News
Commentary
6/21/2001
05:30 PM
Fred Langa
Fred Langa
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Langa Letter: The Web-Bug Boondoggle

Don't be suckered in by the latest security hysteria. "Web bugs" aren't the threat you fear they are.

In most cases, Web bugs are nothing more than a simple counting mechanism that involves no tracking of any personal user information whatsoever. They're used most often in banner ads, placed there by the advertiser. The bug is an HTML or script snippet that calls an invisible graphic from the advertiser's own Web server at the same time as the rest of the ad is displayed. The bug's purpose is to enable the advertiser to verify that the ad was seen/delivered the number of times the Web site owner says it was. If the site owner claims far more hits than were registered by the bug, the advertiser knows something is fishy with the counts.

As such, a Web bug is usually no more evil than the rubber tubes that highway engineers stretch across roadways to count cars, or a turnstile in a public space designed to count how many people enter or leave.

What's more, any graphic--any graphic at all--can be used as a Web bug; almost any link can be used as a Web bug. Any time a text or graphic is called from any Web server, the server can collect all the information mentioned in the Bugnosis quote above, and more. Web bugs have no special powers or abilities. They're just static GIFs, and they're usually invisible for no reason other than to make them unobtrusive.

On the face of it, it's silly to focus on Web bugs as nefarious evil things when they provide no information that can't be given by another graphic or link.

The Cookie Connection
In a way, the Web-bug hysteria is similar to the bad rap that cookies got several years ago, when millions of people panicked because cookies were "tracking" them from site to site and "sending the collected information to spammers." A lot of companies made a lot of money--and still do--selling anticookie software to prevent this evil, covert tracking.

Of course, the great cookie scare turned out to be almost entirely groundless. Cookies are just static text files (you can open any cookie with NotePad or your favorite text editor), and they normally record prosaic information such as "this person already saw ad number X from us today, don't show him the same one again." Or: "Here's a returning visitor who's previously logged in. Instead of asking for her password again, use the password stored in this private cookie."

Most cookies are not only benign; they're helpful. But because they normally use space-saving codes (example: a "1" might mean "returning visitor who's previously registered"), they seem mysterious, and thus cause some people to freak out.

Likewise, Web bugs are unknown, invisible, and mysterious, so they must be evil, right?

A second time: Baloney.

Yes, The Dark Side Is There
Can cookies and Web bugs be used for evil intent? Sure. Almost any technology can be subverted. But it's rather difficult for a site to do harm using a Web bug.

Let's look at the worst-case scenario, where a Web bug could be used to send personal information about you from one site to another. The Bugnosis site describes it this way, and it sounds terrifying:

Companies use Web bugs to ... transfer previously input personally identifiable information (name, address, phone number, E-mail address, etc.) about visitors of a Web site to an Internet marketing company. This information is typically used for online profiling purposes. It also can be combined with other offline demographic data such as household income, number of family members, type(s) of car(s) owned, mortgage balance, etc.

But note the first key phrase: "previously input." There's no way for a Web bug (or a cookie) to scour your system for information you don't intend to reveal, and then secretly send that stolen info to some outside source.

For anything like the above worst-case scenario to happen, you would have to voluntarily provide sensitive personal information to an evil site in the first place. If you don't do so, the site has nothing to share with anyone. The Bugnosis fear fantasy collapses and the Web bug is just like any other Web graphic or link. It carries zero--that's zero, zip, nada, zilch--additional security risk. Your "hit" from a Web bug is just one more anonymous data point in the server logs. Big deal.

Previous
2 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ShahA411
50%
50%
ShahA411,
User Rank: Apprentice
5/16/2014 | 3:01:41 PM
Antibug software discovred
Web bug have some advantages and some disadvantages too. It helps the webmaster in order to keep the traffic records. But nowadays, technolohy is improving and everything would be possible by the use of technology in near future. gel fuel fireplaces
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.