brave-browser icon indicating copy to clipboard operation
brave-browser copied to clipboard
verified publisher icon brave

Favicon partitioning

Open arthuredelstein opened this issue 3 years ago • 1 comments

Problem Description

Test results from PrivacyTests.org indicate that the Brave iOS favicon cache can allow cross-site tracking: https://privacytests.org/ios.html

Feature Overview

By partitioning the favicon cache, Brave can prevent favicons from being used as a "supercookie" to track users across websites.

Design

Typically, cache partitioning is keyed to eTLD+1.

User Experience

There should be essentially no UX impact, expect a very small performance for loading of a favicon.

arthuredelstein avatar Aug 08 '22 21:08 arthuredelstein

These are the latest test results. image

For background: the favicon test loads from the same URL under different first-party domains. If the favicon is cached and the cache is not partitioned, then the favicon is not loaded under the second party domain. Lack of loading reveals that the favicon at the specified URL has been loaded before and cached, which is effectively a tracking vector.

arthuredelstein avatar Mar 03 '24 04:03 arthuredelstein