Tracking users with favicons, even in incognito mode

A demo called “supercookie” claims it can tag you with a near-permanent ID using the tiny tab icons (favicons) — even in incognito — shrugging off cache clears, VPNs, and ad blockers. Cue the comment section chaos. Half the crowd screamed “we’ve been tracked by pixels all along,” while others yelled “the demo is broken!” One user says they keep seeing the Ars Technica icon show up on Reddit, fueling a “Safari has been weird forever” chorus. Another got stuck in an endless redirect on Safari iOS, sparking a wave of “is this real or just a buggy proof-of-concept?” Meanwhile, a Firefox user reported different IDs in normal vs incognito, which undercuts the headline claim and ignites a mini flame war about browser behavior. A pragmatist chimed in: “Does it work if you disable favicons?” and suddenly everybody’s debating if turning off the cute little icons is the 2025 privacy hack. The repo’s GitHub says it’s for education only and nods to a University of Illinois Chicago paper and a heise article — but commenters grumbled that the attack details are thin and a link is dead, which dialed up the skepticism. Meme time: “Incognito is just wearing sunglasses,” “F-Cache stands for Forever Cache,” and “16×16 spies are watching.” The vibe: intrigued, annoyed, and very ready to blame browsers.