I Stored a Website in a Favicon

Original Article ↗ Hacker News Discussion ↗

Technical approaches to favicon storage

  • Several commenters explore encoding HTML directly in favicon pixels and decoding via JavaScript, similar to the article’s approach.
  • Others propose using SVG favicons and simply embedding markup or HTML inside the SVG, then fetching and injecting it into the page.
  • Suggestions include bespoke compression schemes for HTML tags to pack more content into limited pixels.
  • ICO format’s support for multiple resolutions is noted as a way to store more data.

Alternative carriers and polyglots

  • PNG comment chunks (tEXt, zTXt, iTXt) are mentioned as an easier way to stash arbitrary data in an otherwise normal image.
  • Ideas extend to animated GIFs, SVG embedding raster images, and even putting the whole site in an SVG <foreignObject>.
  • Some cite earlier polyglot tricks where a single file is valid HTML and PNG (and sometimes ZIP/PDF), eliminating the need for a separate loader.

Security, privacy, and tracking

  • Multiple comments highlight favicon caches as a fingerprinting / supercookie vector, especially if shared across normal and private browsing.
  • One idea is to encode unique session IDs or cookies in per-user favicons to evade standard cookie clearing.
  • People ask whether browsers and anti‑fingerprinting measures address favicon + canvas abuses; status of fixes is unclear.

Performance, caching, and browser behavior

  • Browser favicon caching is seen as both a challenge (stale data) and an opportunity (streaming data by rotating favicons).
  • Some discuss tricks with content negotiation so the same URL serves as both HTML and favicon, or symlink-based hacks on static hosting.
  • Past bugs with “unbounded” favicons that crashed browsers are referenced.

Use cases and practicality

  • Many treat this as a fun, impractical hack that makes the web more interesting.
  • Speculative uses include covert storage (passwords, data exfiltration), censorship workarounds, or “new ecosystems” built on hiding data in unexpected places.
  • Others question real-world value, especially when privacy tools already block parts of the setup.

Meta: writing style and AI debate

  • A substantial subthread debates whether the article text is LLM‑generated.
  • Some find the terse, bullet‑heavy style “AI‑like” and off‑putting; others find it clear and time‑respectful.
  • There is disagreement over the reliability of AI‑detection tools and concern that people over-attribute writing to LLMs.