Web Bug

A web bug is an object embedded in a web page or email, which unobtrusively (usually invisibly) allows checking that a user has accessed the content.^[1] Web bugs are downloaded by the user like any other file but instead of getting the file that the user thought they downloaded, the web bug is disguised and often loads from a different Web Server than the rest of the page. This is one way a user can detect web bugs.

Good and Bad?[]

While web bugs sound like a negative thing on the web, they also have a positive use. Here's what TechTarget.com has to say about the positive things web bugs can do.

Although proponents of Internet privacy object to the use of Web bugs in general, most concede that Web bugs can be put to positive use, for example to track copyright violations on the Web.

According to Richard M. Smith, a Web bug can gather the following statistics:

The IP address of the computer that fetched the Web bug.
The URL of the page that the Web bug is located on.
The URL of the Web bug.
The time the Web bug was viewed.
The type of browser that fetched the Web bug.
A previously set cookie value.

Web bugs are often used by spammers to validate email addresses. When a recipient opens an email message that includes a Web bug, information returned to the sender indicates that the message has been opened, which confirms that the email address is valid.^[2]

Email web bugs[]

The most popular form of web bugs come via email. These are emails used by the sender to collect data on the receivers of the message. Things like the exact time that a message was read, as well as the IP address of the computer used to read the mail or the proxy server that the user went through can be seen by the creator of these emails. Wikipedia expands on this topic:

Web bugs embedded in emails have greater privacy implications than bugs embedded in web pages. Through the use of unique identifiers contained in the URL of the web bugs, the sender of an email containing a web bug is able to record the exact time that a message was read, as well as the IP address of the computer used to read the mail or the proxy server that the user went through. In this way, the sender can gather detailed information about when and where each particular recipient reads email. Every subsequent time the email message is displayed can also send information back to the sender.

Web bugs are used by email marketers, spammers, and phishers to verify that email addresses are valid, that the content of emails has made it past the spam filters, and that the email is actually viewed by users. When the user reads the email, the email client requests the image, letting the sender know that the email address is valid and that the email was viewed. The email need not contain an advertisement or anything else related to the commercial activity of the sender. This makes detection of such emails harder for mail filters and users.

Tracking via web bugs can be prevented by using email clients that do not download images whose URLs are embedded in HTML emails. Many graphical email clients can be configured to avoid accessing remote images. Examples include the Gmail, Yahoo!, and SpamCop/Horde webmail clients; Mozilla Thunderbird, Opera, Pegasus Mail, IncrediMail, later versions of Microsoft Outlook, and KMail mail readers. Other HTML techniques (such as IFrames) can still be used to track email viewing.

Text-based mail readers (such as Pine or Mutt) and graphical email clients with purely text-based HTML capabilities (such as Mulberry) do not interpret HTML or display images, so their users are not subject to tracking by email web bugs. Plain-text email messages cannot contain web bugs because their contents are interpreted as display characters instead of embedded HTML code, so opening messages does not initiate communication. Some email clients offer the option to disable all HTML in every message (thus rendering all messages as plain text), which prevents any web bugs from loading.

Many modern email readers and web-based email services will not load images when opening an HTML email from an unknown sender or that is suspected to be spam mail. The user must explicitly choose to load images. Web bugs can also be filtered out at the server level so that they never reach the end user. MailScanner is an example of gateway software that can disarm IFrames as well as web bugs. Disconnecting from the Internet before reading any downloaded messages and then deleting those messages suspected of containing web bugs before reconnecting may also eliminate the threat.

A hosts file or a filtering web proxy can be used to specify that some servers are never to be contacted for any reason. This file must be continually updated to reflect the fact that new tracking servers are periodically brought online, and old ones re-purposed to serve legitimate content.

As web bugs require the email software to fetch the content, they have never been able to accurately count read rates for email campaigns. As a result of the above-mentioned measures, they may become still less effective.^[3]

↑ Stefanie Olsen (July 12, 2000). "Nearly undetectable tracking device raises concern". CNET News. Retrieved July 12, 2012.
↑ Rouse, M. (n.d.). What is Web bug (Web beacon)? - Definition from WhatIs.com. Retrieved April 2, 2015, from http://searchsoa.techtarget.com/definition/Web-bug
↑ Web bug. (n.d.). Retrieved April 2, 2015, from http://en.wikipedia.org/wiki/Web_bug

[1] Stefanie Olsen (July 12, 2000). "Nearly undetectable tracking device raises concern". CNET News. Retrieved July 12, 2012.

[2] Rouse, M. (n.d.). What is Web bug (Web beacon)? - Definition from WhatIs.com. Retrieved April 2, 2015, from http://searchsoa.techtarget.com/definition/Web-bug

[3] Web bug. (n.d.). Retrieved April 2, 2015, from http://en.wikipedia.org/wiki/Web_bug

[1]

[2]

[3]