The name [“canary token”](https://canarytokens.org/generate) comes from the phrase “a canary in the coal mine,” which itself comes from the [real-world practice](https://en.wikipedia.org/wiki/Sentinel_species) of miners carrying canaries with them to detect harmful gases such as carbon monoxide. The canary would succumb first, and this would provide a warning to the miner.

Similarly, a “canary token” provides a warning to a user that some event has occurred that they’d ordinarily be unaware of. A Word canary, for example, embeds specific code into the Word document so that when the file is opened, it sends a warning to you. Otherwise, you wouldn’t know that someone had been able to access it.

Apart from the already mentioned uses of the term:

* A ‘tripwire’ to indicate a document / data was accessed.
* A notice indicating that a site has never been served a NSL or similar (more often called a *warrant canary*).

There is also the computer coding canaries:

* added at the end (most common location) of an in memory data structure, when the code path retrieves the data structure if the canary has changed, something corrupted the data structure (bad code, malicious code, failing hardware). A useful technique to guard against buffer overflows.
* As initial value of some variable – if it has not been changed from the canary then some configuration path / setup has not been run. A common use of this “ChangeMe” if a user hasn’t changed the value then either use a default setting or generate an error (and exit).

Normally the person who makes a blockchain puts a message in the chain such as “I have never given any law enforcement any info”.

Often, if they do, they aren’t allowed to speak about it.

So if they do.. they remove the phrase “I have never given any law enforcement any info”.

This is how they can alert the users….. without having to break the law.

It’s something you add…. expecting you may have to sacrifice it… to convey a message.

It’s a way to detect if someone accessed something they shouldn’t. Let’s say you have a list of customers in your system and you add some fake person into it with an email address you control. One day the email inbox receives a message, that means that someone stole your list of contacts because noone should know of that address.

In the context of cryptocurrency.

It’s common, when personally holding cryptocurrency, to have a 24 word secret key. However if someone, friend, family or hacker finds out what these 24 words are, your crypto account can be drained in seconds.

It’s also possible you could be subject to a [wrench attack](https://www.explainxkcd.com/wiki/index.php/538:_Security) so to counter both these cases it’s possible to create a ‘canary account’

Your 24 word crypto key becomes your canary account, you only keep a small amount of your crypto there (as much as you are prepared to lose, yet enough to be plausible). Your main account is protected by an additional 25th word and is effectively a totally separate account.

You can set up a free email or sms service that reports if any transactions are made on the canary account (which, since you don’t generally make transactions yourself, must be fraudulent). This is equivalent to the mine canary dropping dead! You then have time to move your main funds to another, more secure wallet.