I Stored a Website in a Favicon

Posted by theanonymousone 13 hours ago

I Stored a Website in a Favicon(www.timwehrle.de)

260 points | 90 commentspage 2

divvsaxena 4 hours ago|

This is one of those projects that's completely impractical but makes the web more interesting. I love seeing people explore weird constraints just to see what's possible.

tetrisgm 10 hours ago||

Love it. Did you see the old effort to store the page in the url? https://github.com/jstrieb/urlpages

purple-leafy 9 hours ago|

That’s awesome. I took this a bit further a few years ago making a url only notepad quine that as you add data to it, creates itself. that can be saved as a bookmarklet. Have to watch the gif to understand

https://github.com/con-dog/serverless-architecture

berkes 10 hours ago||

I'd imagine the (aggressive) caching of the favicon by browsers makes it a challenge, but you could generate the favicon dynamically, then have JS extract the sequentially. Basically streaming arbitraily large content to a webpage via favicons. Via blocks of 239 bytes.

It may be a fun, novel way to proxy webpages that are otherwise blocked. Though, i guess, the service rendering the favicons can just as easily be blocked then.

Gabrys1 7 hours ago||

Have an index.html that's also (byte-to-byte equal) served as favicon.ico. If that page "works" and the favicon doesn't show garbage, it is a website stored in a favicon (by my standards).

herodoturtle 9 hours ago||

How long before someone ports DOOM into a favicon? ^_^

(For the technical gurus here, would that even be possible?)

shakna 9 hours ago||

You can already play it in a favicon [0].

But as favicons can be svgs, and let you store foreign objects... You could store the whole thing in the favicon, but might also need a line of JS to extract it.

[0] https://vidferris.github.io/FaviconDoom/

drob518 3 hours ago||

3… 2… 1…

titularcomment 9 hours ago||

Painful read.

Related interesting project: https://github.com/EtherDream/web2img

brtkwr 8 hours ago||

Hmm this is cool but what are the practical use cases?

It didn’t load first time round on my browser (Brave) without disabling its prevent tracking feature…

MomsAVoxell 8 hours ago|

Practical use cases for stashing data in places people least expect it?

Wallet password.

New ecosystem for the kids.

That's two, at least.

momoraul 8 hours ago||

The browser already asks for the favicon on every page. Might as well put it to work.

franze 7 hours ago||

also https://pong-in-a-favicon.franzai.com/ for further favicon (mis)use

franze 6 hours ago|

and the obvious Doom Example https://vidferris.github.io/FaviconDoom/favicondoom.html

superjose 13 hours ago|

Pretty cool tbh!!! Would have loved seeing the decoder code!!!

It's also pretty interesting to think how an attacker could exploit images on his behalf. Never thought that would be a way!!!

Thanks!

schobi 12 hours ago|

I guess the decoder is more than the 208 bytes that this page uses..

But maybe you can misuse this and store a session ID / cookie in a favicon (give everyone a unique one) and survive some cookie cleanup and evade privacy restrictions?

Maybe you can still make it that the favicon looks like an image a little to not raise suspicion?

Favicons seem to be cached across private browsing sessions. Oh no

RetroTechie 9 hours ago||

I'm tempted to think that only someone working for a company in the advertising industry could come up with that.

Must EVERYTHING be polluted by ad tech & privacy intrusions?

More comments...