Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Browser ‘Favicons’ Can Be Used as Undeletable ‘Supercookies’ to Track You Online

Vice: “Favicons are one of those things that basically every website uses but no one thinks about. When you’ve got 100 tabs open, the little icon at the start of every browser tab provides a logo for the window you’ve opened. Twitter uses the little blue bird, Gmail is a red mail icon, and Wikipedia is the bold W. It’s a convenient shorthand that lets us all navigate our impossible tab situation.  According to a researcher, though, these icons can also be a security vulnerability that could let websites track your movement and bypass VPNs, incognito browsing status, and other traditional methods of cloaking your movement online. The tracking method is called a Supercookie, and it’s the work of German software designer Jonas Strehle.  “Supercookie uses favicons to assign a unique identifier to website visitors. Unlike traditional tracking methods, this ID can be stored almost persistently and cannot be easily cleared by the user,” Strehle said on his Github. “The tracking method works even in the browser’s incognito mode and is not cleared by flushing the cache, closing the browser or restarting the system, using a VPN or installing AdBlockers. Strehle’s Github explained that he became interested in the idea of using favicons to track users after reading a research paper on the topic from the University of Illinois at Chicago…”


Sorry, comments are closed for this post.