According to a study, icons on websites continue to work even if you clear caches or switch to incognito mode.
Users use an alternative anti-tracking extension such as Privacy Badger on their internet browsers to avoid being tracked by the sites they visit, or resort to methods such as constantly clearing or blocking cookies. It is an undeniable fact that these have prevented being followed by websites for a long time. However, according to a new thesis, it has emerged that websites can easily defeat these forms of protection. It is possible to do this only by using the icons on the websites.
This newly learned tracking technique makes use of website icons that users display in browser tabs and bookmark lists. In a recently published article, researchers from the University of Illinois in Chicago stated that most web browsers; He said it caches images, site data, browsing history and in a different location than the directory that should be used to store cookies. Therefore, it has been determined that websites can exploit this difference by installing an unusual favicon in browsers. So how is this achieved with favicons?
Browsers save thumbnails of websites in a cache. Thus, when the same site is entered, they do not have to request the symbols from the server again and again. The cache containing the favicon is not deleted when the browser cookies are cleared. For example; When users visit a website for the first time, a certain favicon is cached, but some site owners who want to use it for their own purposes integrate various tracking identifiers at the base of this favicon cache and can easily track which sites users are using. The surprising thing is that traditional procedures to avoid tracking are not a solution to this problem.
According to experts, these icons are risky
In the published article, the researchers said, “In general, site icons, alias favicons; While they have long been considered a simple decorative resource supported by browsers to facilitate branding of websites, our study shows that they are a powerful tracking vector that poses a significant privacy threat to users. they wrote.
The article continues, “This user tracking flow, which we describe as an attack on privacy, can be easily implemented by any website without user approval and cannot prevent this attack, including anti-tracking extensions with cookies. Even worse, cached files cannot be properly isolated due to the unique behavior of browsers used by almost everyone today to cache in a specific directory. Therefore, even if a browser is in incognito mode, it becomes very simple to follow the user as that tab accesses the cache files in the same location.
Browsers affected by this vulnerability were identified as Chrome, Safari, Edge, and Brave, and the researchers contacted the developers and asked for action to be taken. Firefox is not affected by this vulnerability. A Google spokesperson said in a statement that the company was aware of the research and is working on a fix. In the meantime, it was stated that the findings mentioned by Apple were investigated.
If you want to be safe about tracking, you need to investigate methods to prevent your browser from using website icons until a valid solution is available.