That’s kinda my point. A canary removes all the middle ground between a yes and no. Which means no comment = yes.

The parent comment implies that in such a case “no comment” is not compliant with the law, as it informs the inquirer.

Hence the only way to comply is to answer “no”, which is a lie.

Except "no comment" is not a yes. It's a "whether we do or don't, you are not part of that process and not privy to that information either way".

The point of the canary, is to turn any non-answer into a practical, or at least a tentative, "yes". If you no longer see an explicit "no", it means "yes".

So the point of the canary is to turn a proper response into something that's flat out wrong? That seems incredibly counter-productive.

Wrong? What do you mean?

The difference between a canary and a "no comment" is that "no comment" is an extremely common thing to say whether an allegation is true or not so it's not very suspicious, while stopping a canary is very suspicious.

So it's like the scenario you outlined earlier, but more effective.

No, it isn't. It's pretending that "no comment" means something it doesn't. Just because you want it to mean "yes" doesn't mean it means that. It means "we are not going to comment on this, because we have a sane legal department and we're not going to give you any information one way or another".

If you think "no comment" means either yes or no, you're pretending to know something you don't, and you should absolutely stop and go "wait, why am I lying to myself? And why am I believing my own lie?"

Huh?

You're the one that said no comment was suspicious! I said something weaker than that, that it's not very suspicious.

I'm not the one that said a canary failing is a yes. I said it was significantly more suspicious than a no comment.

Yes, I was the one saying that _people_ consider it suspicious, but I'm also the one saying that as a company your only course of action is to not comment on legal matters unless legally compelled to. Those two things are not mutually exclusive. People (in aggregate) don't act rationally, so even if it's going to lose you some customers, no comment.

That doesn't explain your previous comment. Was the accusation about [[pretending that "no comment" means something it doesn't]] a misunderstanding of what I was saying? Or a confusion between me and powersnail? Or something else entirely?

If it's about what powersnail is saying, I think they're just wording things imprecisely. The canary doesn't actually affect the meaning of "no comment". The canary means that if it disappears, things are very suspicious, and if ask directly about the canary and get a "no comment" then you not only stay very suspicious, you also know they didn't forget. The no comment itself is not a "yes", but from a security point of view you should treat this active lack of canary as if it is a "yes".

Which they referred to as a "practical/tentative yes". Which I think is a reasonable way to describe the situation. It's not "flat out wrong" or "counter-productive".

> so even if it's going to lose you some customers, no comment

You're going too far here.

If you used to comment on something, and you could easily comment on it, and it loses you customers not to comment... you should comment. If you don't, it is suspicious.