Over the last week, rumors have been spreading across the digital activist community that the technology collective riseup, which provides email, chat, VPN, and other services to activists, may be compromised after receiving a secret government subpoena accompanied by a gag order. The collective provides email service to roughly 150,000 users, hosts activism-related mailing lists with 6.8 million subscribers, and delivers more than 1 million emails per day. According to a representative of the riseup collective, the rumors are outsized. But it is clear that something happened, and that riseup is unable to speak about it publicly. “Riseup will shut down rather than endanger activists,” the spokesperson said. “We aren’t going to shut down, because there is no danger to activists.” Riseup, which began in Seattle in 1999, is one of the most privacy-friendly and anti-surveillance service providers online today. “We believe it is vital that essential communication infrastructure be controlled by movement organizations and not corporations or the government,” the collective’s website states. “Riseup does not log IP addresses and has not done so since the early ’00s,” the collective member told me in an encrypted email. “We work hard to minimize the amount of data (and metadata) stored as [much as] possible. The only way to protect the information of activists around the world is by not having the information in the first place.” Riseup’s privacy policy promises that the service will log as little as possible and never share user data with any third party. Riseup publishes a warrant canary, a statement that the collective has never received a secret government subpoena, has “never placed any backdoors in our hardware or software and has not received any requests to do so,” and has “never disclosed any user communications to any third party.” If riseup ever does get such a government request, and if the request comes with a gag order that prohibits the collective from informing its users, it won’t update its warrant canary, and from this users can infer that something is wrong. Riseup’s warrant canary is supposed to get updated “approximately once per quarter.” The last update was from August 16, 2016 — nearly two weeks past the last three-month deadline. Some users have noticed that riseup’s canary seems to have died, and they inferred that something is wrong. Users have also noticed that some of riseup’s recent tweets appear to contain hidden messages, like this screenshot from the policies section of its website where it promises to shut down its service before submitting to “repressive surveillance by any government”:

we have no plans on pulling the plug https://t.co/7Bm0KrEnKA pic.twitter.com/MvEu6itTX6 — riseup.net (@riseupnet) November 21, 2016

The warrant canary’s apparent expiration, together with riseup’s tweets apparently full of hidden meaning, caused some people to speculate publicly that riseup had been compromised, or at the very least, had received a secret national security order and was currently fighting it in court. This speculation started right before the Thanksgiving holidays. “Due to Thanksgiving and other deadlines, our lawyers were not available to advise us on what we can and cannot say,” the collective member told me. “So in the interest of adopting a precautionary principle, we couldn’t say anything. Now that we have talked to [counsel], we can clearly say that since our beginning, and as of this writing, riseup has not received a NSL, a FISA order/directive, or any other national security order/directive, foreign or domestic.” On November 24, riseup tweeted that there was no need to panic:

1. There is no need for panic.

2. Our systems are fully under our control.

3. We will provide additional information at a later date. — riseup.net (@riseupnet) November 24, 2016

4. Our prior tweets did not have any hidden subtext. — riseup.net (@riseupnet) November 24, 2016