Favicon functionality misuse for ad tracking

The ad tech world seems to have figured out some ways of misusing the browser’s favicon functionality, and it’s important that you know this.

Favicon is the icon you see in browser tabs, site recommendations and more. They make it easy to recognise your tabs and switch. Now, this feature has got the attention of people who would rather use it to bypass the user’s tracking preferences!

Favicon stores the image of a visited site in a perpetual cache. It is different from the browser cache as even if the customer clears the visited history cache, this remains.

Currently, through some workaround, the ad tech folks can track site visits and then in subsequent site visits, browser tracking / fingerprinting protections seem to have been bypassed.

Browsers will need to address this issue and treat this as a vulnerability in their safety process. Brave has already updated their browser.

Consent frameworks stand ignored, and that in itself is a significant safety issue. #SafetyCX

Do see the research paper and related coverage for more insights.