'The prospect of Web users being tracked by the sites they visit has
prompted several countermeasures over the years, including using
Privacy Badger or an alternate anti-tracking extension, enabling
private or incognito browsing sessions, or clearing cookies. Now,
websites have a new way to defeat all three.
The technique leverages the use of favicons, the tiny icons that
websites display in users’ browser tabs and bookmark lists.
Researchers from the University of Illinois, Chicago said in a new
paper that most browsers cache the images in a location that’s
separate from the ones used to store site data, browsing history, and
cookies. Websites can abuse this arrangement by loading a series of
favicons on visitors’ browsers that uniquely identify them over an
extended period of time.
The attack works against Chrome, Safari, Edge, and until recently
Brave, which developed an effective countermeasure after receiving a
private report from the researchers. Firefox would also be susceptible
to the technique, but a bug prevents the attack from working at the
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 577-5304