Web Bugs Erode Privacy
This Privacy Stuff is Really Bugging Me!
by Mike Banks Valentine
There is a nasty little privacy parasite loose on your computer.
You get it by visiting web sites with "bugs" on them.
Typically served by ad tracking, affiliate tracking and even email
tracking companies to measure the effectiveness of their ads,
track their visitors and find out when you open their email. Web
bugs are tiny, invisible 1 pixel by 1 pixel graphic files that
notify a third party web site when a page, an ad or an email is
viewed.
Now if you've joined an affiliate program through any of the major
affiliate tracking companies, you have probably even put these
bugs on your own pages without knowing what you've done. They
come in the HTML code you are given to paste into your page by
Commission Junction or LinkShare or BeFree networks and LinkExchange
to track your visitors so you can be paid your affiliate commissions.
You'll see on the link code something like this
<img src="http://service.bfast.com/bfast/serve?bfmid=
26375915&siteid=38461978&bfpage=ehi_home_page"
border="0" width="1" height="1"
NOSAVE >
This is actually the WebSite101 code for our affiliate link to
eHealthInsurance.com and is required by their affiliate program.
This is a "good" use of web bugs to track commission payments
to affiliates. It allows the host to track exactly what web page
was visited by the surfer and when so that affiliate links can be
tracked from their source.
The "bad" bugs are those used by ad servers to track which
advertisements are viewed by surfers and combine it with other information
stored about that surfer at other web sites. There are bugs included
in HTML email -- those messages that include graphics, fonts and
page color in the messages -- to see when the email was opened and
can even tell where on your hard drive that email is stored, when
it was viewed, how long it was open and if the links are clicked
on.
"Bad" bugs are used by nefarious sites to collect information
from your hard drive and pass it back to their server without your
knowledge. This is done in combination with cookies to send information
about your surfing habits to third parties, also without your knowledge.
Some of these nasty little critters can even be used from web pages
or within your email to install "executable bugs," which
can install a file onto your hard drive to collect information whenever
you are online. For example, one such bug can scan a hard drive
to send information on every document that contains the word "financial."
More on Web Bugs . . .
http://news.cnet.com/news/0-1005-200-5008849.html
http://www.ecommercetimes.com/perl/story/12405.html
Type 1
In this case, a third party gathers information about an individual
based on his activities on the Web. While he surfs the site, an
unseen information gatherer is creating a personal profile by
examining the pages he visits, how long he stays, his geographic
location -- and even his buying patterns and credit card information.
Many commonly used Web sites, such as DoubleClick, use this type
of bug to profile users.
Type 2
This application is downloaded on a computer unknowingly, like
a Trojan horse, it then resides on a user's computer -- even the
hard drive.
"A Type Two can monitor anything. For example, if you do
your own taxes with financial software, it can monitor that."
This type of bug often is downloaded invisibly because it has
attached itself to a desired application such as an MP3 file.
Type 3
A script-based Type Three bug enters a computer even when the
user doesn't download anything at all. Wang and his colleagues
used a script-based bug, for instance, during a presentation to
the Congressional Privacy Caucus in Washington, D.C.
The bug, specially written for the presentation, entered a committee
member's personal computer and stole a copy of his private address
book and calendar. While an audience watched, the bug then transferred
all of the stolen addresses to a colleague's computer.
Type 4
This bug enters a computer through a Web-based application such
as instant messaging or in a bulletin board. For instance, Wang
said, some devious Web users recently created a Type 4 bug that
infiltrated the popular Internet auction site, eBay.
The bug gathered information about how much money auction participants
were willing to spend for items that were up for sale on the site
-- and then the bug's authors used that data to manipulate the
auctions.
Type 5
This Web bug functions like an e-mail version of a wiretap. For
instance, if a lawyer were to receive a message from an adversary
in a lawsuit and then forward that message along with her own
comments to several colleagues -- who then commented back and
forth, too -- the original sender of the message could actually
track the whole e-mail conversation as it progressed.
A company called Intelytics
offers a suite of privacy protection products that specifically
track, warn and prevent damage by these insidious little creatures.
 |
 |
There is also a new free software available
for Windows users called
<a href="http://www.bugnosis.org/">Bugnosis</a>
which is provided as freeware by the
<a href="http://www.privacyfoundation.org/">
Privacy Foundation</a>.
The software is designed as a browser plug-in to notify you when
a page you visit is a security risk, or simply if the page contains
web bugs. They are working on a version that will notify you of
bugs in your email.
Call the exterminator honey, we've got bugs in the PC!
