Modern web browsers like Google Chrome, Safari, and Edge allow its users to surf the internet via incognito mode in order to prevent them from being tracked. The private mode is expected to flush all cookies, browsing history and cache data, as soon as users close the browser window.
However, a new security research conducted by the University of Illinois, in Chicago came up with a method to track Internet users even if they clear cookies and browsing cache.
According to security researchers, websites can use favicons to identify and track the users’ data, even if the user enables incognito mode, clears all browser cache and cookies, or even installs an Adblocker.
But, what are favicons and how are they being used to track your data? Here’s everything you need to know.
What Are Favicons?
Favicons are the little icons present at the start of every browser tab. It is a logo for the website you opened. These are found in the address bar of the browsers and in the bookmarks or tabs. For instance, Facebook uses a bold ‘F’ logo, Twitter uses the little ‘blue bird’, and Google uses bold ‘G’.
These small icons are cached by the browser and are stored separately from other cached data such as website HTML files, images, etc. The research suggests browsers detect and store favicons automatically.
How Are Favicons Used to Track your Data?
According to the researchers, favicons can be used to track data through the fonts you use, extensions you have downloaded in the browser, screen resolution and even your software version.
However, a single favicon cannot store this much of information. Therefore, researchers have explained that multiple favicons are used by a single website to track this information.
These third party websites redirects through multiple sub domains to save several favicons in the cache. Each favicon holds a particular set of data. The data set obtained is then combined to form a single unit of data which can be used to identify any user, and this methodology is termed as ‘Supercookies’.
All It Takes Is Two Seconds
The research further suggests that the number of redirections would depend on the traffic the website holds. In order to track 4.5 billion users, a website would ideally require 32 redirections which delays the final page loading time to 2 seconds only.
Are Browsers Aware of This Hack?
A Google spokesperson confirmed about being aware of the research, and stated that it is working on a fix, reported Arstechnica.
Meanwhile, Apple’s Safari is still looking into the findings of the research. However, Mozilla’s Firefox browser is immune to this hack, due to a bug reported in the browser. But researchers have said that once the bug is fixed, this type of tracking might be accessible on Firefox too.
How to Stay Safe?
While the researchers have recommended that the browsers should rethink about the way they handle caching of favicons, there are no fixes to this issue yet, as favicon caches are strong enough to surpass VPN and Adblockers.
You can only get rid of favicons by disabling them from your browser. Here’s how to disable favicons in Chrome:
- Open Google Chrome
- Search for ‘No Favicon Extension’ in the browser.
- Once the extension page appears, click on ‘Add to Chrome’ button located on the top right corner of the screen
- Install the extension.
- From now onwards, Google Chrome will not store or display any favicons. However, any previously opened site will still display original favicons. Clear your web history so that favicons are disabled.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)