Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Cool idea!

I immediately thought of a concern which is already highlighted in their FAQ:

> What if attackers blacklist the canarytokens.org domain? Doesn’t that work?

> This would work! That’s why we suggest that you download the canarytokens docker image and run your own server. (You can grab the source to build it yourself from here)

This seems like something that could be highlighted more prominently, since the main site makes it so extremely convenient to use a hosted token (where some knowledgeable attackers can avoid triggering the canary).



Don't let perfect be the enemy of good. I really doubt that many hackers have blacklisted this domain (while not working on offline machines). A self-hosted version must also be tested and maintained, this is an easy set and forget solution.


Well, they will now :D


Do you think any one in practice will be watching for this domain? My suspicion is that it will still work for most people, but I am ignorant, and am basing this on how competent I see people behave in general.

Moving that item up to be more prominent does sound like a good idea though


Would depend on the method. For the ones that are automated like opening a PDF - I doubt many attackers will bother blacklisting the domain in their DNS.

But for the manual ones, like opening a link - it'd probably be better to host them at a much less suspicious sounding domain.


> Do you think any one in practice will be watching for this domain?

I would bet money that multiple governments already do.


Hmm, why? It seems like another risk to let people mark urls as 'please do not read' and respect it


An easier service would be if canarytokens.org allowed us to CNAME our a subdomain of our company, so the token would be sent to hj.example.com. But that would make canarytoken.org a public service, which requires funding.


You totally can?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: