Wednesday, 26 August 2015

What's in a name? Retiring the name "Canary"

Almost three years ago, I started on a project to retrieve data from various sources and process them with the idea of allowing those to know when data has been compromised via alerts or just searching. After the Ashley Madison data hit the Internet last week, I had more searches in one day than I had in the entirety of the project up until then.

Canary has gotten more popular and has received more data since its start in March 2013. Last year, it hit a milestone of one million total samples. And as time has gone on, I’ve realised two things about the service that need to be changed.

The first one is the obvious: Canary has been getting slower as it has received more data and the results are becoming less clear. When I first developed the application, my knowledge of databases and efficient search queries were quite limited even though I was eager to make use of these tools. Having learnt some things from other projects I am engaged on, I am now almost complete in rewriting its backend and migrating to a new database engine too. When it is ready later in the autumn, I’ll be able to discuss this in further detail.

Now, what is the second one you might ask? It needs a name change.

Originally, Canary had a few prototype names: the working name was “DataAlert” and its codebase was referred to as “ODLDB” or “Online DataLoss DataBase”. After getting the software to work as expected, the name “Canary” was adopted after an earlier project of mine, “Avivore”, which was a tool for finding phone numbers and other personal information on Twitter. Internally, I still refer to the software as “ODLDB” even though its components are all named after specific birds.

The problem I am running into now is that there are far, far too many applications and services on the Internet using the name “Canary”. To make matters worse, there have been several other “Canaries” including one that practically did the same thing as the service I run today and another that had a logo so similar to mine that I considered speaking to a lawyer to see what my options were to prevent the sale of its service within North America.

Four services or projects so far have adopted the name “Canary” in the information security sector since I started Canary in 2013. One is a piece of hardware that behaves as a internal network honeypot, another is a webcam for home monitoring, one does practically the same thing as what I offer, and another is supposed to detect changes in SSL certificates. In three of these, I can remain confident that those who went and adopted the name did little to no research on the name and just went and slapped it on--the camera product came out a month or so after I announced the service so I don’t have the same sentiment.

It has gotten to the point where I have been getting e-mails about these other Canary-named services that have nothing to do with me. These e-mails happen at least once or twice per week and usually I just respond with, “these are not the canaries you’re looking for”.

Having said all that, I am not a fan of being litigious or aggressive towards others especially since the space where “Canary” is being used as a product name is becoming quite crowded and the energy and capital I’d have to spend to fight for it would exceed that of simply renaming the service and redirecting traffic to a new domain. I am also a person that prefers to build bridges with people and the other Canary-named services are individuals and groups I’d personally rather be amicable with upon anything else. Additionally, I don't think the adoption of this name by others was intended to undermine me or anything and that instead I think it's just a lack of forward-thinking.

With the release of a new version of the software will come a new name for Canary. I have several candidates for names at this time but I will be doing my research. What I do ask for you as the reader is that when you name a project, consider just doing a simple search on Google or something to ensure that you won’t be stepping on toes or making people who’ve already invested some time and energy into it.