A group of researchers from the University of Illinois at Chicago recently published a research report titled "Favorite and Cache Tales: Persistent Tracking in Modern Browsers." It turns out that third parties can use the caching feature of the Favicons-enabled Safari browser to identify and track users. Even if the user switches to incognito mode, installs an ad blocking mechanism or even clears the cache, it does not help.
Favicon is an abbreviation for the "Favorite" icon. This belongs to the web page icon. This is a web page icon developed by website operators. When a user opens a tab in the browser, a favicon icon appears on the tab.
The researchers noted that the caching function of modern browsers has a cache dedicated to Favicons. This is not an HTTP cache. Thus, no changes will occur even if the user deletes the browser cache, history or data. In addition, it failed to incognito properly, and the retention period was one year.
Therefore, the researchers developed a completely new tracking mechanism. It uses the characteristics of Favicons in combination with many browser "fingerprint" attributes. This allows the website to generate a 32-bit tracking ID within 2 seconds.
This tracking mechanism can defeat the tracking protection of all modern browsers that use the Favicons cache, including Chrome, Safari, and even Brave. Even if the user clears the cache, installs an ad blocker extension, and restarts the system, he cannot prevent this mechanism from being tracked. As for Firefox, the researchers said they accidentally discovered a bug in Firefox during testing that caused the attack to fail. However, we believe that once Firefox fixes the bug, it will be able to successfully track Firefox users.
The researchers suggest that browsers should change the way they cache their icons to prevent such tracking. Browser operators also received research results.