These tiny icons could be tracking you across the internet

You can’t clear these Supercookies

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The tiny icons that appear at the start ofbrowsertabs may be easy to ignore but they could be secretly tracking you across the internet.

That’s the opinion of German software designer Jonas Strehle, who has explored using favicons as part of a ‘Supercookie’ tracking method.

Perhaps most worrying of all, this method oftracking online userscould be used to track an individual’s movements regardless of whether they have employed abusiness-grade VPNsolution, are browsing in incognito mode, or adopting other online privacy methods.

“A web server can draw conclusions about whether a browser has already loaded a favicon or not: So when the browser requests a web page, if the favicon is not in the local F-cache, another request for the favicon is made,” Strehleexplained.

“If the icon already exists in the F-Cache, no further request is sent. By combining the state of delivered and not delivered favicons for specific URL paths for a browser, a unique pattern (identification number) can be assigned to the client. When the website is reloaded, the web server can reconstruct the identification number with the network requests sent by the client for the missing favicons and thus identify the browser.”

Privacy problems

Privacy problems

Fortunately, the tracking method examined by Strehle is just a proof-of-concept and no examples of the Supercookie mechanism have been discovered in the wild. Still, it demonstrates how the complexity that is now built into most modernweb browserscan be hijacked by threat actors.

Researchers from the University of Illinois have come to similar a conclusion as Strehle and argue that changes to browsers’ favicon caching behavior should be implemented as soon as possible to limit its tracking potential. Currently, because favicons must be made easily accessible to the browser they are stored in a separate local database, making them ideal pickings for rogue actors.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Although privacy is becoming more important to many organizations,employee monitoring appsare still used by some firms and as many asone in fivebusinesses have admitted to spying on employees while they work from home.

ViaVICE

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.

3 reasons why PIA fell in our best VPN rankings

Is it still worth using Proton VPN Free?

Quordle today – hints and answers for Saturday, November 9 (game #1020)