supercookie • workwise
supercookie.me
external-link
Favicons as supercookies! Check out this cache-based fingerprinting method in our demonstration.

This idea may have already been discussed in regards to a recent release of Firefox addressing the issue, but it didn’t come up in my search.

A web server can draw conclusions about whether a browser has already loaded a favicon or not: So when the browser requests a web page, if the favicon is not in the local F-cache, another request for the favicon is made. If the icon already exists in the F-Cache, no further request is sent. By combining the state of delivered and not delivered favicons for specific URL paths for a browser, a unique pattern (identification number) can be assigned to the client. When the website is reloaded, the web server can reconstruct the identification number with the network requests sent by the client for the missing favicons and thus identify the browser.

From Firefox “Firefox 85 Cracks Down on Supercookies”

In fact, there are many different caches trackers can abuse to build supercookies. Firefox 85 partitions all of the following caches by the top-level site being visited: HTTP cache, image cache, favicon cache, HSTS cache, OCSP cache, style sheet cache, font cache, DNS cache, HTTP Authentication cache, Alt-Svc cache, and TLS certificate cache.

https://blog.mozilla.org/security/2021/01/26/supercookie-protections/

firefox

I’m not really sure but I think once Fission gets released plus using Temporary Containers then the issue will be worked out, if the release of v85.0 isn’t enough. Where is that table at the end from?

ufra
creator
link
fedilink
32 urte

Its down the page on the linked article: https://supercookie.me/workwise – I took a screenshot because they actually coded it.

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 3 users / day
  • 7 users / week
  • 44 users / month
  • 358 users / 6 months
  • 14 subscribers
  • 1.77K Posts
  • 8.41K Comments
  • Modlog