Pretty cool tbh!!! Would have loved seeing the decoder code!!!

It's also pretty interesting to think how an attacker could exploit images on his behalf. Never thought that would be a way!!!

Thanks!

▲

schobi 4 hours ago | parent [-]

I guess the decoder is more than the 208 bytes that this page uses..

But maybe you can misuse this and store a session ID / cookie in a favicon (give everyone a unique one) and survive some cookie cleanup and evade privacy restrictions?

Maybe you can still make it that the favicon looks like an image a little to not raise suspicion?

Favicons seem to be cached across private browsing sessions. Oh no

	▲	RetroTechie an hour ago \| parent [-]
		I'm tempted to think that only someone working for a company in the advertising industry could come up with that. Must EVERYTHING be polluted by ad tech & privacy intrusions?