New browser-tracking hack works even when you flush caches or go incognito
Dan Goodin · news.movim.eu / ArsTechnica · Friday, 19 February, 2021 - 12:54
The prospect of Web users being tracked by the sites they visit has prompted several countermeasures over the years, including using Privacy Badger or an alternate anti-tracking extension, enabling private or incognito browsing sessions, or clearing cookies. Now, websites have a new way to defeat all three.
The technique leverages the use of favicons, the tiny icons that websites display in users’ browser tabs and bookmarks lists. Researchers from the University of Chicago said in a new paper that most browsers cache the images in a location that’s separate from the ones used to store site data, browsing history, and cookies. Websites can abuse this arrangement by loading a series of favicons on visitors’ browsers that uniquely identify them over an extended period of time.
Powerful tracking vector
“Overall, while favicons have long been considered a simple decorative resource supported by browsers to facilitate websites’ branding, our research demonstrates that they introduce a powerful tracking vector that poses a significant privacy threat to users,” the researchers wrote. They continued: