Langa Letter: The Web-Bug Boondoggle - InformationWeek
05:30 PM
Fred Langa
Fred Langa
Faster, More Effective Response With Threat Intelligence & Orchestration Playboo
Aug 31, 2017
Finding ways to increase speed, accuracy, and efficiency when responding to threats should be the ...Read More>>

Langa Letter: The Web-Bug Boondoggle

Don't be suckered in by the latest security hysteria. "Web bugs" aren't the threat you fear they are.

Overall Privacy Is The Issue; Web Bugs Are Not
I said the fear fantasy "mostly evaporates" when you look closely at it. But it is true that a Web company that gets the right personal information from you, either directly or via collusion with another company, could learn a lot about you, if it wanted to invest the time and money.

So, isn't this a major new security problem? To analyze the risk, let's first establish a context by looking at non-Web, paper-based transactions.

If you order something via a paper catalog, the catalog company will know your name, address, and payment method. They'll know what you bought, and from that they can infer something about your other interests or needs. If the company wants to go to the expense and bother, it can determine your income, either by running a credit check or by using census data to see what the average income is for your zip code. It can (via a credit check) also see your banks and credit cards, your payment history, and what other companies you deal with. It can learn about your mortgage and car loans, and from that, how much you paid for your house and cars. It can get additional info from the Department of Motor Vehicles--or from any other public source of information. And, of course, the paper-catalog company can sell your name to other companies, who can perform the same kind of research. Again: if a paper-catalog company is willing to spend the time and money, it can find out a lot about you.

Now let's look at Web bugs. What's the very worst that can happen if you get involved with E-companies that gather and share your personal data? The very worst case is that you'll be no more exposed than you already are in your paper-based dealings.

Web bugs afford no additional risk beyond what has existed for many years in the paper-based world--and to me, that's where the problem really lies. The true solution to privacy invasion is in limiting the amount of personal information that any company--not just Web-based companies--can access and share.

Long-time readers know I take online security and privacy very, very seriously. But I don't regard Web bugs as a very serious matter at all. To sum it all up:

First, there's nothing inherently special about Web bugs, because exactly the same information can be obtained from any graphic or link.

Second, any kind of "tracking" or information sharing is fairly difficult to pull off, and requires your voluntary input of information. If you're careful with the information you give out, most of the Web-bug risk vanishes.

Third, even in the worst-case scenarios, your Web-bug privacy risk is about the same as what it already is with (for example) paper-catalog companies. Again, Web bugs pose no additional privacy risk.

Bottom line: Even if you use Bugnosis (or a similar tool) and you eliminate every Web bug you run into, you gain essentially nothing in terms of meaningful privacy. That's why I don't use Bugnosis or similar software; that's why I surf with cookies fully enabled. But I do check the privacy policies of all sites where I enter personal data, and I never enter more data that really is needed to complete the transaction. I'm similarly careful about the paper-based companies I deal with.

So, I rank Web bugs (and cookies) near the bottom of the pile of "things to worry about." You can use bug trackers and cookie trackers if you want to, but doing so is almost always a waste of effort.

What's your take? Does Fred have his head in the sand about Web bugs and cookies, or do you agree that the security risks are mostly overblown? Are Web bugs a central issue in online privacy, or--as Fred suggests--just a minor sideshow? Does your company's E-commerce site use Web bugs? If you use bug filters and "cookie crushers," have you encountered problems with them? Join in the discussion!

4 of 4
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Apprentice
5/16/2014 | 3:01:41 PM
Antibug software discovred
Web bug have some advantages and some disadvantages too. It helps the webmaster in order to keep the traffic records. But nowadays, technolohy is improving and everything would be possible by the use of technology in near future. gel fuel fireplaces
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll