The reason I am confident in the rsync canary is that you are so proud of it. If a court were forcing you to keep updating it, I would expect you to talk about it less frequently and/or with less enthusiasm (how could a judge practically force somebody to be proud of their canary and talk about it on HN? I'm sure they could say "Keep talking about it often on social media!", but how could that actually be enforced?)
I hope I didn't just give any potential judges any bad ideas...
How would it be enforced? Easy. Show some third parties a timeline of rsync's social media posting before, and after the court order. Remove the absolute time data and don't tell them which is before and which is after.
If they (the overwhemling majority of third parties to which this is shown) can correctly distinguish them better than chance, then rsync was trying violating the anti-tipoff order.
Incidentally, what I just described is basically the test for whether a cryptosystem is "semantically secure", which is often expected.
rsync's lawyers could argue that the sampling sizes were far to small for the trends claimed to have any significance, arguing that any discrepancy could easily be explained by a lack of good opportunities to bring it up.
The court could order it, and they could try to enforce it, but unlike "don't send an email to your mother about this" (which is a rather concrete thing) it would be very messy and wishy-washy. In perhaps the worse case scenario for the court, they would have to deal with figuring out how to measure "enthusiasm". Do rsync's posts seem more dejected these days? Is that just the court's bias showing, or is dejection measurable in some sort of objective/empirical way?
What if a company is deliberately lying (with a wink and a nod) about being under a warrant when in fact it's not? It's not illegal to lie. Would that force the government to prosecute you for breach of a non-existent warrant? If the government is not prosecuting, then they are admitting that no warrant currently exists, which in itself is a kind of signal. Another try could be for the government to quickly serve you with a warrant, but then you need to retract the statement to avoid prosecution. If the company retracts the statement that is another signal. If the company does not retract the statement and is not prosecuted, it also signals something.
No need for a wink and a nod I think. People know they wouldn't publish it if they got one, I think that idea is genius. I'd really like to know what lawyers have to say about it.
Hm, this strategy, of overloading the system with false positives, is cleverer than the standard warrant canary, but it also forces you to understate your privacy protections.
Apple has more subtle canary. Yours is totally obvious.
The court will consider intention. If it can be shown that the wording was intentionally selected to work as warrant canary and has no other function, the case is clear.
Your canary has clearly only one purpose: revealing the warrant while thinking you are smartass and get away with it.
http://www.rsync.net/resources/notices/canary.txt
has been similar ... however I am certainly much, much more confident now that apple is running one ...