The TrueCrypt website has been changed it now has a big red warning stating "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues". They recommend using BitLocker for Windows 7/8, FileVault for OS X, or (whatever) for Linux.
So, what happened? The TrueCrypt site says:
This page exists only to help migrate existing data encrypted by TrueCrypt.
The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
Did the TrueCrypt devs (or SourceForge?) get a NSL? They are offering a "new" version (7.2), but apparently the signing key has changed and a source code diff seems to indicate a lot of the functionality has been stripped out. What's up?
Technicality only: it's not a "Warrant canary" (which, if not updated, means something went wrong) but rather a "scorched-earth trap" (step on it and everything blows, nobody gets nothing, not even the attacker).
The "warrant canary" is effective because, to send the signal, you just obey an order to do nothing (I suspect, for US, there may be an amendment which protect innocent citizens against forced labor - e.g. work to introduce a backdoor against my will).
The TrueCrupt crippling is a destructive step that requires an action, there may be some "contempt of court" issues if so.
In any way, one cannot dismiss a Lavabit 2.0 scenario in progress.
I have to agree - it seems to me that the most likely scenario is LavaBit all over again:
Truecrypt has been a hugely valuable tool for millions of people. It is cross-platform and it is absolutely easy to use. I've tried other solutions out there, and no other platform independent solution is nearly as good on the usability front - and usability is critical to security applications or else people won't bother with them...
We need Truecrypt, or an equivalent replacement...
What is stopping the government's secret, already illegal, orders from including the requirement to keep the "canary" in place. They just show up, root your servers, and tell you to act like nothing happened and do NOT take down the canary notice.
The point of the canary is that if it isn't updated frequently one should assume that something is wrong.