For the first implementation of icon they will be hardcoded, like it is done in keepass (e.g with a number). If we add favicon, we’ll most likely do the pull from the client via the server (and maybe via another service served by passbolt that doesn’t track) and cache the results, and of course a feature flag to disable the behavior for people who don’t like this.
See. the specs for the first version (work in progress), @kevin has been working on it lately:
Features like this really round out the experience. It’s great to see in the works!
After reading the Ars article, it seems the observed sneaky-site tracking method would not work if only the main site favicon was loaded.
TLDR: It requires coordination of numerous, persistent, not-for-display favicon files kept in a cache outside of the cache that users can clear via the browser’s Settings ui options.
@Duffman and I looked into where these files were kept and I changed my Firefox browser’s config setting for favicon caching. I haven’t noticed anything except maybe they are loaded each time on a general site visit. @kevin I looked thru the feature specs and I’m thinking if/when the times comes out would be preferable if the app ultimately pulled the favicon directly and then it was stored as an actual file versus a favicon link so there’s no calling out.
I think the idea of using icons for the password is amazing, users will be able to find the password visually and faster. I was thinking not all sites provide Favicons and some users will not want to use the default provided list. Is there a way that Pro and CE users could add their own svg favicon. As a CE user I don’t like suggesting it but maybe make adding custom svg icons a Pro only feature.
For the Passbolt cloud users maybe do something like the company Raivo, it has a place for user to add icons. Maybe Passbolt could do something like them that would add the icon to the Passbolt default list
It’s something we have in mind. We are still unsure of the implementation but will propose something once the v1 of the feature is out.
I don’t think we’ll split this feature between CE and PRO though. The logic we are usually following is that whatever is related to productivity as an individual user or in small teams go to CE, and features related to scalability and compliance go to PRO. In our case, icons and even custom icons belong to the first category I’d say: productivity as an individual user or in small teams.