Thinkst Canary · Jun 24, 2019 · 3:42 PM UTC

Thinkst Canary

Thinkst Canary

@ThinkstCanary

24 Jun 2019

Last year, @swagitda_ used a CanaryToken to discover that Chrome was reading her \Documents folder. Last week, a customer used a CanaryToken to discover that Chrome/Android will mangle ssl-pages pretty aggressively to save bw (if needed). Max's writeup: blog.thinkst.com/2019/06/whe…

When document.domain is not equal to document.domain

Background One of our most popular Canarytokens is one we call the “Cloned-Site Token”. Essentially, we give you a tiny piece of JavaScript to add to your public webpage. If this JS is …

blog.thinkst.com

Kelly Shortridge · Jun 24, 2019 · 3:53 PM UTC

Kelly Shortridge @swagitda_

24 Jun 2019

Just a quick clarification — it was the Downloads folder & was due to Chrome embedding an AV scanner into the browser to read any downloaded files via Chrome. Their documentation around the feature was too sparse imo, but it wasn’t scanning all dirs as I originally feared :)

Bil Corry · Jun 24, 2019 · 7:09 PM UTC

Bil Corry · Jun 24, 2019 · 7:09 PM UTC

Bil Corry @bilcorry

24 Jun 2019

Replying to @swagitda_ @ThinkstCanary

Interesting, @CarbonBlack_Inc alerts every time I use Chrome to download a file. Maybe it’s related?

Jun 24, 2019 · 7:09 PM UTC