So, mount webcams in the datacenter. Point them at your racks (front and back, to show cables). This isn't a bad idea in any event, because sometimes it's good to know what Figby Tenthumbs recabled on Monday morning when he was hung-over.
The Riseup folks had a webcam running when one of their servers was seized for running an anonymous remailer. The FBI returned the server two weeks later, without ever notifying anyone that it had been seized or returned.
I like the way the larger woman in the background is looking up at the ceiling as if for cameras. Also that the male short-haired government agent is wearing a suit, as one would expect. And then looks ~directly into the camera at one point.
You could trivially detect a loop by examining noise.
You could trivially defeat that by injecting noise.
You could less trivially defeat that by looking for "random" behavior in the datacenter, such as people walking by, vibrations caused by folks moving about, blinking patterns of the ubiquitous network activity LEDs in your rack and other racks, etc.
Have your own server's LEDs blink in pseudo-random sequence; have a script monitor the video feed, alerting if the sequence of LEDs doesn't match what is expected
This is the culmination of a very nice subthread. While there is certainly a huge need for a systemic fix, the subthread shows how technology can help us fight the problem on a temporary case-by-case basis. Brilliant!
And then the day the webcam broke, customers fled in droves.
Or, the government simply says, "You have to say that the new server is a web server".
This is why I'm always skeptical of things like "warrant canaries" and the like. If the government can require you lie to your customers about whether they're being monitored, surely they can control the terms of disclosure about what's going on?
I wonder if something like making a donation to the EFF for every week that a warrant has not been served would work. Could they compel you to keep donating?
Maybe, or donate on your behalf, but they could compel you to say you're still donating, and the EFF says that they don't disclose donor info except as compelled by law - so I assume they could be compelled to keep reporting so.
But honestly, this is getting so ridiculous. How would people know that you'd stopped donating? If you had a webpage that said, "We donated this week", the government could just require you keep putting it up. You could give the EFF the ability to disclose your donation - but what, your customers are going to call the EFF every week? The EFF is going to set up a webpage that your customers are going to go to, in order to verify that your donation was received?
Then, let's say you have 500k customers. You get a FISA request or whatever for 1 of them. You stop donations, some webpage somewhere gets updated, and....what happens, exactly?
First off, the customer would have to want to check however mechanism is available, since you certainly can't notify them. So once they check, what do they know, other than someone on the service has received a government request.
Then, now that they know this, what do they do about it? Migrate off? To whom? If all it takes is one request for customer data to trigger the warrant canary, shit, all the government has to do is make one request for every company with a warrant canary. Now there are no available services.
At which point what do your users do? Do you go with an un-canaried provider? Hope that you're not the target of the warrant?
Then, look at it this way, someone, perhaps a less scrupulous provider, will simply lie about not having received a warrant, in order to get the business.
While it's a fun thought exercise, there's absolutely no practical way to do what people are suggesting without using a system that would be so vulnerable to manipulation as to be useless.
Now make access to the cameras public.
"What's that new box?"
"We can't say."
"Ooohh, I see. Noted."
Watch the watchers watching.