Their demo manages to do 36 of them. Perhaps the limit only applies to server side redirects

Don’t browsers stop redirecting after a certain number? I think there’s literally an error code in chromium for too many redirects 

WeAreAllSatoshi

devs

supercookie: ⚠️ Browser fingerprinting via favicon - jonasstrehle

Scoresby

The attack requires `floor(log2(id))+1` redirects where `id` is a numerical identifier. 

They have a chart [here](https://supercookie.me/workwise) which expresses the feasibility in terms of how many seconds it takes to perform the redirects required for generating ids in ranges of a certain size.

![](https://m.stacker.news/117913)

If someone were to use this attack at scale, they would probably pair it with some other kind of [browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint), because this is basically another, expensive but precise, method of fingerprinting.

If your browser redirects you more than a few times when you visit a website, I don't know what would make you stay/return.