Canary monitoring

Some websites put canaries into their Privacy Policy as a legal way to inform the users about gag orders. It is fine to have a browser extension checking for canaries and warn users if canary disappear.

If an extension discovers a valid canary, it caches the site as canaried. If a canary changes or disappears it informs the user. A DB of known canaries can be available as a subscription (like adblock one).

First it tries to discover a canary in the page. If it doesn't, it looks for meta or a element referring to ToS and privacy policy and looks for canaries there.

To discover a canary an extension searches in meta tags for it. If it finds a meta element with content having a canary it means it has a canary. This canary has the following format . The implementation must check the signature and pin public key.