Since certain individuals with higher threat models may need to avoid ‘leaking’ vault data via website icon fetching, allowing users to globally deactivate this behavior is important.
If not possible, then at least allow users to do this for the web vault which cannot be deactivated permanently if users do not store cookies.
Agreed. An alternative (and maybe preferrable) solution would be to make the default state for the “Show Website Icons” option be disabled (for all new installations, and for all new instances of the Web Vault app).
Currently, it is not possible to prevent this data leak from occurring at least once every time that one installs and syncs a new client app or extension, or whenever one logs in to the Web Vault.
Having the option to disable “Show Website Icons” is not really meaningful, as it is impossible to fully disable this function.
I use a cookie deleting extension that allows one to exempt specific websites.
Since this is a privacy thing, I think it makes no sense to have the setting mixed across the UIs (apps, web UI), i.e., enabled in some and disabled in others. So IMO it’s best make it a global setting and remove the current per-UI settings. And I like Disabled as a default setting.
Hello,
It would be great if the web vault could work similarly to the Bitwarden apps and allow users to disable website favicons fetching before logging into their web vaults.
This adds an extra layer of privacy and also feature parity.
Thanks
@gleefulaxis Welcome to the forum! I moved your post into this existing Feature Request thread, on a similar topic.
Here are two other Feature Request threads, proposing alternative approaches that would also solve the problem with favicons being fetched when logging in to the Web Vault:
Wait a minute, the favicons are not stored directly inside the vault when the entry is created?
With the last price increase we have a lot more storage on our hands for each vault, why not put it to some use?
Favicons are not in the export, so I presume they are not stored “directly inside the vault”, either.
Do note that icons do not actually come from the website in question; Bitwarden maintains a global cache. This help page explains how they work: Data Privacy for Website Icons | Bitwarden
…unless the icon is not found in the server cache.