Posted on X by Tom Dörr Tracks users with favicons, even in incognito mode

Tracks Users with Favicons, Even in Incognito Mode

Overview

Favicons, the small icons displayed next to website URLs, can be repurposed as "supercookies" to track users across the internet. These trackers persist even in incognito mode because they are not deleted when browsing history is cleared. By leveraging favicon data and browser caching mechanisms, trackers can uniquely identify devices and monitor user activity covertly.

Technical Analysis

Favicons are typically static images loaded by websites, but malicious actors can modify them to embed tracking codes or unique identifiers. This technique exploits browser caching behaviors, where favicons are stored locally and accessed repeatedly without being cleared during incognito sessions [Result 4]. For instance, researchers have demonstrated how favicon data can be used to generate persistent identifiers that function similarly to cookies, enabling cross-site tracking [Result 3].

The process involves modifying the favicon.ico file on a website's server to include unique pixel variations or metadata. When the user visits the site, their browser caches this modified favicon, creating a consistent identifier across sessions. This method bypasses privacy protections designed for traditional cookies, making it an effective tool for covert surveillance [Result 1].

Implementation Details

• Favicon.ico File: The primary mechanism for embedding tracking data in favicons. Websites can alter the favicon's appearance or metadata to encode unique identifiers [Results 3 and 4].
• Browser Caching: Favicons are stored in browser caches, allowing trackers to re-fetch them across sessions without user consent [Result 2].
• Supercookies: These are cookies that persist beyond normal cookie expiration, leveraging favicon data to maintain tracking even in incognito mode [Results 1 and 5].

Related Technologies

This tracking method connects to broader browser fingerprinting techniques, where unique device attributes (e.g., screen resolution, font installations) are combined with identifiers like favicons to create detailed user profiles. Such techniques are often used alongside traditional cookies and ad trackers to enhance targeting precision [Result 4].

Key Takeaways

• [Favicons can act as supercookies, persisting in incognito mode due to browser caching mechanisms. [Results 1, 2, and 5]]
• [Trackers exploit favicon data to generate unique device identifiers, enabling cross-site tracking without cookies. [Results 3 and 4]]
• [Users are often unaware of this tracking method, as it operates covertly through standard browser functionality. [Result 1]]

Further Research

Further Reading

• How a Tiny Favicon Can Track You Everywhere Online: The Invisible Tracker
• Tracking Users with Favicons in Incognito Mode: Techaiverse Article
• Browser Fingerprinting via Favicon: GitHub Repository
• Persistent Tracking Using Favicons and Caches: PDF Paper
• Favicons as Undeletable Supercookies for Tracking: Vice Article