First thing first, let's have a short brief on what a favicon is. If you are not from a technical background, you might be unaware of the term.
As many of us already know, a favicon is a tiny symbol of a website that appears on the top of the browser tab. For instance, a blue "f" for Facebook, a bird for Twitter, and many others. Generally, it helps in navigation when we have multiple tabs open in our browser.
According to recent research, these browser tab icons can lead to security vulnerabilities that can bypass the VPNs and incognito mode elements, to locate your device's address. That means, even if you use "Private Browsing," you are trackable.
German software designer, Mr. Jonas Strehle has found the tracking method which is named Supercookies.
Strehle explained the scenario:
"Supercookie uses favicons to assign a unique identifier to website visitors. Unlike traditional tracking methods, this ID can be stored almost persistently and cannot be easily cleared by the user,"
"The tracking method works even in the browser's incognito mode and is not cleared by flushing the cache, closing the browser or restarting the system, using a VPN or installing AdBlockers."
The researcher also mentioned that he got inspired by a research paper on the topic by University of Illinois at Chicago.
These favicons are easy to upload on every website, which is cached and stored in a local database in our devices— "F-cache."
This F-cache contains useful data of the user's browsing history. Whenever a user visits any webpage, the system saves the record here.
For demonstration, the researcher has created a website and traced an online user using the favicon. The researcher has also shared the source codes online with an explanation of how "Supercoookies" works.
According to the research, the tool can access data from private/incognito modes of Safari, Chrome, Firefox , and Edge browsers. Moreover, clearing the cache or deleting the history can't help you to get tracked.
Keep following ISOEH (Indian School of Ethical Hacking) for updated cyber security and IT news.
We are one of the reputed cyber security institutes in India assisting students with various cyber security courses (ethical hacking, ccna training, app development and others).