search

brave / brave-browser

Brave browser for Android, iOS, Linux, macOS, Windows.
https://brave.com
Mozilla Public License 2.0
17.62k stars 2.29k forks source link

Favicon partitioning #36931

Open arthuredelstein opened 2 years ago

arthuredelstein commented 2 years ago

Problem Description

Test results from PrivacyTests.org indicate that the Brave iOS favicon cache can allow cross-site tracking: https://privacytests.org/ios.html

Feature Overview

By partitioning the favicon cache, Brave can prevent favicons from being used as a "supercookie" to track users across websites.

Design

Typically, cache partitioning is keyed to eTLD+1.

User Experience

There should be essentially no UX impact, expect a very small performance for loading of a favicon.

arthuredelstein commented 7 months ago

These are the latest test results. image

For background: the favicon test loads from the same URL under different first-party domains. If the favicon is cached and the cache is not partitioned, then the favicon is not loaded under the second party domain. Lack of loading reveals that the favicon at the specified URL has been loaded before and cached, which is effectively a tracking vector.