More and more security conscious people and services have taken to put up various kinds of NSL canaries. The basic idea is that if the government comes with an NSL containing a gag order, you will not update the canary, thus alerting everything that you've been compromised by the government. However, this will likely not work.

Let's take a step back. The last year have shown how governments use gag orders in order to stop service providers from alterting their customers about intrusive surveillance measures. Imagine you develop security software, and one day the NSA comes and tells you to build in a backdoor into your software - and oh, you are not allowed to tell anyone. So everyone is using your security software, but it's been secretly compromised. Now, the gag order makes it illegal for someone to even reveal the existance of the original order, with severe penalties if you break it.

Since you can't break the NSL gag order, many people have come to the conclusion that you can do things along the line of every day saying on twitter "I have received 0 NSLs with gag orders". And then, if one day you don't post the message, then everyone will know that you have received a gag order. The actual amount of sophistication here can range from a manual message all the way to signing messages with todays news paper headlines and sending that to a third party site.

So does it work? Well, it hasn't been tested in court. The people who do these things argue that legally it's harder to compel someone to actively lie, than to comepl someone to keep quiet. But since this theory hasn't been tested we don't really have any reason to believe that it is correct. In fact, the intent of the gag order is that you can not reveal the existance of it, and no matter if you reveal it by failing to say something or actively tell someone about it, it is likely that you are violating the intent of the order.

In summary, I would not use canary mechanisms in order to make people feel better about security products. And it really doesn't make any difference for me if a site has a canary. If it's in a legislation where the code or service can be impacted, a canary is nothing to put faith in.