The major problem with canaries is that it requires you to trust the company providing the canary. Maybe it wouldn’t legally hold up in court if the NSA ‘kindly requested’ you continue putting up, if you didn’t want certain other unpleasant things to happen - but would a major company be willing to take that risk? Do you TRUST them to take that risk, when taking that risk GUARANTEES they’ll end up worse off, since the only ‘benefit’ is people knowing they’ve been compromised? And unless they “knew” about it they wouldn’t even be lying, and lots of people are really good at not knowing about lots of things they benefit from - there are systems in place to handle that and keep them nicely shielded.
Every single incentive of the canary system is perverse - unless you’ve got an extremely moral risk-taker on the other side of it, there is no reason whatsoever to trust these canaries, any more than we trust the various (later proven untrue) denials that many corporations make.
