Since certain individuals with higher threat models may need to avoid ‘leaking’ vault data via website icon fetching, allowing users to globally deactivate this behavior is important.
If not possible, then at least allow users to do this for the web vault which cannot be deactivated permanently if users do not store cookies.
Agreed. An alternative (and maybe preferrable) solution would be to make the default state for the “Show Website Icons” option be disabled (for all new installations, and for all new instances of the Web Vault app).
Currently, it is not possible to prevent this data leak from occurring at least once every time that one installs and syncs a new client app or extension, or whenever one logs in to the Web Vault.
Having the option to disable “Show Website Icons” is not really meaningful, as it is impossible to fully disable this function.