Browser Tracking Using Favicons

2021-02-17 12:05

Interesting research on persistent web tracking using favicons.

In this paper we introduce a novel tracking mechanism that misuses a simple yet ubiquitous browser feature: favicons.

In more detail, a website can track users across browsing sessions by storing a tracking identifier as a set of entries in the browser's dedicated favicon cache, where each entry corresponds to a specific subdomain.

In subsequent user visits the website can reconstruct the identifier by observing which favicons are requested by the browser while the user is automatically and rapidly redirected through a series of subdomains.

The caching of favicons in modern browsers exhibits several unique characteristics that render this tracking vector particularly powerful, as it is persistent, non-destructive, and even crosses the isolation of the incognito mode.

Clearing your cache, surfing behind a VPN, or using an ad-blocker won't stop a malicious favicon from tracking you.

News URL

https://www.schneier.com/blog/archives/2021/02/browser-tracking-using-favicons.html

#browser #tracking