SPUG: Web Bugs

Doug Beaver doug at beaver.net
Mon Aug 20 20:49:41 CDT 2001 

On Mon, Aug 20, 2001 at 06:05:18PM -0700, Ken McGlothlen wrote:
> Doug Beaver <doug at beaver.net> writes:
> 
> | What is it about transparent gifs (whether they are static or
> | generated by a cgi) that makes it easier to log and retrieve page
> | view data?  I am trying to see the benefit, but I can't.  Can you
> | explain a little more?
> 
> Specifically, when you visit a site (say, cnn.com), they have the
> option of dropping in a webbug (or set of them) from various other
> firms.  The cnn.com page might consist of:
> 
>         The HTML document
>         An IBM ad
>         A Compaq ad
>         A doubleclick.com webbug
> 
> The doubleclick.com webbug almost always has a way of encoding more
> information in the URL, so now doubleclick.com knows that you saw the
> article, which ads you saw, and when you saw it.  They also work with
> cnn.com to discover the referring URL.

Ah.  Although doubleclick would only know what ads you saw if the images
were served from doubleclick servers or if CNN was sending doubleclick
information after they parsed their logs.

> Alone, this is no big deal, but you can see how, with enough webbugs
> on enough sites (and it doesn't take a majority of them),
> doubleclick.com can come up with a really good profile of individual
> users, and come up with more effective (read "obnoxious") advertising
> tactics.
> 
> Even worse is emails---it's like a read-receipt that mailreaders like
> Outlook won't let you block.  This is one of the primary reasons why I
> don't use a graphical mailreader.

Me too.  That and protection from email virii/worms.

> | The thing that upsets me about web bugs is that you can't turn them
> | off.  At least you can turn off cookies.  Even if you're using a
> | proxy which strips your identifying headers, they can still track
> | you since the tracking info is encoded in the image name.
> 
> Well, there are ways.  On the Macintosh, for example, a popular
> web-browser named OmniWeb allows you to do URL blocking (with regular
> expressions, no less), and that one ability (along with superior
> cookie management) has made it my favorite browser.  Mozilla is also
> going to permit you to block images from sites, whenever it becomes
> ready for prime-time.  Your only other avenues are HTML proxies like
> junkbuster, which block image requests from sites you select.

I'm using mozilla 0.9.3 and it seems to have stub support for the regex
filtering on images.  In the preferences menu, you can select privacy &
security->images->image permissions.  It has an option under the images
tab where you force mozilla to only request images from the domain
you're currently viewing.  I bet that helps with external bugs (i.e.
served from doubleclick or akamai) a lot.

I wonder if there is an ORBS-like list for web bug servers...

> | You might be able to test for the existence of web bugs by using a
> | proxy and doing a HEAD request on each "image" referred to by <img>
> | tags.
> 
> Actually, if you can just get a list of IMG URLs out of the page
> efficiently, they're pretty easy to spot.  OmniWeb has the "Get Info"
> command; it will list all the resources a page attempts to load.  But
> it does take a pair of eyeballs to distinguish ads and webbugs from
> legitimate spacers and the like.

I wasn't clear about my point.  I mentioned the HEAD technique after
talking about 'stealth' web bugs who look like normal images.  A regex
match would pass these images while a header check might not.  Anybody
have any other tips or tricks for detecting web bugs?  I'm going to add
them all to my http proxy server.  They are almost a requirement for
surfing these days.  :-/

This is an interesting discussion!

Doug

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     POST TO: spug-list at pm.org       PROBLEMS: owner-spug-list at pm.org
      Subscriptions; Email to majordomo at pm.org:  ACTION  LIST  EMAIL
  Replace ACTION by subscribe or unsubscribe, EMAIL by your Email-address
 For daily traffic, use spug-list for LIST ;  for weekly, spug-list-digest
     Seattle Perl Users Group (SPUG) Home Page: http://zipcon.net/spug/

More information about the spug-list mailing list