<div style="margin:20px 0 0 200px"> To view the site, enable JavaScript by changing your browser options, then <a href="">Try Again</a>.</div>
22 Feb, 2021
Beware! You Can Be Tracked With 'Favicons', Even In Incognito Mode!

First thing first, let's have a short brief on what a favicon is. If you are not from a technical background, you might be unaware of the term.

As many of us already know, a favicon is a tiny symbol of a website that appears on the top of the browser tab. For instance, a blue "f" for Facebook, a bird for Twitter, and many others. Generally, it helps in navigation when we have multiple tabs open in our browser.

So, what's wrong with these favicons?

According to recent research, these browser tab icons can lead to security vulnerabilities that can bypass the VPNs and incognito mode elements, to locate your device's address. That means, even if you use "Private Browsing," you are trackable.

German software designer, Mr. Jonas Strehle has found the tracking method which is named Supercookies.

Strehle explained the scenario:
"Supercookie uses favicons to assign a unique identifier to website visitors. Unlike traditional tracking methods, this ID can be stored almost persistently and cannot be easily cleared by the user,"

"The tracking method works even in the browser's incognito mode and is not cleared by flushing the cache, closing the browser or restarting the system, using a VPN or installing AdBlockers."

The researcher also mentioned that he got inspired by a research paper on the topic by University of Illinois at Chicago.

These favicons are easy to upload on every website, which is cached and stored in a local database in our devices— "F-cache."

This F-cache contains useful data of the user's browsing history. Whenever a user visits any webpage, the system saves the record here.

For demonstration, the researcher has created a website and traced an online user using the favicon. The researcher has also shared the source codes online with an explanation of how "Supercoookies" works.

According to the research, the tool can access data from private/incognito modes of Safari, Chrome, Firefox , and Edge browsers. Moreover, clearing the cache or deleting the history can't help you to get tracked.

Found this helpful?

Keep following ISOEH (Indian School of Ethical Hacking) for updated cyber security and IT news.

We are one of the reputed cyber security institutes in India assisting students with various cyber security courses (ethical hacking, ccna training, app development and others).

Follow us on Facebook and Twitter!

Read Other Breaking News

Read All Breaking News »

Exclusive Blog

Read All Exclusive Blog »
A few tips for the perfect homework
A few tips for the perfect homework

With world working from home, it's time to make it enjoyable and effective.

Read Details

Hacking Tools

Explore All Hacking Tools »
UFTP - UDP based FTP with encryption
UDP based FTP with encryption

UFTP is an encrypted multicast file transfer program for secure, reliable & efficient transfer of files. It also helps in data distribution over a satellite link.

Read Details