I've long been annoyed by firefox's refusal to let the user change, or indeed have much influence at all, on the favicons used for bookmarked sites. If one uses "firefox sync" to set up a new computer, the bookmarks toolbar starts with all the icons set to the generic default, and with the toolbar set up with icons only it's unusable. And sometimes the favicon is just wrong or missing and the only fix is to delete the entire database that controls them and use an add-on (one such is "Checkmarks") to provoke sites to resend the favicon; with mixed results. My google maps icon has been wrong for several years. Too many are round blue and white circles, or are red and white, so I'd like to change them. I think browser developers see web designers as their customers, not the users.

Maybe this privacy problem will give users control over more visual elements. Web designers seem to obsess over looks and branding and seem to hate it if users can change things.

This is what Bruce Schneier has to say about it.
Most comments are (as usual there) interesting.

Yes, it's the comments that get into it, with some making some of my points in more depth, supporting details, and more coherently.

Sent from my VFD 822 using Tapatalk

In the comment section of Bruce's article is a link to a page which describes a method to stop favicons in FireFox. It mentions three items in about:config which should be turned to false. I am running 86.0 and it is missing the "browser.chrome.favicons" setting, so I added it and set it to false.
Right now my browser is not showing any favicons.

Thanks for that link, Don!

But FF is immune to this particular thing , due to a bug with favicons, correct?
At least this is a theoretical method, at the moment.
The browser security battle of course goes on,...,

I'm not sure. The "bug" was reported a year ago here, but the tracking problem wasn't mentioned until one month ago. They categorized it as a bug in the 73 Branch. Immune? Some are reporting caching failures and others are not. In the bug report one primary developer noted:
So I'm taking the safe route by switch off the two favicon settings in my 86 Branch and adding the 3rd one and turning it off as well.

BTW, I recently upgraded FF to the 86.0 branch. It handles cooking using "Total Cookie Protection". Each cookie is put into its own "cookie jar" and no vendor can access any other jar, even other jars they created at another website.



As weapon development usually goes, every new defense is met with a stronger attack weapon.