On the Internet there are many techniques that allow users to be tracked. We already know that our personal data has great value on the Internet and that it can be targeted by third parties for profit. In this article we echo a method that could be used for this. These are favicons , which can be used to track users. Keep in mind that these small icons are present in most modern browsers.
Browser favicons are used to track
A group of security researchers from the University of Illinois has discovered a new method that allows them to track users while browsing. For this, they use favicons, the small icons that are in most browsers and that correspond to the logo of a web page, for example.
Favicons are useful for users when browsing the Internet . If we have many tabs open, what we will see in the browser is the small icon that corresponds to a website. Today most have one. So we can identify them correctly.
Now, according to this group of security researchers, these favicons can also be used to track users. This can occur beyond the current session, even clearing all cookies and data from the browsing cache.
These small icons can be seen in the address bar, in each of the tabs that we have open. They will also appear in bookmarks, when you save a site for later viewing. It is a form of identification, to facilitate the visualization and better find the pages.
They are cached by the browser, but stored independently of other cached items, such as HTML files or site images. This means that when users clear the cache, they can delete these stored files but the favicons are still there. They persist during the different browsing sessions, erasing data and can be accessible even when entering private mode.
A single favicon is not enough
A single favicon is not enough to identify users based on it, but the researchers discovered a way to cache multiple favicons of these little icons. The site performs a series of redirects through various subdomains to cache several different favicons. Each saved favicon creates its own cache entry, and all together can be used to identify users as long as enough favicons are saved.
These redirects happen without the user having to interact. The researchers tested this attack against the Chromium-based browsers Google Chrome, Brave, Safari, and Microsoft Edge, and found that all of them were vulnerable to the attack.
They also performed the attack in Firefox, but found a bug that prevented the browser from reading the cached favicon entries. Once repaired, Firefox is likely vulnerable to attack as well.
They stated that it is possible to avoid this problem, but it is up to the browsers themselves to address them. At the moment, although it is a technique that has not been proven to be used, they could track users through the favicons. We leave you an article with tips to improve privacy on the network.