These tiny icons could be tracking you across the internet

News
By published

You can't clear these Supercookies

Privacy
(Image credit: Shutterstock / Valery Brozhinsky)

The tiny icons that appear at the start of browser tabs may be easy to ignore but they could be secretly tracking you across the internet. 

That’s the opinion of German software designer Jonas Strehle, who has explored using favicons as part of a 'Supercookie' tracking method.

Perhaps most worrying of all, this method of tracking online users could be used to track an individual’s movements regardless of whether they have employed a business-grade VPN solution, are browsing in incognito mode, or adopting other online privacy methods.

“A web server can draw conclusions about whether a browser has already loaded a favicon or not: So when the browser requests a web page, if the favicon is not in the local F-cache, another request for the favicon is made,” Strehle explained.

“If the icon already exists in the F-Cache, no further request is sent. By combining the state of delivered and not delivered favicons for specific URL paths for a browser, a unique pattern (identification number) can be assigned to the client. When the website is reloaded, the web server can reconstruct the identification number with the network requests sent by the client for the missing favicons and thus identify the browser.”

Privacy problems

Fortunately, the tracking method examined by Strehle is just a proof-of-concept and no examples of the Supercookie mechanism have been discovered in the wild. Still, it demonstrates how the complexity that is now built into most modern web browsers can be hijacked by threat actors.

Researchers from the University of Illinois have come to similar a conclusion as Strehle and argue that changes to browsers’ favicon caching behavior should be implemented as soon as possible to limit its tracking potential. Currently, because favicons must be made easily accessible to the browser they are stored in a separate local database, making them ideal pickings for rogue actors.

Although privacy is becoming more important to many organizations, employee monitoring apps are still used by some firms and as many as one in five businesses have admitted to spying on employees while they work from home.

Via VICE

Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Digital clouds against a blue background.

Navigating the growing complexities of the cloud
See more latest
Most Popular
AMD Ryzen 9950X
I analyzed 25 AMD Zen 4 and Zen 5 CPUs and the Ryzen 9 9900X is the best of them all right now: Here’s why
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.
Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Google Gemini AI
Gemini can now see your screen and judge your tabs
iFi iDSD Valkyrie in gold, on a beige desk
iFi's iDSD Valkyrie DAC wants to guide your music to the great hall of Valhalla
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now