aa9e70659a
* Staging: Vault Mgmt (#380) * Commit #1 - Updated Master Password article, and removed old versions (w/ redirects) - Repurposed Account Encryption Key Article - Moved Fingerprint Phrase article - Requisite re-ordering of security articles - Change "Account Mgmt" title to "Your Vault" - Slight change to "Import & Export" category title * - Managing Items - Favorites & Folders (+images) - Sync & Search (+images) - Import Export title change - Clarification re: Login v. Lock in "Field Guide to Two-step Login" - Clarifiation re: Org Invite Expiry in managing-users.md - New link to Acct. Encryption Key in encrypted-export.md * Commit #3 -Custom Fields - URIs (+ images) - File Attachments - VH Reports - Required re-ordering * Commit #4 -BWDC Login recommendation -VH Reports images - Added Two-step FAQs, Import FAQs - FAQ Nav Item depricated, targetting FAQs for each category are now the last article within respective categories * Commit #5 -Edit & move Account/Org Deletion Article -config.yml to re-order global nav -encrypted export update * General FAQs (preliminary edits) * Features > Misc. * return forgot-master-password.md & downstream order changes * delete account warning * fixed link
2.6 KiB
layout, title, categories, featured, popular, tags, order
| layout | title | categories | featured | popular | tags | order | ||||
|---|---|---|---|---|---|---|---|---|---|---|
| article | Privacy when using Website Icons |
|
false | false |
|
09 |
Bitwarden does not collect any information when you download icons for website logins stored in your Bitwarden vault.
Using Website Icons
When Bitwarden displays a login item associated with a website in your Vault (determined by the URI field), it attempts to accompany it with a graphical "website icon".
Website icons help you to easily identify particular logins in your Vault by recognizable iconography, usually represented by a logo or brand image of that website. The Bitwarden icons server provides the delivery endpoint for these website icons.
If you are using website icons on a device, Bitwarden will issue requests to icons.bitwarden.net for each item of type "Login" in your Vault that has a URI that resembles a website (ex. google.com or https://google.com, but not google or http://localhost).
Bitwarden's icons server is fronted with a CDN that caches the icons on Cloudflare's edge nodes all around the world. Subsequent requests to the same icon will likely hit CDN caches instead of the icons server directly. Your requests may never actually hit Bitwarden's icons server because another Bitwarden user with the same website in their Vault requested the icon before you.
Privacy Concerns
Because a request for an icon image contains the hostname of the website stored in your vault, it is important to understand that this feature will "leak" otherwise cryptographically protected information to Bitwarden servers and/or CDN endpoints. An example of a icon request looks like the following:
https://icons.bitwarden.net/google.com/icon.png
The icon server endpoints do not log or collect any information regarding icon image requests. However, this is something you would have to take our word for since we have no way to demonstrate this publicly other than reviewing our open source codebase.
Disabling Website Icons
We understand that certain privacy-minded users may not want to use website icons. We provide the option to disable website icons on all Bitwarden client applications:
- Web vault: Settings → Options → Disable Website Icons
- Browser extension: Settings → Options → Disable Website Icons
- Mobile app: Settings → Options → Disable Website Icons
- Desktop app: Settings → Options → Disable Website Icons
When website icons are disabled, Bitwarden will opt to display a generic, locally accessed icon instead ({% icon fa-globe %}) for all login items stored in your vault.