Follow

"Browser favicons can be used as supercookies to track you"
by Matthew Gault (Vice).

The various supercookie implementations out there are always an interesting source of unintended ways to fingerprint or persist data. Usually followed by browsers mitigating those. The favicon hack is... something else though. Wow.

vice.com/en/article/n7v5y7/bro

Background:
supercookie.me/workwise

Prior art:
github.com/samyk/evercookie

@krinkle A non-humble opinioin: favicons that don't fit into a kilobyte or two of text are too big, are not worth the cost and overhead, and should never be used.

Ones that do fit in that amount of space, should be provided with data: URLs.

@krinkle Huh. So that weird browser behavior I noticed with fav icons years ago is a vulnerability. Neat.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!