July 12, 2000 3:05 PM PDT

Nearly undetectable tracking device raises concern

A widely used, yet virtually undetectable, means of tracking people's Internet surfing habits is joining its better-known cousin, the cookie, as the subject of several lawsuits and a privacy initiative by the government.

The technology, often called Web bugs or 1-pixel gifs, is prompting further concern that the once-freewheeling Web is becoming more like an Orwellian Big Browser.

Like cookies, Web bugs are electronic tags that help Web sites and advertisers track visitors' whereabouts in cyberspace. But Web bugs are invisible on the page and are much smaller, about the size of the period at the end of this sentence.

A Web bug "is like a beacon, so that every time you hit a Web page it sends a ping or call-back to the server saying 'Hi, this is who I am and this is where I am,'" said Craig Nathan, chief technology officer for privacy start-up Meconomy.com and former technical liaison for Personify.

Most computers have cookies, which are placed on a person's hard drive when a banner ad is displayed or a person signs up for an online service. Savvy Web surfers know they are being tracked when they see a banner ad. But people can't see Web bugs, and anti-cookie filters won't catch them. So the Web bugs wind up tracking surfers in areas online where banner ads are not present or on sites where people may not expect to be trailed.

That was the case last month when the White House ordered its drug policy office to stop using Web bugs on the government's anti-drug site Freevibe.com. Following the mandate, the Clinton administration issued strict new rules regulating federal use of the technology, which can surreptitiously collect personal information.

Web bugs can Security, privacy issues make Net users uneasy"talk" to existing cookies on a computer if they are both from the same Web site or advertising company, such as DoubleClick, which uses bugs and dominates the online advertising market.

That means, for example, that if a person visited Johnson & Johnson's YourBaby Web site, which uses DoubleClick Web bugs, the bug would read the visitor's DoubleClick cookie ID number, which shows the past online behavior for that computer. The information would then go back to DoubleClick.

Ad networks and agencies say cookies and other tracking devices are used to help both consumers and Web sites. Under fire from privacy advocates, ad executives have consistently said the information collected is kept private and is the sole property of the company that is being advertised.

The "evil" of Web bugs
But privacy advocates see an insidious side to the tiny tag.

"The danger of that is that if you were going to a site on yeast infections, the second it loads up, before the screen loads, somewhere in the world the fact that you visited the site is now registered. That's the evil of Web bugs," said Ira Rothken, a lawyer at the technology-oriented Rothken Law Firm, based in San Rafael, Calif.

The problem is magnified, he said, when a company can tie your cookie number to personal identifying information such as a phone number and address.

This became a real concern last November when DoubleClick bought Abacus Direct, a company that holds detailed consumer profiles on more than 90 percent of U.S. households. Syncing DoubleClick's database about Net surfers with personally identifiable data set off a firestorm of criticism, as well as a government inquiry. DoubleClick has since dropped plans to link the databases until there is agreement between government and the industry on appropriate standards.

"Web bugs were developed to not let you know (you're being tracked) and for the simple design aspect of an invisible dot," Nathan said.

Rothken filed a see story: Probes are latest headache in e-commerceconsumer Internet privacy suit against DoubleClick in February, and there are three other similar suits against the ad network.

Also in February, the state attorney general in Michigan began legal proceedings against DoubleClick. The attorney general claimed the company had violated consumer protection laws by not telling Web visitors that DoubleClick regularly put cookies and Web bugs on their hard drives.

The other side of the coin is that Web bugs, like cookies, can be useful. For consumers, cookies can store passwords and other sign-on information. For Web sites, Web bugs can help better manage content by knowing what is effective. They also give online ad agencies a way to track campaigns when a banner isn't present.

Bang for their advertising buck
"Using traffic-log cookies or clear gifs is a way for advertisers to learn whether they're getting the most bang for their advertising dollar," said Jules Polonetsky, chief privacy officer at DoubleClick. "It's a tool that does not provide any personal information but allows the Web site to learn how users are visiting different areas of their site and learn which ads brought them to their site.

"We are contractually obligated to maintain that information solely for the use of the site; it's critically private information," Polonetsky said.

Web bugs have sparked much criticism from Net experts of late.

Click here to Play
Online privacy
Richard Smith, a computer security expert, said that a wide variety of medical and pornography sites are using the tags. He said there are Web bugs on such sites as Procrit, which has information about AIDS drugs, and iFriends.net, an online version of an adult peep show.

Smith has set up a Web site that searches for Web bugs. A quick search on that site for such bugs issued by DoubleClick, for example, returned more than 80,000 hits.

Web bugs can also be used in email. For example, companies can send a bulk HTML email newsletter that has Web bugs, which will determine how many people read the letter, how often they read it, and whether they forward it to anyone. The email "would include your email address in the URL or include a coded ID or encrypted email address to track when you opened it," Smith said.

"Web bugs are like carbon monoxide for Internet privacy," said Jason Catlett, a privacy advocate with Junkbusters. "You can't see them, but they can damage your privacy anyway."

7 comments

Join the conversation!
Add your comment
CNET USES THESE???
heres the link to that comment folks....

<a class="jive-link-external" href="http://news.cbsi.com/5208-1002-0.html?forumID=1&#38;threadID=12784&#38;messageID=99320&#38;start=-131" target="_newWindow">http://news.cbsi.com/5208-1002-0.html?forumID=1&#38;threadID=12784&#38;messageID=99320&#38;start=-131</a>

makes you wonder why a site that says how nad they are would still be using them eh?? hmmmm
Posted by The user with no name (259 comments )
Reply Link Flag
Stop being such babies
Tracking just enhances your browsing experience.
Personally I appreciated not being exposed to Tampax ads.

I do understand that some people that are doing illegal stuff online don't like being spied on. But the rest of us should really apprciate that websites are improving themselves based on my surfing habits.

Now, have a cookie and stop crying!!
Posted by jackraz (2 comments )
Reply Link Flag
Stop being such babies?
You sound like an old ad man that works for the company. Or perhaps you're just the exhibitionist on the street corner.
Babies? Babies have no concern as to their rights to privacy. Seeing as how you seem to have none, I would look in the mirror before I called anyone else a baby, if I were you.
You don't like being spied on but you like that fact that they do so they can improve their website. Ummm, excuse me? Improve? You have to be joking, right? Or is it that you just expect someone to try to sell you something when you visit a webpage? Is that what the web has come to, an advertiser's dream come true? I suppose you're the guy who sits glued to the TV to watch those million dollar commercials and walks away thinking he's seen a good show. Couldn't tell you what program he watched, but bring up a commercial and he can repeat it verbatim.
Of course, I'm absolutely sure you jump right up or reach down and grab the remote to change the channel when those Tampax ads come on.
Tracking doesn't enhance anything for me. It just pisses me off. And a lot of other people, too. If I want to buy something online, I'll do a search for it using one of the popular search engines. I don't need a site with ads galore trying to sell me something when I'm not interested. Or even when I am interested. I'll choose when, where and if I buy, thank you.
Posted by kb8vng (1 comment )
Link Flag
Say it ain't so! I guess you're saying that when I visited those sites with the dirty girls and horses, I wasn't alone? That's not cool.
Posted by Tuurbo13 (1 comment )
Reply Link Flag
is this not an obvious breach of the data protection act? If somebody can track your webpages doe'snt that mean they can read your server address which defines your comp as being yours and tace it right back to the owner of the comp? dont we have anti virus sotware to stop pop ups and adverts? how is this relevant to marketing! whether or not i have anything to hide thats my buisness, do we not live in a democratic society anymore, do we have no rights or say in who has access to information? I seriously feel violated!
Posted by meisbad (1 comment )
Reply Link Flag
You can block web bugs and other cross-site requests that leak information about your browsing habits by using the Firefox extension RequestPolicy.

https://addons.mozilla.org/en-US/firefox/addon/9727

For more info on the privacy ramifications of cross-site requests, see:

http://www.requestpolicy.com/privacy
Posted by RequestPolicy (1 comment )
Reply Link Flag
Ironic. This very page has TEN (10) web bugs on it.
Posted by hparkeragain (4 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.