SPUG: Web Bugs

Daryn Nakhuda daryn at marinated.org
Mon Aug 20 21:28:22 CDT 2001


On Mon, 20 Aug 2001, Doug Beaver wrote:

> What is it about transparent gifs (whether they are static or generated
> by a cgi) that makes it easier to log and retrieve page view data?  I am
> trying to see the benefit, but I can't.  Can you explain a little more?

it's not the fact that the gifs themselves are easier to track, but you
can use them as a means for doing your own tracking. rather than parsing
the server access logs, you can send whatever information you want to the
"gif", and log it then. The gifs of course don't need to be transparent
(or gifs :) ) but it's a nice way to be able to force the browser to
request the logging-object from your server. 

I've been using this technique for several years. I don't have a problem
w/ the technology, but I agree that it can be abused. 

The privacy issue isn't so much with sites that are using this technique
for the own site; but with people like doubleclick who have the ability to
do this across a network of site. Because the images are all served from
the same domain, they can share cookie information, such as personal
identifiers. I'll let you figure out why that's bad in many ways..

Another company that does something similar is Coremetrics. They are even
scarier b/c of the detail of information that they collect. We were an
early customer of theirs at an e-commerce company I worked at, and they'd
collect detail as to what you put in your cart, what you removed, cart
abandonment, ZIPCODE that you shipped to (actually, they asked for whole
addresses but we wouldn't give them that), credit card type, and more. Tie
this to the fact that they used a global identifier across all their
clients, and you get a very powerful (and scary) set of data. they know
that YOU, an individual, have certain sites that you visit often but never
buy from, sites that you only look at the front page of, sites where you
flip through dozens of pages of pictures of naked women, and like to post
a lot of reviews of religious books at amazon (not a coremetrics client,
but you get the point). And worst of all, they may even know your NAME and
ADDRESS!

they eventually had some bad press, and put an opt-out on their website,
but becuase they were using transparent 1x1 gifs, I bet most people didn't
even realize all this was being tracked. 

The one thing to note, is that while this is all great and conspiratorial
to talk about, and there is a lot that is technically possible to do with
this mined data, privacy policies and other legal documents (such as
contracts between CM and site operators) limit what they are actually
legally allowed to do with all of the data.

read this:
http://news.cnet.com/news/0-1007-200-2520471.html



 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     POST TO: spug-list at pm.org       PROBLEMS: owner-spug-list at pm.org
      Subscriptions; Email to majordomo at pm.org:  ACTION  LIST  EMAIL
  Replace ACTION by subscribe or unsubscribe, EMAIL by your Email-address
 For daily traffic, use spug-list for LIST ;  for weekly, spug-list-digest
     Seattle Perl Users Group (SPUG) Home Page: http://zipcon.net/spug/





More information about the spug-list mailing list