Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • T Tor Browser
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 1,019
    • Issues 1,019
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 3
    • Merge requests 3
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • Tor Browser
  • Issues
  • #19229
Closed
Open
Created Jun 02, 2016 by cypherpunks@cypherpunks

Canary monitoring

Some websites put canaries into their Privacy Policy as a legal way to inform the users about gag orders. It is fine to have a browser extension checking for canaries and warn users if canary disappear.

If an extension discovers a valid canary, it caches the site as canaried. If a canary changes or disappears it informs the user. A DB of known canaries can be available as a subscription (like adblock one).

First it tries to discover a canary in the page. If it doesn't, it looks for meta or a element referring to ToS and privacy policy and looks for canaries there.

To discover a canary an extension searches in meta tags for it. If it finds a meta element with content having a canary it means it has a canary. This canary has the following format . The implementation must check the signature and pin public key.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking