Web Bugs

A web bug is a small, usually invisible, graphic added to a web page, email message or other web-aware document. These graphic images are used by companies to get statistics on who is looking at documents.

These bugs are invisible because they are generally a 1 by 1 pixel graphic image. Thus they load fast and cannot be seen (unless they are a different color than the page on which they reside).

An example of a web bug is shown below.

<img src="http://www.commission-junction.com/banners/
tracker.exe?AID=14658&PID=259294&banner=0.gif" height=1 width=1 border=0>

This kind of thing is very common to affiliate programs on the internet, as this allows text links to be tracked. This is important to affiliate programs, because they want to know the ratio of impressions to clicks (this helps determine the effectiveness of an advertisement).

There have been many articles published recently about web bugs, and virtually all of them state that the reason web bugs are invisible is to hide the fact that monitoring is occurring. The articles distinctly imply some dark, sinister purpose to these little images, as if someone was trying to find out all of the secret things you do on the web.

While hiding the fact of monitoring is certainly one reason for making the images small, the main reason is much less dark. The desire is to provide statistics without impacting a page or document's presentation or layout. Imagine if the web bugs were large enough to see and how that would effect the web page. You can get a good idea of how this would look by examining a site which uses HitBox.Com. These sites tend to use the free version, which requires a large graphic image which is basically a glorified web bug. These images are huge and ugly and most definitely impact a page - but they are a free service.

Some of the information that is gained when a web bug is "activated" (which occurs when a page is viewed with graphics turned on) includes:

  • The TCP/IP address of the computer you are using when you view the document
  • The date and time it was viewed
  • The browser type, monitor resolution, JavaScript settings and so on.
  • The browser type
  • The value of a cookie from the domain of the image which was previously set.

What are these little critters used for?

  • Most of the time, they are used to gather statistics to determine the ratio of impressions verses clicks.
  • They are also used to gather statistics about internet usage patterns.

Some articles are making much ado about these things because they fear that companies such as DoubleClick are putting together profiles of internet usage patterns of individuals. This is certainly true (it enables DoubleClick to better target ads and thus charge more for advertising), but this fact has nothing to do with web bugs - DoubleClick already gathers that data via it's banner ads and does not need web bugs to do this at all.

A much more sinister use for web bugs is hiding them within email messages. This technique allows spammers to validate that your email address is real and working.

How is this done? The 1x1 image is buried in the email (which must be in HTML form) with your email address embedded within.

<IMG SRC="http://www.stupidspammer.com/dirtytrick.cgi?email=
innocent%40hotmail.com" WIDTH=1 HEIGHT=1>

This small graphic would allow the spammer to know your TCP/IP address and associate an email with that address (in this example, the email address is innocent@hotmail.com). With that information he can also find out your ISP, domain and lots of other useful data. Most importantly, he has validated that your email address is good. This, by the way, makes your email address many, many times more valuable. You can be certain that email addresses validated in this manner will be sold over and over again.

There is yet another place where web bugs can be found, at least in theory. This is within other types of documents which are web aware. This includes Excel spreadsheets, Word documents and PowerPoint presentations. While there have been no reported instances of this to date (Sept 2000), the uses are many and varied.

You could, for example, determine who has read your document. This would be useful to find out if the document was paid for properly. If a document was secret, you could use web bugs to determine if it had been leaked, and even who leaked it.

All right, so what do you do about all of this?

  • First, set your Outlook and Outlook Express to the restricted zone. This will not prevent web bugs but it will help your security.
  • Set your restricted zone to disable cookies (both session and non-session cookies).
  • If you are surfing sites which you do not want recorded in somebody's database, use an anonymous browsing service to mask your TCP/IP address.
  • Get the AdSubtract program, install it and you will never have to worry about them again.

There has been much said about the ethics of web bugs. In reality, these are just another piece of the internet experience. You need to know about them, understand that they exist and what they do. With this data, you can make intelligent decisions about how you use the web.

Additional Information

  • Ad Blocking Banner ads are everywhere, and they take up valuable bandwidth. In addition, they are ugly and distracting. Here's how to remove them.
  • Products - Bugnosis Want to zap those pesky web bugs? Or just interested in seeing how many of them are on a web page? If so, then Bugnosis is perfect for you!
  • Products - AdSubtract Pro You want to eliminate banner ads and web bugs? AdSubtract Pro does an excellent job.
  • Web Bugs Are Crawling Everywhere You've heard about web bugs. They are little things designed to track your movements. Watch out - they are exploding all over the internet.