SPUG: Web Bugs

Jonathan Woodard jonwood at microsoft.com
Mon Aug 20 15:02:31 CDT 2001 

I run a data warehouse to provide analytical data about a web service.
We don't use transparent gifs in our web pages, but we are evaluating
whether and how to use them.  If we do implement them it would make our
work of parsing through IIS logs for page view data much easier.  It
would not be used to track individual users (we're a free service w/o
cookies, so we have no reliable way to track single users).  I know of
another web team that does use clear gifs in their pages for exactly the
same thing.  This practice is essentially a more efficient web server
logging mechanism.  I don't see how that is an invasion of privacy.

This tool, like any other, can be used for less scrupulous ends,
including spam.  Using clear gifs in html emails sounds distasteful to
me, but I think it would be a clever/sneaky way to discover who is
leaking information by forwarding confidential messages.

Jonathan

-----Original Message-----
From: Wallendahl, Michael/SEA [mailto:mwallend at ch2m.com] 
Sent: Friday, August 17, 2001 16:52
To: SPUG
Subject: SPUG: Web Bugs


I'm just curious what everyone's opinion is about "web bugs" -- 1x1
transparent gifs that some companies embed in their web pages and HTML
e-mails.  An overview article can be found here:
http://www.eff.org/Privacy/Marketing/web_bug.html

Some people say that these gif's are just used to track how popular a
web site is--if that's the case, why would they include  identifying
information in the web bug URL?  I was pretty indifferent about the
practice until I realized that some junk mail I got from my student loan
company, SallieMae, included a little snippet of html code like this

<IMG
SRC="http://salliemae.sfi0.com/image.cgi/slm008-c/myName@myDomain.com">

This means that they now know the exact second that I read my e-mail and
they also know if I forward this specific message onto someone else
(because the "hit" in the log file will come from a different source IP
address but contain the same e-mail address tag).  It's like a Read
Receipt that I can't get around.  And since it went to my hotmail
account, I can't force it to "plain text" format before I read it to get
around this problem.

I feel like writing a Perl script to "spam" the salliemae.sfi0.com web
server back with random e-mail addresses, but that wouldn't solve
anything (besides, it would be easy to filter out my "spam" from their
logs because all the hits would be from the same address).

Anyway, just wondering what you all think.  Do you use these "bugs" in
your own web projects?

-Mike






 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
     POST TO: spug-list at pm.org       PROBLEMS: owner-spug-list at pm.org
      Subscriptions; Email to majordomo at pm.org:  ACTION  LIST  EMAIL
  Replace ACTION by subscribe or unsubscribe, EMAIL by your
Email-address  For daily traffic, use spug-list for LIST ;  for weekly,
spug-list-digest
     Seattle Perl Users Group (SPUG) Home Page: http://zipcon.net/spug/



 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     POST TO: spug-list at pm.org       PROBLEMS: owner-spug-list at pm.org
      Subscriptions; Email to majordomo at pm.org:  ACTION  LIST  EMAIL
  Replace ACTION by subscribe or unsubscribe, EMAIL by your Email-address
 For daily traffic, use spug-list for LIST ;  for weekly, spug-list-digest
     Seattle Perl Users Group (SPUG) Home Page: http://zipcon.net/spug/

More information about the spug-list mailing list