what you guys think about web bugs?

Discussion in 'privacy general' started by Dakster, Jan 23, 2006.

Thread Status:
Not open for further replies.
  1. Dakster

    Dakster Guest

    they log almost everything about ur visit at a website to a third party website.. i hate them. n they are on almost every website!
  2. StevieO

    StevieO Guest

    I hate them more than cookies.

    This app kills all webugs stone dead, as well as help to protect and secure you in many other ways too like with the built in antiphising and registry safe guards.

    It also has a range of other very useful tools in there including a remove on boot feature which will delete those stuborn files etc that normal methods will not.


  3. Customizer

    Customizer Guest

    that and i hate websites that require> flash/javascript/cookies
  4. ErikAlbert

    ErikAlbert Registered Member

    Jun 16, 2005
    What information is sent to a server when a Web Bug is viewed?
    * The IP address of the computer that fetched the Web Bug
    * The URL of the page that the Web Bug is located on
    * The URL of the Web Bug image
    * The time the Web Bug was viewed
    * The type of browser that fetched the Web Bug image
    * A previously set cookie value
    ( http://www.eff.org/Privacy/Marketing/web_bug.html )
    Is that kind of info dangerous for us ?
  5. ErikAlbert

    ErikAlbert Registered Member

    Jun 16, 2005
    That's one of the reason why you have to read your spam-emails in text-mode, not HTML-mode.
    Email Web Bugs don't have a chance to do their evil job in text-mode.
    Well I delete my spam-emails anyway.
  6. que sera

    que sera Guest

    Not dangerous the way a virus or a backdoor is but dangerous if you care about your privacy. As for me I value my privacy alot and therefore don't want to be traced during my internet sessions neither via third party cookies nor some graphics or whatever might be used for that purpose.

  7. wacked_out

    wacked_out Guest

    umm.. anyone watched Techtv, well they were talking about a guy who was on a tripped appearently he signed up for soemthing entered his email address, phone #, ect.. at somewebsite.. well he had block "third part cookies" disabled and the webbug, aka invisible gif aka ad-analylitic used a cookie, so he sent the information and the third party website got all the information via the first party site.. so he a few days later he went to a different website, i forgot what else but they ended up calling him about how they liked the website :O apperanly the 3rd party website cookie "tracked" him and recorded the info. and so the website knew his phone #.. if u've seen this episode.. pretty scary. :baby_cry:
  8. Notok

    Notok Registered Member

    May 28, 2004
    Portland, OR (USA)
    Tracking cookies are different from "web bugs".. all "web bugs" really tell the site owner is how many people are coming to the website, and what pages have them linked (and only the immediate link, not your web history). This information allows your favorite websites to stay alive, but don't tell the webmaster anything about you (other than what can be said by the fact that you're visiting their site in the first place). There's a lot of hype about the dangers of someone knowing your IP or being able to see what page has another page linked, but that hype only really does one thing - sell "privacy" software.

    Cookies are a slightly different story since they stay on your computer and advertising companies can abuse that, but still not that much of a concern.. just set your browser to treat all cookies as session cookies or delete when you close the browser. The bigger threats out there are what happens to your information after you willingly give it away. That kind of info is very personal, yet all too often gets passed around or left unsecured, so be snatched up by theives at a later time.. and we almost never see that subject breeched around here.

    On one hand you have users that believe that the internet has next to no privacy, but on the other hand all the reports show that the internet is so full of crime because of how intrinsically anonymous it all is.. you can't catch the crooks because it's very difficult to pin an identity to any given online activity. How many websites have sent you junk mail (spam or snail-mail, but especially snail-mail) that you never gave your information to.. compare that with companies that you have given your information to, especially electronically. If you're using every kind of privacy software that you can and still got an inbox full of spam, it's time to reconsider what's important.

    Lastly, does having the house number on the front of your house make you any less anonymous to anyone that doesn't already know? If you want to enhance that privacy, do you do so by taking the house number off your house, or do you request that your address not be listed in the phone book?

    If you're at a shopping mall, do you maintain your privacy by wearing camoflauge and not letting anyone see what stores you've been to, or do you simply refuse to give everyone your name, address, and phone number?
  9. Freaking

    Freaking Guest

    ur wrong.. tracking cookies co-relate with webbugs, but they arent necessaryly related. and no i wouldn't wear camofloug, i'd stay indoors, and visit the mall online.
  10. tuff

    tuff Guest

    I heard webbugs are for seeing statistics about users.. but they are all the same.
  11. snapdragin

    snapdragin Administrator

    Feb 16, 2002
    Southern Ont., Canada
    Dakster, Customizer, wacked_out, Freaking, and tuff, would you mind using just one guest name per thread, rather than multiple guest names. We wouldn't want other's to think you're pretending to be different people, now would we?
  12. Notok

    Notok Registered Member

    May 28, 2004
    Portland, OR (USA)
    Every server keeps statistics, they kind of have to.. cookies are something you have to specifically set. The data may be used for similar purposes, but they are not the same. The reason that some sites use "web bugs" is that their hosts won't give them access to the logs, so they use a service that simply allows websites to host an image via a "hot link", and give the webmaster access to those logs.

    That same information is collected when you visit every site, including this one. Server statistics are always going to be there, it's the intrusive advertising agencies that you should be worried about. Focus your attention to the wrong things (such as unrelated technical points like server stats/"web bugs") and you'll just enable them to keep doing what they're doing. Learn the facts and you can actually take action that counts ;)

    And me, I'll go enjoy human interaction with my local small business owners, and not give my money to companies that wish to invade my privacy in any way :) Plus, most of the small business owners whose stores I frequent have friendly and knowledgable staff that give informed advice.. in real-time!
  13. Jay_s

    Jay_s Guest


    Stat counters are form of webbug, expecially webtrends they leave tracking cookies.

    Jay_s, bye
  14. Rasheed187

    Rasheed187 Registered Member

    Jul 10, 2004
    The Netherlands
    Personally they don´t reallly bother me and I don´t even care about the referrer issue. Btw, Ad Muncher can remove them also, but on my system it gave problems, might be due a corrupted installation. :rolleyes:
  15. Notok I don't think what you are saying is sinking in. :)

    Let me try.

    I have a website, with a page on some topic. Let's call my domain mywebsite.com. On one of those pages, I have a image (new.gif) that is embeded on my page www.mywebsite.com/index.html. The image is 'mine' and stored in the graphics folder on my website.

    I'm going to post one entry in my weblog that records all the requests made by a user when he first hits my page www.mywebsite.com/index.html.

    2005-12-02 21:03:46 GET /index.html - HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) - 'http://www.google.com/search?hl=en&lr=&q=mywebsite+index

    I've simplified a lot and removed many irrelevant details, so we can focus on the essentials.

    You can see the first 2 fields [2005-12-02 21:03:46] , records the date and time, where the request was made. AKA When the visitor came to the site.

    The next field [], records where the request was coming from. In this case, the visitor's ip address is

    The fields after that [GET /index.html], Shows what the browser is requesting, in this case it's requesting for the index page index.html

    The last field [http 1.1] just tells us that we are using http 1.1 instead of 1.0.

    The second line is even more interesting

    [Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)] This is what we call the user-agent, what the browser indentifies itself to be. In this case, the visitor is using MSIE 6.0. We can also usually tell what OS is being used from the user agent.

    The last field is what we call the referrer [http://www.google.com/search?hl=en&lr=&q=mywebsite index]
    It tells us that the last page the visitor was on. From the string above, we can tell the visitor found my site, by searching google.com with the search terms 'mywebsite' and 'index'

    The point to note is that all this detail is record automatically, without using cookies, javascript, java etc. . This method is infalliable in the sense that even if you turn off cookies, JS,JAVA the same details are still recorded, altough you can send fake or blank details in the case of referrers, ips but the details must be sent.

    There are two limitations , one is pretty obvious, I can only get details for requests the visitors make with my webserver. If he follows a link of my website out to another website not belonging to me, I don't know what happens after that.

    The second one is less important to the story, but involves the reason why we use cookies. Basically we cannot keep track of the state, or order in which the visitor moves through out our page.

    Let's continue the story, and look at the next request.

    2005-12-02 21:03:47 GET /graphics/new.gif - HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) - 'http://www.mywebsite.com/index.html

    We see it's the same visitor (the fact that it's the same browser and ip gives it away), ONE SECOND later.

    Two other things have also changed. Firstly the visitor is requesting the image new.gif.

    The referrer as also changed. It's showing the referrer for that request as the webpage it just loaded one second ago rather than google.

    What happened? Simply this, when the visitor loaded up the page index.html, there was a 'instruction' in the html page to display the graphical image new.gif on the *that same page* (index.html), so the user's browser obliging contacted the webserver and request the image.

    And the weblog captures this request. We can see that the referrer for that image request, is the page itself which embeds the image. Which makes sense when you think about it.

    Second thing to note is that, the request for the image shows up as a seperate line in the weblog. Even though the visitor to the webpage might think he is doing only one request when visiting one webpage, he is actually doing several requests, one for the webpage html, several times for each seperate image and other objects

    Here we are simplifying, assuming that the webpage only has one embeded image. In reality when someone visits most webpages, he is making half a dozen requests for not only each image, but also for other objects like externally linked css style sheets and javascript code etc.

    Now let's look at another entry

    2005-12-02 21:03:47 GET /graphics/new.gif - HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) - 'http://someothersite.com/index.html

    This entry is intriguing, I see that the referrer is some place called
    http://someothersite.com/index.html . A visitor apparantly visited someothersite.com then immediately requested the image new.gif from my website.

    This is interesting because on my website there is no direct link to the graphic file, most visitors would visit http://www.mywebsite.com/index.html, THEN as that site loads up the image, it will then request the image.

    One possibility is that the owner of the webpage created an external link to the graphic, so that clicking that link will load up the image directly, as opposed to the webpage + embeded image.

    But looking at the html I see this is not the case.

    What happens instead is that the html 'code' of the page someothersite.com, embeds my image, so that whenever any visitor visits it, it loads up my image too. And when that happens , the entry above is recorded.

    This is the same as what I did to my webpage on www.mywebsite.com/index.html, except this time it's done on a foreign html page.

    But it doesn't matter, since requests for my graphics image file shows up as a seperate request whether it's embeded in my normal html page, or if it's on the foreign html page (or even if it's requested directly without being embeded in any page).

    Incidently that's very similar to how a basic webbug works. Because the owner of mywebsite.com embedied my image in his webpage, I can now get info about the people visiting http://someothersite.com , even though i don't own that website.

    Visiters to that site may not know that whenever they visit http://someothersite.com , they are visiting my site as well by proxy, since their request for my image, creates a connection to my web server. This connection gives me exactly the same details, as if they had directly visited my html page of course.

    Here, the owner of someothersite.com embed my image without my permission, this is a big no no, for some webmasters and is considered image stealing, hotlinking, bandwidth thieft etc.

    Of course in reality, most webbugs are created on purpose and are embeded with the full permission and knowledge of the owners. It doesn't even necessarily have to be an image, any object that the browser loads up that resides on another server is enough.

    The one planting a webbug or web counter, gives the other, a 'html code', which can be simply an image, or a link to javascript code, css file etc or even a combo of these to embed on their website.

    The object is then embeded into the webpage, so that whenever someone visists that webpage, it automatically loads up that object.

    There are some programs that claim to be able to detect and block webbugs, but most of these I contend are not 100% accurate. Many assume that externally linked graphics that are very small and transparent, and hence serve no purpose on the page, are web bugs.

    Even leaving aside that this assumption is not true (some webmasters use transparent gifs for spacing), if I wanted to embed a webbug, and prevent it from being filtered, i would embed it in a critical part of the webpage, so that if you blocked it the page becomes useless.

    For example, I recall seeing websites that actually use css style sheets hosted on external servers as web bugs in a way. If you don't load up those style sheets, the whole page becomes rubbish. And if you load up those style sheets....
  16. Notok

    Notok Registered Member

    May 28, 2004
    Portland, OR (USA)
    Just to expand on that, the reason it's a big no-no is that web hosting services usually only allow website owners a certain amount of traffic per month. If you're a lonely personal hobbist website owner, chances are that you don't have a lot of money to sink into such a website, so you usually don't get allocated a whole lot of traffic. If another site decides to just load images from your page on theirs right from your server, that takes from your traffic and not theirs. If this puts you over your limit, then the price per mb can get pretty steep. Your server logs, however, will help you track down what's going on. No cookies or anything else would be involved in this, just server logs, which is all that web bugs are about. Web bugs use the same principle as what I just desribed, but it's only very small images that are hosted with permission, and the webmaster given the logs from the server hosting that little image (bug).

    Here's information on setting a cookie on your website. You can clearly see that it's something that you have to program your webpage to do, and has nothing to do with using images from other sites (which is what web bugs are).
    Last edited: Jan 25, 2006
  17. I would agree that web bug as traditionally defined refers to tiny transparent gifs hosted on another site and are independent of cookies. This is in particular if we talk about web bugs in email.

    In many cases though, they are used in combination with cookies to enhance tracking. Most webcounters (which some people consider webbugs) for example can be understood as using both methods.
  18. Notok

    Notok Registered Member

    May 28, 2004
    Portland, OR (USA)
    Indeed, just pointing out that they are separate things. Even though they're not mutually exclusive, they aren't the same, and should be treated separately.
  19. foo

    foo Guest

    they both are monitoring users though. ;)
  20. Notok

    Notok Registered Member

    May 28, 2004
    Portland, OR (USA)
    I suppose.. in the same way that surveyors at supermarkets and the motion detectors for the doors both monitor shoppers. Perhaps technically, but it's a bit of a stretch.

    I'm beginning to think you have a vested interest in spreading this kind of FUD. Surely Wilders members are intelligent enough to see the difference for themselves by now, so I'll leave it at that.

  21. Hmm Notok, I normally agree with you but i'm not sure about this one.

    Cookies are used for monitoring and tracking people. How is that stretch? Heck cookies are in many cases way better at tracking then using just simple web bugs with images particularly if you want to track the state of the browser. And persistant third party cookies can store and uniquely indidivual indidvuals even when dynamic ips cannot.

    Please note, I'm not saying cookies are evil or anything like that.... Just stating the facts.

    Are cookies supposed to be the motion detectors or the surveyors ?!

    Seems kind of harsh.
  22. Notok

    Notok Registered Member

    May 28, 2004
    Portland, OR (USA)
    Server logs are little more than door counters - "what door do people come in? was my door too big or too small for most people?" etc.. server logs are on every single server, so it is absolutely inevitable that they will be present with all cookies. The same could be said about HTML, however.. HTML is present with every cookie, but that doesn't mean that they're the same thing. Cookies are a technology that can be potentially abused by advertising agencies, but really don't have anything to do with the topic of this thread.

    Giving credit to the members here for being intelligent enough to see the facts is harsh? ;) Confusing these issues doesn't help anyone but the vendors that sell products to "combat" both, and at this point it's beginning to look pretty intentional.
  23. passHash

    passHash Guest

  24. must of missed devils's post.. that makes alot of sence.. I should of read this whole thread before blabbering on with the mouth. ;)
  25. Notok there is no technology dispute here. I don't think foo or whoever even said they are the same. I'm just curious at your harsh reaction towards a comment that says "but they both monitor people".

    That's true isnt it? Cookies monitor people. How is that spreading fear, uncertainty and doubt?

    Nah, but in response to a statement that basically says both cookies and webugs monitor people, your response does seem particularly harsh.

    You want to combat webbugs, while surfing? Turn off all images loading from third party sites should kill most but not all of them. Or you could use bugnosis which tries to guess which images are likely to be webugs, but I never found it very reliable anyway.
Thread Status:
Not open for further replies.