Why We Should Watch Out for Web Bugs

Achooo! Sorry, there are these bugs going around that are really bringing me down. I thought I had protected myself, but I was focused on this other thing and didn’t even know about the threat of these bugs, which it turns out are very common.

Sick? No, I’m not sick (that sneeze was just allergies). The bugs I’m talking about aren’t bringing my health down; they are bringing my privacy down.
The bugs I’m talking about are Web bugs, and they are as common on the Web as links. How do they get on the Web? Are they put up by nefarious criminals?

Well, while criminals do use them, these bugs are put on the Web by pretty much everyone. I myself have put a large number of Web bugs on the sites I have built and managed.

Why did I do this? Same reason most people do—for analytics, to mash data from other sites, to participate in social networks and to add content to sites.

But I’m participating in practices that potentially dwarf the threat of cookies when it comes to invading the privacy of Web users. And, unlike cookies, as a user there is very little one can do to protect your privacy from this threat.

So what are Web bugs? Simply put, they are small bits of code embedded in Websites that add functionality and share information. They are used by everything from Google Analytics, to ad networks, to popular blogging platforms, to social networks, to affiliate shopping programs.

A recent study done by the University of California at Berkeley took an in-depth look at the privacy problems caused by Web bugs. The results were so worrisome that the organisation launched a Website, knowprivacy.org, to help educate users about the threat to their privacy.

When a Web bug is on a site, it communicates back to its parent site to carry out its functionality. So, when you open my Website, you are also sending information to my analytics provider, my ad network and any other sites I may be partnering with. And your data can be tracked across every site that uses the bug, even if you block cookies and do everything else possible to protect your privacy.

The other scary thing is that Web bugs are rarely mentioned in Website privacy policies, and they seem to exist as a loophole in most sites’ policies. A common statement in most site policies is that they will not share data with third parties. But, in the case of a Web bug, the site isn’t actually sharing data; your browser is sending the data directly to the third party outside of any action by the main site.

And, given how widespread many of these networks are, the illusion of Web privacy may be just that – an illusion.

Take, for example, Google, which says it won’t be evil. But, if it wanted to, it could be very evil indeed. Between its multiple networks and affiliates – such as Google Analytics, Doubleclick and Google AdSense – it has Web bugs on a great many Websites

[Disclosure: eWEEK Europe UK uses Google Analytics. We track the anonymou statistics that Google gives us back, to better focus our content, and are as vigilant as we can be about Google’s use of that data – Editor]

Conceivably, even if you block cookies and constantly flush your cache, Google could, through its Web bugs, identify your IP address, operating system and browser, and track your movements and activities across every site that uses its Web bugs.

Now, I’m not saying that Google is doing this, but there are companies and networks that probably aren’t hesitant to get the most value that they can out of this data – no matter what it means to your privacy.

What can you do to protect yourself? Outside of not using the Web, constantly changing your IP address or using an anonymous network such as Tor, there isn’t much you can do.

That’s why – just as with cookies – users need to become aware and vigilant about Web bugs, and make sure that sites explain how they are using this data.

Otherwise, Web privacy could get a lot sicker.