Sites Have a Sneaky New Way to Track You Across the Web

This week saw the first known appearance of malware written specifically for Apple’s M1 processors, in inevitable but still somewhat concerning development, especially given how little time it took the bad guys to adjust to the new ARM-based architecture. Fortunately, this week Apple also put out its latest Platform Security Guide, which should help security researchers and companies protect against the latest and greatest macOS and iOS threats.

International hacking made the news this week as well. France tied Russia’s destructive Sandworm hackers to a campaign that exploited an IT monitoring tool from Centreon, a company based there. And the Department of Justice indicted three North Korean hackers this week, alleging their involvement in a sweeping series of heists and scams that includes the 2014 assault against Sony Pictures and attempted thefts totally $1.3 billion.

Elsewhere, we took a look at how to avoid phishing scams and how Parler got back online despite being cut off by the big tech companies. We published the latest installment of 2034, a novel that looks at a fictional future war with China that feels all too real. And you should set aside some time this weekend to read this excerpt from Nicole Perlroth’s This Is How They Tell Me the World Ends, which looks at the unlikely and previously untold origins of the market for so-called zero-day bugs.

And there’s more! Each week we round up all the news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.

To be extremely clear, the technique that we’re about to explain for sites to track you across the web—even if you clear your cache or use an incognito window—is one that researchers found, not necessarily one that sites are actually using, especially not at scale. (Then again, there’s not much these analytics companies won’t do.) The technique works by focusing on favicons, the little icon that your browser displays to represent the site you’re on. Because most browsers store those favicons separately from your browsing history and cookies, traditional means of avoiding tracking like using a private mode or clearing your cache don’t affect them. Which in turn means,…