{"id":13425185,"url":"https://github.com/jonasstrehle/supercookie","last_synced_at":"2025-05-14T19:06:12.763Z","repository":{"id":38261221,"uuid":"332757634","full_name":"jonasstrehle/supercookie","owner":"jonasstrehle","description":"⚠️ Browser fingerprinting via favicon!","archived":false,"fork":false,"pushed_at":"2023-05-02T13:02:18.000Z","size":22593,"stargazers_count":4636,"open_issues_count":15,"forks_count":262,"subscribers_count":68,"default_branch":"main","last_synced_at":"2025-04-06T08:09:42.042Z","etag":null,"topics":["browser","browser-fingerprint","browser-fingerprinting","chrome","cookie","edge","express","favicon","fingerprint","firefox","html","identification","javascript","nodejs","privacy","safari","security","supercookie","tracking","typescript"],"latest_commit_sha":null,"homepage":"https://supercookie.me","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jonasstrehle.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null},"funding":{"github":["jonasstrehle"],"patreon":"unyt","open_collective":null,"ko_fi":"jonasstrehle","tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":["https://www.buymeacoffee.com/jonasstrehle"]}},"created_at":"2021-01-25T13:33:24.000Z","updated_at":"2025-04-05T12:01:50.000Z","dependencies_parsed_at":"2024-01-06T01:05:23.228Z","dependency_job_id":null,"html_url":"https://github.com/jonasstrehle/supercookie","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonasstrehle%2Fsupercookie","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonasstrehle%2Fsupercookie/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonasstrehle%2Fsupercookie/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonasstrehle%2Fsupercookie/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jonasstrehle","download_url":"https://codeload.github.com/jonasstrehle/supercookie/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248710405,"owners_count":21149185,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["browser","browser-fingerprint","browser-fingerprinting","chrome","cookie","edge","express","favicon","fingerprint","firefox","html","identification","javascript","nodejs","privacy","safari","security","supercookie","tracking","typescript"],"created_at":"2024-07-31T00:01:06.834Z","updated_at":"2025-04-13T11:46:03.164Z","avatar_url":"https://github.com/jonasstrehle.png","language":"HTML","funding_links":["https://github.com/sponsors/jonasstrehle","https://patreon.com/unyt","https://ko-fi.com/jonasstrehle","https://www.buymeacoffee.com/jonasstrehle"],"categories":["HarmonyOS","HTML","Packages","express","Libraries \u0026 Projects"],"sub_categories":["Windows Manager","Index"],"readme":"\u003cp align=\"center\"\u003e\r\n  \u003ca href=\"https://supercookie.me\"\u003e\r\n    \u003cimg src=\"http://supercookie.me/favicon.ico\" alt=\"supercookie\" width=\"100\" /\u003e\r\n  \u003c/a\u003e\r\n\u003c/p\u003e\r\n\u003cp align=\"center\"\u003e\r\n  \u003ca href=\"https://supercookie.me/workwise\"\u003e\r\n    \u003cimg src=\"https://img.shields.io/badge/Docs-supercookie.me-blue\" alt=\"Documentation\"\u003e\r\n  \u003c/a\u003e\r\n\u003c/p\u003e\r\n\u003cp align=\"center\"\u003e\r\n  \u003ca href=\"https://supercookie.me\"\u003e\r\n    \u003cimg src=\"https://img.shields.io/website?down_message=down\u0026up_color=green\u0026up_message=online\u0026url=https%3A%2F%2Fsupercookie.me\" alt=\"Website Status\"\u003e\r\n  \u003c/a\u003e\r\n  \u003ca href=\"https://github.com/jonasstrehle/supercookie\"\u003e\r\n    \u003cimg src=\"https://img.shields.io/github/license/jonasstrehle/supercookie\" alt=\"License\"\u003e\r\n  \u003c/a\u003e\r\n\u003c/p\u003e\r\n\u003cp align=\"center\"\u003e\r\n  \u003ca href=\"https://supercookie.me\"\u003e\r\n    \u003cimg src=\"https://img.shields.io/badge/dynamic/json?label=Fingerprints\u0026query=index\u0026url=https://supercookie.me/api\u0026color=yellow\" alt=\"Fingerprint index\"\u003e\r\n  \u003c/a\u003e\r\n  \u003ca href=\"https://supercookie.me\"\u003e\r\n    \u003cimg src=\"https://img.shields.io/badge/dynamic/json?label=Current%20redirects\u0026query=bits\u0026url=https://supercookie.me/api\u0026color=yellow\" alt=\"N Redirects\"\u003e\r\n  \u003c/a\u003e\r\n\u003c/p\u003e\r\n\r\n\r\n**Supercookie** uses favicons to assign a unique identifier to website visitors.\u003cbr\u003e\r\nUnlike traditional tracking methods, this ID can be stored almost persistently and cannot be easily cleared by the user.\r\n\r\nThe tracking method works even in the browser's incognito mode and is not cleared by flushing the cache, closing the browser or restarting the operating system, using a VPN or installing AdBlockers. 🍿 [Live demo](https://supercookie.me).\r\n\r\n## About\r\n\r\n### 💭 Inspiration\r\n\r\n- Paper by Scientists at University of Illinois, Chicago: [www.cs.uic.edu](https://www.cs.uic.edu/~polakis/papers/solomos-ndss21.pdf)\r\n- Article by heise: [heise.de](https://heise.de/-5027814) \r\n\r\n### 🌱 Purpose\r\n\r\nThis repository is for **educational** and **demonstration purposes** only!\r\n\r\nThe demo of \"supercookie\" as well as the publication of the source code of this repository is intended to draw attention to the problem of tracking possibilities using favicons.\r\n\r\n📕 [Full documentation](https://supercookie.me/workwise)\r\n\r\n## Installation\r\n\r\n### 🔧 Docker\r\n**requirements**: \r\n\u003cimg src=\"https://www.docker.com/wp-content/uploads/2022/03/vertical-logo-monochromatic.png\" width=\"12\"\u003e [Docker daemon](https://docs.docker.com/get-docker/)\r\n\r\n1. Clone repository\r\n```bash\r\ngit clone https://github.com/jonasstrehle/supercookie\r\n```\r\n\r\n2. Update .env file in [supercookie/server/.env](https://github.com/jonasstrehle/supercookie/blob/main/server/.env)\r\n```env\r\nHOST_MAIN=yourdomain.com #or localhost:10080\r\nPORT_MAIN=10080\r\n\r\nHOST_DEMO=demo.yourdomain.com #or localhost:10081\r\nPORT_DEMO=10081\r\n```\r\n\r\n3. Run container\r\n```bash\r\ncd supercookie/server\r\ndocker-compose up\r\n```\r\n\r\n-\u003e Webserver will be running at https://yourdomain.com\r\n\r\n\r\n\r\n### 🤖 Local machine\r\n**requirements**: \r\n\u003cimg src=\"https://seeklogo.com/images/N/nodejs-logo-FBE122E377-seeklogo.com.png\" width=\"12\"\u003e [Node.js](https://nodejs.org/)\r\n\r\n1. Clone repository\r\n```bash\r\ngit clone https://github.com/jonasstrehle/supercookie\r\n```\r\n\r\n2. Update .env file in [supercookie/server/.env](https://github.com/jonasstrehle/supercookie/blob/main/server/.env)\r\n```env\r\nHOST_MAIN=localhost:10080\r\nPORT_MAIN=10080\r\n\r\nHOST_DEMO=localhost:10081\r\nPORT_DEMO=10081\r\n```\r\n\r\n3. Run service\r\n```bash\r\ncd supercookie/server\r\nnode --experimental-json-modules main.js\r\n```\r\n\r\n-\u003e Webserver will be running at http://localhost:10080\r\n\r\n\r\n## Workwise of [supercookie](https://supercookie.me/workwise)\r\n\r\n\r\n### [📖 Background](https://supercookie.me/workwise#content-background)\r\n\r\nModern browsers offer a wide range of features to improve and simplify the user experience.\r\nOne of these features are the so-called favicons: A favicon is a small (usually 16×16 or 32×32 pixels) logo used by web browsers to brand a website in a recognizable way. Favicons are usually shown by most browsers in the address bar and next to the page's name in a list of bookmarks.\r\n\r\nTo serve a favicon on their website, a developer has to include an \u003clink rel\u003e attribute in the webpage’s header. If this tag does exist, the browser requests the icon from the predefined source and if the server response contains an valid icon file that can be properly rendered this icon is displayed by the browser. In any other case, a blank favicon is shown.\r\n\r\n```html\r\n\u003clink rel=\"icon\" href=\"/favicon.ico\" type=\"image/x-icon\"\u003e\r\n```\r\n\r\nThe favicons must be made very easily accessible by the browser. Therefore, they are cached in a separate local database on the system, called the favicon cache (F-Cache). A F-Cache data entries includes the visited URL (subdomain, domain, route, URL paramter), the favicon ID and the time to live (TTL).\r\nWhile this provides web developers the ability to delineate parts of their website using a wide variety of icons for individual routes and subdomains, it also leads to a possible tracking scenario.\r\n\r\nWhen a user visits a website, the browser checks if a favicon is needed by looking up the source of the shortcut icon link reference of the requested webpage.\r\nThe browser initialy checks the local F-cache for an entry containing the URL of the active website. If a favicon entry exists, the icon will be loaded from the cache and then displayed. However, if there is no entry, for example because no favicon has ever been loaded under this particular domain, or the data in the cache is out of date, the browser makes a GET request to the server to load the site's favicon.\r\n\r\n\r\n### [💣 Threat Model](https://supercookie.me/workwise#content-threat-model)\r\n\r\nIn the article a possible threat model is explained that allows to assign a unique identifier to each browser in order to draw conclusions about the user and to be able to identify this user even in case of applied anti-fingerprint measures, such as the use of a VPN, deletion of cookies, deletion of the browser cache or manipulation of the client header information.\r\n\r\nA web server can draw conclusions about whether a browser has already loaded a favicon or not:\r\nSo when the browser requests a web page, if the favicon is not in the local F-cache, another request for the favicon is made. If the icon already exists in the F-Cache, no further request is sent.\r\nBy combining the state of delivered and not delivered favicons for specific URL paths for a browser, a unique pattern (identification number) can be assigned to the client.\r\nWhen the website is reloaded, the web server can reconstruct the identification number with the network requests sent by the client for the missing favicons and thus identify the browser.\r\n\r\n\r\n\r\n\r\n\u003cp align=\"center\"\u003e\r\n  \u003ca href=\"https://supercookie.me\"\u003e\r\n    \u003cimg src=\"https://supercookie.me/assets/header.png\" alt=\"Supercookie Header\" width=\"600\" /\u003e\r\n  \u003c/a\u003e\r\n\u003c/p\u003e\r\n\r\n\u003ctable\u003e\r\n  \u003cthead\u003e\r\n    \u003ctr\u003e\r\n      \u003cth\u003e\u003c/th\u003e\r\n      \u003cth align=\"center\"\u003e\u003cimg width=\"350\" height=\"0\"\u003e \u003cp\u003econventional cookies\u003c/p\u003e\u003c/th\u003e\r\n      \u003cth align=\"center\"\u003e\u003cimg width=\"350\" height=\"0\"\u003e \u003cp\u003esupercookie\u003c/p\u003e\u003c/th\u003e\r\n    \u003c/tr\u003e\r\n  \u003c/thead\u003e\r\n  \u003ctbody\u003e\r\n    \u003ctr\u003e\r\n      \u003ctd\u003eIdentification accuracy\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e-\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e100%\u003c/td\u003e\r\n    \u003c/tr\u003e\r\n    \u003ctr\u003e\r\n      \u003ctd\u003eIncognito / Private mode detection\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e❌\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n    \u003c/tr\u003e\r\n    \u003ctr\u003e\r\n      \u003ctd\u003ePersistent after flushed website cache and cookies\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e❌\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n    \u003c/tr\u003e\r\n    \u003ctr\u003e\r\n      \u003ctd\u003eIdentify multiple windows\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e❌\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n    \u003c/tr\u003e\r\n    \u003ctr\u003e\r\n      \u003ctd\u003eWorking with Anti-Tracking SW\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e❌\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n    \u003c/tr\u003e\r\n  \u003c/tbody\u003e\r\n\u003c/table\u003e\r\n\r\n\r\n### [🎯 Target](https://supercookie.me/workwise#content-target)\r\n\r\nIt looks like all top browsers (\u003cimg src=\"https://www.google.com/favicon.ico\" width=\"12\"\u003e [Chrome](https://google.com/chrome/), \u003cimg src=\"https://www.mozilla.org/favicon.ico\" width=\"12\"\u003e [Firefox](https://www.mozilla.org/en-US/firefox/new/), \u003cimg src=\"https://www.apple.com/favicon.ico\" width=\"12\"\u003e [Safari](https://www.apple.com/safari/), \u003cimg src=\"https://www.microsoft.com/favicon.ico\" width=\"12\"\u003e [Edge](https://www.microsoft.com/edge/)) are vulnerable to this attack scenario.\u003cbr\u003e\r\nMobile browsers are also affected.\r\n\r\n#### Current versions\r\n\r\n\u003ctable\u003e\r\n  \u003cthead\u003e\r\n    \u003ctr\u003e\r\n      \u003cth align=\"center\"\u003e\u003cp\u003eBrowser\u003c/p\u003e\u003c/th\u003e\r\n      \u003cth align=\"center\"\u003e\u003cp\u003eWindows\u003c/p\u003e\u003c/th\u003e\r\n      \u003cth align=\"center\"\u003e\u003cp\u003eMacOS\u003c/p\u003e\u003c/th\u003e\r\n      \u003cth align=\"center\"\u003e\u003cp\u003eLinux\u003c/p\u003e\u003c/th\u003e\r\n      \u003cth align=\"center\"\u003e\u003cp\u003eiOS\u003c/p\u003e\u003c/th\u003e\r\n      \u003cth align=\"center\"\u003e\u003cp\u003eAndroid\u003c/p\u003e\u003c/th\u003e\r\n      \u003cth align=\"center\"\u003e\u003ci\u003eInfo\u003c/i\u003e\u003c/th\u003e\r\n    \u003c/tr\u003e\r\n  \u003c/thead\u003e\r\n  \u003ctbody\u003e\r\n    \u003ctr\u003e\r\n        \u003ctd\u003eChrome \u003cem\u003e(v 111.0)\u003c/em\u003e\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e?\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n        \u003ctd\u003e-\u003c/td\u003e\r\n    \u003c/tr\u003e\r\n    \u003ctr\u003e\r\n        \u003ctd\u003eSafari \u003cem\u003e(v 14.0)\u003c/em\u003e\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e-\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e-\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e-\u003c/td\u003e\r\n        \u003ctd\u003e-\u003c/td\u003e\r\n    \u003c/tr\u003e\r\n    \u003ctr\u003e\r\n        \u003ctd\u003eEdge \u003cem\u003e(v 87.0)\u003c/em\u003e\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e❌\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e❌\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n        \u003ctd\u003e-\u003c/td\u003e\r\n    \u003c/tr\u003e\r\n    \u003ctr\u003e\r\n        \u003ctd\u003eFirefox \u003cem\u003e(v 86.0)\u003c/em\u003e\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e❌\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e❌\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e❌\u003c/td\u003e\r\n        \u003ctd\u003eFingerprint different in incognito mode\u003c/td\u003e\r\n    \u003c/tr\u003e\r\n    \u003ctr\u003e\r\n        \u003ctd\u003eBrave \u003cem\u003e(v 1.19.92)\u003c/em\u003e\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e❌\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e❌\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e❌\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e❔\u003c/td\u003e\r\n        \u003ctd align=\"center\"\u003e❌\u003c/td\u003e\r\n        \u003ctd\u003e-\u003c/td\u003e\r\n    \u003c/tr\u003e\r\n  \u003c/tbody\u003e\r\n\u003c/table\u003e\r\n\r\n\r\n#### Previous versions\r\n\r\n\u003ctable\u003e\r\n  \u003cthead\u003e\r\n    \u003ctr\u003e\r\n      \u003cth align=\"center\"\u003e\u003cp\u003eBrowser\u003c/p\u003e\u003c/th\u003e\r\n      \u003cth align=\"center\"\u003e\u003cp\u003eWindows\u003c/p\u003e\u003c/th\u003e\r\n      \u003cth align=\"center\"\u003e\u003cp\u003eMacOS\u003c/p\u003e\u003c/th\u003e\r\n      \u003cth align=\"center\"\u003e\u003cp\u003eLinux\u003c/p\u003e\u003c/th\u003e\r\n      \u003cth align=\"center\"\u003e\u003cp\u003eiOS\u003c/p\u003e\u003c/th\u003e\r\n      \u003cth align=\"center\"\u003e\u003cp\u003eAndroid\u003c/p\u003e\u003c/th\u003e\r\n      \u003cth align=\"center\"\u003e\u003ci\u003eInfo\u003c/i\u003e\u003c/th\u003e\r\n    \u003c/tr\u003e\r\n  \u003c/thead\u003e\r\n  \u003ctbody\u003e\r\n    \u003ctr\u003e\r\n      \u003ctd\u003e\u003cb\u003eBrave\u003c/b\u003e (v 1.14.0)\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n      \u003ctd\u003e-\u003c/td\u003e\r\n    \u003c/tr\u003e\r\n    \u003ctr\u003e\r\n      \u003ctd\u003e\u003cb\u003eFirefox\u003c/b\u003e (\u0026lt; v 84.0)\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e❔\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e❌\u003c/td\u003e\r\n      \u003ctd align=\"center\"\u003e✅\u003c/td\u003e\r\n      \u003ctd\u003e-\u003c/td\u003e\r\n    \u003c/tr\u003e\r\n  \u003c/tbody\u003e\r\n\u003c/table\u003e\r\n\r\n\r\n### [⚙ Scalability \u0026 Performance](https://supercookie.me/workwise#content-scalability-performance)\r\n\r\nBy varying the number of bits that corresponds to the number of redirects to subpaths, this attack can be scaled almost arbitrarily.\r\nIt can distinguish 2^N unique users, where N is the number of redirects on the client side.\r\nThe time taken for the read and write operation increases as the number of distinguishable clients does.\r\n\u003cbr\u003e\r\nIn order to keep the number of redirects as minimal as possible, N can have a dynamic length. \r\nMore about this [here](https://supercookie.me/workwise#content-scalability-performance).\r\n\r\n### [📌How to defend against?](https://supercookie.me/workwise)\r\n\r\nThe most straightforward solution is to disable the favicon cache completely. As long as the browser vendors do not provide a feature against this vulnerability it's probably the best way to clear the F-cache.\r\n\r\n* [Chrome](https://www.google.com/chrome/) • **MacOS**\u003cbr\u003e\r\n  - Delete `~/Library/Application Support/Google/Chrome/Default/Favicons`\r\n  - Delete `~/Library/Application Support/Google/Chrome/Default/Favicons-journal`\r\n\r\n* [Chrome](https://www.google.com/chrome/) • **Windows**\u003cbr\u003e\r\n  - Delete `C:\\Users\\username\\AppData\\Local\\Google\\Chrome\\User Data\\Default`\r\n\r\n* [Safari](https://www.apple.com/safari/) • **MacOS**\u003cbr\u003e\r\n  - Delete content of `~/Library/Safari/Favicon Cache`\r\n\r\n* [Edge](https://www.microsoft.com/edge) • **MacOS**\u003cbr\u003e\r\n  - Delete `~/Library/Application Support/Microsoft Edge/Default/Favicon`\r\n  - Delete `~/Library/Application Support/Microsoft Edge/Default/Favicons-journal`\r\n\r\n## Other\r\n\r\n### [🙎‍♂️ About me](https://jonas.strehles.info)\r\n\r\nI am a twenty year old student from 🇩🇪 Germany. I like to work in software design and development and have an interest in the IT security domain.\r\n\r\nThis repository, including the setup of a demonstration portal, was created within two days as part of a private research project on the topic of \"Tracking on the Web\".\r\n\r\n\r\n### [💖 Support the project](https://ko-fi.com/jonasstrehle)\r\n\r\n[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/jonasstrehle)\r\n\r\n## Spread the world!\r\n\r\nLiked the project? Just give it a star ⭐ and spread the world!\r\n\r\n* [Bruce Schneier on schneier.com](https://www.schneier.com/crypto-gram/archives/2021/0315.html#cg5)\r\n* [Matthew Gault on vice.com](https://www.vice.com/amp/en/article/n7v5y7/browser-favicons-can-be-used-as-undeletable-supercookies-to-track-you-online?__twitter_impression=true)\r\n* [Rhett Jones on gizmodo.com](https://gizmodo.com/favicons-could-be-the-supercookie-that-tracks-you-every-1846229089/)\r\n* [Dev Kundaliyaon on computing.co.uk](https://www.computing.co.uk/news/4027035/tiny-favicons-utilised-track-users-movements-online)\r\n* [Barclay Ballard on techradar.com](https://www.techradar.com/news/these-tiny-icons-could-be-tracking-you-across-the-internet)\r\n* [Discussion on ycombinator.com](https://news.ycombinator.com/item?id=26051370)\r\n* 🇩🇪 [Andreas Proschofsky on derstandard.de](https://www.derstandard.de/story/2000124123751/supercookies-datensammler-finden-immer-neue-wege-die-nutzer-auszuspionieren)\r\n* 🇩🇪 [Dieter Petereit on t3n.de](https://t3n.de/news/tracking-id-favicons-supercookie-1355514/)\r\n* 🇪🇸 [ALVY on microsiervos.com](https://www.microsiervos.com/archivo/seguridad/supercookie-me-identificador-personal-imborrable-icono-favicon.html)\r\n* 🇧🇷 [Felipe Demartini on canaltech.com.br](https://canaltech.com.br/seguranca/favicons-podem-ser-usados-para-rastrear-usuarios-online-permanentemente-178834/)\r\n* 🇧🇬 [Daniel Despodov on kaldata.com](https://www.kaldata.com/it-%D0%BD%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8/%D0%BD%D0%BE%D0%B2-%D0%BC%D0%B5%D1%82%D0%BE%D0%B4-%D0%B7%D0%B0-%D0%B8%D0%B4%D0%B5%D0%BD%D1%82%D0%B8%D1%84%D0%B8%D0%BA%D0%B0%D1%86%D0%B8%D1%8F-%D0%BD%D0%B0-%D0%BA%D0%BE%D0%BD%D0%BA%D1%80%D0%B5%D1%82-355279.html)\r\n* 🇫🇷 [Guillaume Belfiore on clubic.com](https://www.clubic.com/navigateur-internet/actualite-353236-publicite-les-favicons-des-sites-web-pourraient-se-montrer-un-peu-trop-curieux.html)\r\n* 🇨🇳 [study875 on cnbeta.com](https://www.cnbeta.com/articles/tech/1089095.htm)\r\n* 🇷🇺 [ITSumma on habr.com](https://habr.com/ru/company/itsumma/blog/542734/)\r\n* 🇷🇺 [securitylab.ru](https://www.securitylab.ru/news/516436.php)\r\n* \u003cimg src=\"https://youtube.com/favicon.ico\" width=\"20\"\u003e [Seytonic on YouTube](https://youtu.be/X7OW5hTt5hY)\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjonasstrehle%2Fsupercookie","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjonasstrehle%2Fsupercookie","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjonasstrehle%2Fsupercookie/lists"}