AstroVials' Canary

Home

The message block was decrypted using AstroVials' known-good public key.

Check the signed message text below for an expired canary. A recently expired canary is not uncommon, but it's a cue to contact the vendor for an update.

AstroVials's signed message:


AstroVials Warrant Canary, May 6th, 2026

I, Rose, confirm that I am alive, and free, and that I have full control of astrovials.com. I have never willingly disclosed any user data or provided any access to user traffic to any third party.


As of 2026-05-06 no warrants have ever been served to AstroVials or me. No searches or seizures of any kind have ever been performed on AstroVials assets.


Domain and certificate moved from astrovials.co to astrovials.com on January 14th, 2024


Next canary is due August, 2026.


My PGP public key info is as follows:


https://astrovials.com/key.asc
https://keys.openpgp.org/vks/v1/by-fingerprint/324C8767A0677D324DE9D69889107652253E8AA8
KeyID: 253E8AA8
Fingerprint: 324C 8767 A067 7D32 4DE9 D698 8910 7652 253E 8AA8

Signature verification:

gpg: Signature made Wed 06 May 2026 19:31:09 BST
gpg:                using EDDSA key 324C8767A0677D324DE9D69889107652253E8AA8
gpg: Good signature from "Rose <rose@astrovials.com>" [full]

This page was generated on 2026-05-07 from the URL https://astrovials.com/canary.txt

What are Canaries?

A canary is a way for a website owner to signal that something's wrong, like authorities snooping around or taking control of a server.

The site owner posts a message along with a key that can be used to prove it was written by them, and then updates the message periodically. If the owner stops updating the message, then that's a signal that something is wrong.

Nobody can take control of the site for long without people knowing, even if the site owner is legally obliged to remain silent.

Example commands (Vanna Pharma)

# Copy Vannas's public key from the canary page. Save as vanna_public_pgp.asc
# Copy Vanna's message from the canary page. Save as vanna_message_pgp.asc

# Check that Vanna's public key matches the archived copy from January 2023
https://web.archive.org/web/20230123225946/https://vannapharma.com/canary/

# Only import the key if it matches the archived copy. If it doesn't, then RED ALERT!
gpg --import vanna_public_pgp.asc

# Verify the message is authentic according to the key we imported
gpg --verify vanna_message_pgp.asc

# Other commands that are useful
gpg --list-keys  # show all keys in local keyring
gpg --lsign-key <name>  # sign with your private key to indicate you trust the key
gpg --edit-key <name> # run the 'trust' command to set the trust level you want to give vanna's key

# Note that <name> can be a key id or even 'vanna' will work for us
# The 'other commands' are not necessary, but can remove scary warnings in output