the above statement and save it to a text file named: SlickVPN_Canary_message.asc
Then run this command in a terminal:
gpg --verify SlickVPN_Canary_message.asc
You should get output that says:
gpg: Good signature from "SlickVPN Team"
You should make sure that it says “Good signature” in the output! If this text has been altered, then this information should not be trusted. Unless you have taken explicit steps to build a trust path to the SlickVPN Collective key, you will see a warning message similar to:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
However, you still should see the “Good signature”.
Compare the fingerprints
Now that you verified that the above message contains the fingerprints for our certificate, you can compare this value to the value provided by your browser. In most browsers, to find the fingerprint of the certificate your browser sees you can click on the lock icon located in the location bar. This should bring up details about the certificate being used, including the fingerprint.
If the values match, and you trust the SlickVPN public OpenPGP key, then you can be confident you are really communicating with SlickVPN.com servers.