Security News > 2021 > February > Browser Tracking Using Favicons
Interesting research on persistent web tracking using favicons.
In this paper we introduce a novel tracking mechanism that misuses a simple yet ubiquitous browser feature: favicons.
In more detail, a website can track users across browsing sessions by storing a tracking identifier as a set of entries in the browser's dedicated favicon cache, where each entry corresponds to a specific subdomain.
In subsequent user visits the website can reconstruct the identifier by observing which favicons are requested by the browser while the user is automatically and rapidly redirected through a series of subdomains.
The caching of favicons in modern browsers exhibits several unique characteristics that render this tracking vector particularly powerful, as it is persistent, non-destructive, and even crosses the isolation of the incognito mode.
Clearing your cache, surfing behind a VPN, or using an ad-blocker won't stop a malicious favicon from tracking you.
News URL
https://www.schneier.com/blog/archives/2021/02/browser-tracking-using-favicons.html