Cookies level up: they discover a method to track the user on the Internet by making use of favicons
The cookies for years they have been the resource of developers and advertisers to understand the user and their usage preferences. This, however, is becoming more and more complicated due to blocking by browsers or the option of users to choose not to be tracked. The solution? Alternative methods, some as ingenious as use a web favicon to track the user.
Google announced the end of cookies in Chrome, Firefox blocks them by default and Apple for its part is already blocking any type of tracking by cookies between websites on your devices. These changes cause that also alternatives are soughtSome are official by the companies and others not so much. In a new research published recently they have demonstrated a curious method to track the user: the icon of web pages.
The (seemingly harmless) icons on web pages
The favicons are the small icons of web pages that appear in the browser tabs, the favorites list or bookmarks for example. For example, the Xataka tab in the browser shows a green X similar to the full brand logo. These icons are intended to visually identify a website easier, but it is not the only job that can be given to them.
As published by software designer Jonas Strehle and GitHub with a proof of concept, it is possible use this icon to identify a user. Unlike traditional cookies, this method is not affected by using content blockers, VPN, incognito mode or preferences so as not to track the user.
Essentially what is done is take advantage of the favicon cache. By effect, the browser saves and stores the icon in a folder on the device when you first access the web page. With this, you do not have to download it again the next time you access the web and you only have to check if you already have it stored or not.
Based on the research, since the web server can check whether or not the favicon is stored in the user’s local folder … it can also know which web pages you visit and when. This is because with each visit to a page you can know if it has been previously there or if it is the first time, thus making a browsing history.
These seemingly harmless icons are further proof that ingenuity is one of the few limits in the world of software and security. Previously also We have seen how a third party can tell if you are browsing incognito or not just by looking at the data writing speed. Google for its part says that it already has an almost as efficient alternative.