Freemor’s Weblog

What is a WebBug anyway?

A webbug or web beacon, pixel tags, tracking bugs, etc are tiny 1×1 pixel images (gif, jpg, png, tif, etc) (and increasingly Flash objects) that companies put into websites or e-mails to track where, when, and by whom they are viewed. On most modern computer screens a single pixel is very hard to see. Even if that weren’t the case 99% of the time these images are transparent so even if you have fantastic eyes you wont see them.

Isn’t this just done by evil hackers/Spammers?

There is a growing trend for large online companies to use these bug/tags to track people. This is partly due to the fact that browsers have gotten better at letting people block older ways of tracking you (cookies, ad banners, etc). So it is the next step in an ongoing techie arms race. Good techies trying to protect your privacy/anonymity. Corporate techies trying to track you so people can make money off of you, or off of people that will pay to know what you are interested in.

A prime example of this is Yahoo’s decision to start using webbugs.

Should I be scared?

Web tracking is nothing new, this is just the next step in the dance. So, being scared is probably over reacting a wee bit. You are perfectly justified in feeling concerned, annoyed, pissed off, righteously indignant, or just plain peeved. Privacy is a right and these folks are dancing around that as best they can.

What can I do?

Unfortunately there isn’t one simple, install this program and it will all go away, type thing you can do. However, this does not mean that there isn’t anything you can do. There are some definite steps you can take to protect your privacy and I’ll cover them briefly here.

E-mail:

I’ll start with e-mail as it is probably one of the easier things to protect from webbuggery. First set your e-mail client to never touch remote/online images. This alone will stop many webbugs in their tracks. If there is such an option consider setting your mail client not to render HTML at all. (this might be a bit drastic for most people). Definitely disable Java, JavaScript, VBScript, etc in e-mails. In this day and age having a scripting language active in your e-mail client is tantamount to leaving your keys in your car with the doors open.

Other things you might want to consider:

Digitally signing all e-mails you send (makes them tamper proof).

Sending mail in text only format (yeah, I know, no smilies.. but safer).

Digitally encrypt all e-mails so they can’t be viewed “in transit”

How to make Browsing safer:

Unfortunately since browsing means loading pictures, blocking webbugs while browsing takes a bit more work. Basically you need a system to block the undesirables. There are many options out there but all take at least some work to set up. One of the easiest is the Adblock Plus extension to the Firefox browser. It makes blocking undesirable elements in a webpage quite easy. The problem is that the webbugs are impossible to see so you have to use the “tools -> page info -> media” function of the browser to locate what elements are 1×1 pixel in size and then block them. Not all 1×1 pixel things are bugs. luckily the bugs are often easy to spot as they will come from a source outside the page you are viewing, or will have a fairly obvious hint in the URL like “adserver.”, “adscript.”, “track”, etc. Adblock Plus also offers free filter subscriptions which it will use to get block lists that have been generated specifically for it. The “ABP Tracking Filter (by rick752)” under miscellanious does a good job on blocking many of these webbugs

This is a bit of a pain in the posterior but once it is done you are pretty good to go. You will still want to check from time to time to make sure that there are not any new ones.

The same approach can be used if you have a router that supports a block list. Just keep adding the nasties to the list and soon you’ll be browsing much more safely. The one drawback to this approach is that some webpages try to use Java/Javascript to load up the ads/webbugs. Having them blocked at the router can sometimes make the page stall while Java tries to get the offending material but can’t reach it.

Other options exist such as Privoxy which is a software proxy that will clean a lot of this stuff up for you. My problem with a solution like this is that although Privoxy is very good at what it does I can’t be sure it’s catching everything I want it to.

The best approach, and the one I use, is a combination of the above. Things that don’t block well at the router I block with Adblock Plus and NoScript. I use Privoxy (and Tor) if I am going some place I am unsure about and definitely wouldn’t want tracking/spamming me.

In the end the decision of what to do about this issues is up to you. It’s your privacy, It’s your choice. Sadly many people feel their privacy isn’t worth the effort it takes to set these filters up.  The things I have talked about here is not a complete list of the options to protect ones privacy. Unfortunately going into all the options would make this document far too long and probably make it classify as a good sleep aid for most people.

Included below are some links for further reading on the subject. Enjoy.

Yahoo’s “Web Beacons”

Privoxy

Tor

Firefox

Adblock Plus

Peer Guardian

GnuPG – e-mail signing/encrypting

WebBug Articles:

http://www.leave-me-alone.com/webbugs.htm

http://www.spywareinfo.com/articles/webbugs/

http://www.securityspace.com/s_survey/data/man.200609/webbug.html