Those Cute Little Favicons Always Did Seem Pretty Sus

Source: Ars Technica Those Cute Little Favicons Always Did Seem Pretty Sus

I Always Feel Like Somebody’s Watching Me

Move over LSOs and get out of the way super cookies, there’s a new way to track people’s movement on the internet that works on just about every browser.  It’s those cute little favicons that appear just beside that HTTPS verification symbol and in your favourites which are now being used in tandem with other footprints you need to be aware of now.

Ars Technica published a look at the findings of a group of security researchers that reveals how a couple of invisible redirections can allow a site to track billions of individual machines.  To make the news even better, those little buggers are not stored in the same place as cookies or your history.  The pièce de résistance is the process by which your browser caches these favicons means that even if you are using your browser’s incognito mode you are still able to be tracked, all your history is still intact and the private browsing session will be added to it.

Thanks to many sites having different favicons across the same domain, a couple of quick redirects between you clicking the link or bookmark and the site loading your requested page allows them to link a variety of computer fingerprints, such as your screen resolution, fonts, and software versions to the combination of favicons displayed in those redirects.  The article suggests 32 redirections are enough to uniquely identify 4.5 billion different browsers.

At the moment Brave is secure from this tracking technique and Firefox happens to be due to an unpatched bug which breaks the use of favicons in this manner.  As to the rest, we can hope for a quick patch to be released soon.

The prospect of Web users being tracked by the sites they visit has prompted several countermeasures over the years, including using Privacy Badger or an alternate anti-tracking extension, enabling private or incognito browsing sessions, or clearing cookies. Now, websites have a new way to defeat all three.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!