Tracking users with favicons, even in incognito mode

submitted by

github.com/jonasstrehle/supercookie

3
14
2

Log in to comment

Hot Top New Old

Ah, this one is an old github post. Firefox version 86 is mentioned in the table.

Back then Firefox wasn’t vulnerable due to a bug that caused the browser to always grab a new favicon even if it was cached.
Nowadays the Total Cookie Protection ensures that the websites are isolated and the favicon tracking fails.

 reply
22

2 years out of date

 reply
3

Comments in Privacy@lemmy.ml

Note that this is an issue from 2021. Firefox has implemented countermeasures since version 85, Chrome seems to have done the same.

So while this is definitely interesting, it shouldn‘t be an issue anymore.

 reply
40
edited

Yep. I just confirmed it.. restarting Firefox seems to make the ID in https://demo.supercookie.me/ change.
Thought as long as you keep Firefox session open the id will be the same.

I’m not sure if the links you reference are the whole story though, because they are talking about partitioning the cache per top-level domain, which I would expect wouldn’t have been enough, since the demo is specific to its top-level domain and it’s not necessarily about cross-domain id.

 reply
5

Thought as long as you keep Firefox session open the id will be the same.

makes mental note to shutdown firefox on mobile more often.

 reply
3
Insert image