Desktop app icons - privacy issue?

All the icons of the installed apps shown on the Umbrel’s desktop are served from the web, specifically from the URL: Umbrel Apps Gallery<app_name>/icon.svg
Thus every single time your browser is fetching the desktop page, the official Umbrel’s web server is interrogated for each of the icons, allowing them to fingerprint you quite precisely. Not only they notice your IP address (=location), your browser, OS, list of the app installed on your Umbrel and how often you reload the desktop page, but also are able to gather much more sensitive data, depending on other factors.

The question arises, why is that? Why such a simple thing like apps icons on desktop can’t be served locally from my Umbrel instance itself, but instead their web server must be contacted for that? I can’t find any reasonable explanation except for simply spying on users. Prove me I’m wrong, please.

Astute observation. However, the images are from github.io which while not local, is a neutral location vs being hosted at umbrel.com.

GitHub.io hosts millions of static sites and assets, so an .svg file there is just a drop in the ocean. Fingerprinting typically relies on unique identifiers tied to a user’s device, browser, or behavior—think cookies, canvas rendering, or IP tracking—not a generic image file served from a public platform.

Hope that brings some peace.

image1920×1258 238 KB