Favicon are they tracking you?

If Passbolt adds url icons in the grid, how does the Passbolt community feel it should be implemented?

Favicon’s seems to be the easiest answer… the article below from Ars Technica is interesting.

Does the Passbolt community have any ideas or thoughts on Favicons, how should Passbolt add url icons?

1 Like

For the first implementation of icon they will be hardcoded, like it is done in keepass (e.g with a number). If we add favicon, we’ll most likely do the pull from the client via the server (and maybe via another service served by passbolt that doesn’t track) and cache the results, and of course a feature flag to disable the behavior for people who don’t like this.

See. the specs for the first version (work in progress), @kevin has been working on it lately:

1 Like

Features like this really round out the experience. It’s great to see in the works!

After reading the Ars article, it seems the observed sneaky-site tracking method would not work if only the main site favicon was loaded.

TLDR: It requires coordination of numerous, persistent, not-for-display favicon files kept in a cache outside of the cache that users can clear via the browser’s Settings ui options.

@Duffman and I looked into where these files were kept and I changed my Firefox browser’s config setting for favicon caching. I haven’t noticed anything except maybe they are loaded each time on a general site visit. @kevin I looked thru the feature specs and I’m thinking if/when the times comes out would be preferable if the app ultimately pulled the favicon directly and then it was stored as an actual file versus a favicon link so there’s no calling out.

1 Like

I think the idea of using icons for the password is amazing, users will be able to find the password visually and faster. I was thinking not all sites provide Favicons and some users will not want to use the default provided list. Is there a way that Pro and CE users could add their own svg favicon. :crazy_face: As a CE user I don’t like suggesting it but maybe make adding custom svg icons a Pro only feature.

For the Passbolt cloud users maybe do something like the company Raivo, it has a place for user to add icons. Maybe Passbolt could do something like them that would add the icon to the Passbolt default list

1 Like

I use Aegis as a 2FA app on my android phone and icons are distributed as an extension pack in a zip file.

1 Like

That’s what we had in mind indeed (for a future iteration of the feature though, not for v1). We’ll pull the favicon and store it in a cache server side.


Thanks for the suggestion @Duffman :wink:

It’s something we have in mind. We are still unsure of the implementation but will propose something once the v1 of the feature is out.

I don’t think we’ll split this feature between CE and PRO though. The logic we are usually following is that whatever is related to productivity as an individual user or in small teams go to CE, and features related to scalability and compliance go to PRO. In our case, icons and even custom icons belong to the first category I’d say: productivity as an individual user or in small teams.


I really want this feature, I will totally switch to passbolt if I can put favicon/other icon (png but also svg), please also add the possibility to add light background colors (like keepass, small icon + background color)

Hello @neoteknic , welcome to the forum!
I think they are working on it because we saw it in some previews, so maybe in the next updates, we will have this feature available

Hello @neoteknic and welcome!
I confirm we are working on it. The first improvement will be implementing an icon set based on Keepass client icons:

Then we will add favicons an other improvements.