Modern browsers do a fancy thing when you download files: they tack on the download URL to the file on OSes whose file-system metadata supports it. That serves a few purposes, such as tracking where files came from overtime, and more importantly, it lets the OS treat certain files as untrusted. An executable downloaded from the Internet might get an extra warning popup when its first run, for example. Browsers on MacOS perform this step of tagging downloaded files with the URL they were downloaded from.
At the same time, we strive to keep your Canary Console address confidential. By design, the address doesn't reveal who you are, but it provides an attacker with a tiny bit more information than they previously had. Your Console address looks like this:
To prevent this URL from appearing in your Canarytoken's filesystem metadata on MacOS, we currently provide a download link at a secondary address completely unrelated to your Canary Console. The details aren't interesting (it's a pretty straightforward use of HTTP redirects and Referrer-Policy header settings), but the upshot is that for most browsers on macOS we can serve a clean Canarytoken download that doesn't include the Console address but instead only includes the Canarytoken server's address (which is already embedded in the Canarytoken anyway). So there's no change in the information revealed.
If you choose to download Canarytokens in Firefox, you'll hit the tab workflow on download. After each download, simply close the tab. (We know the workflow isn't ideal; when Firefox improves their Referrer-Policy handling we'll switch Firefox users back to the same workflow as everyone else.) Lastly, you could give Chrome or Safari a try if the additional tabs get on your nerves, or rely on the API for generating large numbers of Canarytokens.