Langa Letter: The Web-Bug Boondoggle
Don't be suckered in by the latest security hysteria. "Web bugs" aren't the threat you fear they are.
Many readers have asked about Web bugs--tiny, invisible graphics (usually 1-by-1 transparent GIFs)--ever since the "Bugnosis" antibug software became available.
For example, reader Larry Kamin wrote:
- Why Rational Development Solutions for Power?
- 2012 IBM Chief Information Security Officer Assessment
I recently downloaded and installed a little tracking aide that spots 1-by-1 Web bugs to aid in tracking you. It is from "The Privacy Foundation" and can be found at Bugnosis.org. Perhaps you could make others aware of this valuable little tool. It's available free.
I believe the Privacy Foundation means well, and its intent with Bugnosis is honorable. But I also believe the Bugnosis site generates more heat than light about Web bugs. It may do more harm than good by obscuring larger issues. In fact, I think fear about Web bugs--like fear about cookies--is often a form of mass hysteria, and way out of proportion to any real risk.
What Exactly Is A Web Bug?
Here's Bugnosis' own definition of Web bugs and the threat they pose:
A Web bug is a graphic on a Web page or in an E-mail message designed to monitor who is reading the page or message. Web bugs are often invisible because they are typically only 1-by-1 pixels in size. In many cases, Web bugs are placed on Web pages by third parties interested in collecting data about visitors to those pages.
What information does a Web bug send to a server?
- The IP address of the computer that fetched the Web bug
- The URL of the page that the Web bug is located on
- The URL of the Web bug image, which contains the information to be communicated between the Web page visited and the site collecting the data
- The time the Web bug was viewed
- The type of browser that fetched the Web-bug image
- A previously set cookie value
Although this doesn't seem like much, these items can be used to spread information between multiple Web sites.
Sounds bad, right? In fact, you'll see lots of talk on Web sites about how Web bugs can be used to "track" users, or as Bugnosis says, to "monitor who is reading a page or a message." These usually appear on the pages of sites that want to sell you products and services (although Bugnosis is free).
To which I say: Baloney.