💾 Archived View for windle.io › logs › 20042021-favicontracking.gmi captured on 2021-11-30 at 20:18:30. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
So, there I am browsing the internet in search of a specific topic I don't remember what, but, what I do remember is coming across an article that peaked my interests.
The article was about how the favicon (the little icon that shows in the tabs of your web browser) can be used to track you, while reading the article I found affected browsers are Safari, Chrome (and variants including Edge) use something called the F-Cache, this way of tracking you have no known way of being stopped, so, popular blockers like Privacy Badger, Ad-block or any of the other blockers out there are ineffective! You might think to yourself well that's alright, I use a VPN or I use incognito mode, sorry to be the bearer of bad news, it doesn't matter, even if you clear out all browsing history and cookies, the F-cache is still around, the only way is to delete it by hand.
Websites can exploit the new favicon side channel by sending visitors through a series of subdomains—each with its own favicon—before delivering them to the page they requested. The number of redirections required varies depending on the number of unique visitors a site has. To be able to track 4.5 billion unique browsers, a website would need 32 redirections, since each redirection translates to 1 bit of entropy. That would add about 2 seconds to the time it takes for the final page to load. With tweaks, websites can reduce the delay.
You're right I didn't, this is because Firefox doesn't use the F-Cache like Chrome & Safari. I'm not sure what Firefox uses, but I'm sure I could find out. Mozilla hasn't said if this is a bug or a feature that they simply forgot to tell people about.
Use Brave, which has recently introduced countermeasures to help prevent this kind of tracking or use Firefox, that's the short answer. The long answer you'd need to duckduckgo how to disable favicon's for your browser, or you could simply wait until Google and co fix the bug that allows this kind of tracking to happen.
How long this will take for Microsoft, Google or the Chromium project to implement a preventative countermeasure like Brave recently has done is anyone's guess.
I mean, you could and if you're reading this, then I guess you already know. Stop using HTTP internet for your everyday browsing needs and carry on using Gemini, there are lots of cool pages (some of which I've linked on the homepage) and a wealth of information waiting for you to consume without the usual goings-on of ads, tracking, etc, etc that has become the norm of today's WWW.
Just another reason to stop using the HTTP internet and use Gemini instead.