News
Commentary
6/21/2001
05:30 PM
Fred Langa
Fred Langa
Commentary
50%
50%

Langa Letter: The Web-Bug Boondoggle

Don't be suckered in by the latest security hysteria. "Web bugs" aren't the threat you fear they are.

In most cases, Web bugs are nothing more than a simple counting mechanism that involves no tracking of any personal user information whatsoever. They're used most often in banner ads, placed there by the advertiser. The bug is an HTML or script snippet that calls an invisible graphic from the advertiser's own Web server at the same time as the rest of the ad is displayed. The bug's purpose is to enable the advertiser to verify that the ad was seen/delivered the number of times the Web site owner says it was. If the site owner claims far more hits than were registered by the bug, the advertiser knows something is fishy with the counts.

As such, a Web bug is usually no more evil than the rubber tubes that highway engineers stretch across roadways to count cars, or a turnstile in a public space designed to count how many people enter or leave.

What's more, any graphic--any graphic at all--can be used as a Web bug; almost any link can be used as a Web bug. Any time a text or graphic is called from any Web server, the server can collect all the information mentioned in the Bugnosis quote above, and more. Web bugs have no special powers or abilities. They're just static GIFs, and they're usually invisible for no reason other than to make them unobtrusive.

On the face of it, it's silly to focus on Web bugs as nefarious evil things when they provide no information that can't be given by another graphic or link.

The Cookie Connection
In a way, the Web-bug hysteria is similar to the bad rap that cookies got several years ago, when millions of people panicked because cookies were "tracking" them from site to site and "sending the collected information to spammers." A lot of companies made a lot of money--and still do--selling anticookie software to prevent this evil, covert tracking.

Of course, the great cookie scare turned out to be almost entirely groundless. Cookies are just static text files (you can open any cookie with NotePad or your favorite text editor), and they normally record prosaic information such as "this person already saw ad number X from us today, don't show him the same one again." Or: "Here's a returning visitor who's previously logged in. Instead of asking for her password again, use the password stored in this private cookie."

Most cookies are not only benign; they're helpful. But because they normally use space-saving codes (example: a "1" might mean "returning visitor who's previously registered"), they seem mysterious, and thus cause some people to freak out.

Likewise, Web bugs are unknown, invisible, and mysterious, so they must be evil, right?

A second time: Baloney.

Yes, The Dark Side Is There
Can cookies and Web bugs be used for evil intent? Sure. Almost any technology can be subverted. But it's rather difficult for a site to do harm using a Web bug.

Let's look at the worst-case scenario, where a Web bug could be used to send personal information about you from one site to another. The Bugnosis site describes it this way, and it sounds terrifying:

Companies use Web bugs to ... transfer previously input personally identifiable information (name, address, phone number, E-mail address, etc.) about visitors of a Web site to an Internet marketing company. This information is typically used for online profiling purposes. It also can be combined with other offline demographic data such as household income, number of family members, type(s) of car(s) owned, mortgage balance, etc.

But note the first key phrase: "previously input." There's no way for a Web bug (or a cookie) to scour your system for information you don't intend to reveal, and then secretly send that stolen info to some outside source.

For anything like the above worst-case scenario to happen, you would have to voluntarily provide sensitive personal information to an evil site in the first place. If you don't do so, the site has nothing to share with anyone. The Bugnosis fear fantasy collapses and the Web bug is just like any other Web graphic or link. It carries zero--that's zero, zip, nada, zilch--additional security risk. Your "hit" from a Web bug is just one more anonymous data point in the server logs. Big deal.

Previous
2 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ShahA411
50%
50%
ShahA411,
User Rank: Apprentice
5/16/2014 | 3:01:41 PM
Antibug software discovred
Web bug have some advantages and some disadvantages too. It helps the webmaster in order to keep the traffic records. But nowadays, technolohy is improving and everything would be possible by the use of technology in near future. gel fuel fireplaces
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.