Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Suggestion: Start slipping unique URLs into the "hidden" backend fields of systems where you'd like to know if your data was breached, improperly used, or handed over to a three letter agency.

Suddenly getting hits at mydomain.com/[uuid]? At least you know somebody has looked at the data, or at the very least fed it through some processing tool that is extracting and visiting the URLs.



This is called a canary and can be used in so many places: https://blog.thinkst.com/2022/09/sensitive-command-token-so-...


https://canarytokens.org


How do you suggest it should've been used in this case? As a PyPI username (obviously pointless), or what?


Good question. I'm not familiar with what fields might be be collected on the PyPi backend. But the email address field alone could be enough, if you set up a wildcard DNS and made your account email something@[uuid].mydomain.com, and looked for any http traffic to that subdomain.


Or run your own authorative DNS for example.com (or a subdomain used for this) and track queries on those UUID.


I'm pretty sure I've seen a SaaS that does this, but I can't remember the name.


"Thinkst canary" I think you're thinking about. https://canary.tools/


Yes that's the one, thanks.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: