For example, America Online encourages users to place an advertisement offering a free trial membership; the company promises to pay users $50 for any new America Online member who signs up for the service by clicking on the ad. When users place the AOL ad on their pages, they also get a Web bug that passes information along to Be Free Inc, an Internet market research and advertising company. The Web site for Be Free, says it "sits uniquely in the middle of a valuable data stream between businesses, their online marketing partners and consumers." The company is based in Marlborough, Mass.
Tom Gerace, the company's co-founder, said the company did not collect any information that could be used to identify consumers personally. He said that he created Be Free with his brother in 1996 to provide "flexible, robust marketing analysis so our customers and their affiliates can become better marketers over time."
The monitoring technology, which he says he prefers to refer to as Web Beacons, helps track billions of advertising promotions each month for companies like America Online, Microsoft, and Barnesandnoble.com.
The Web Bug ("Web Beacons") technology, which is also known by such terms as "clear gifs" now appears on 18 percent of personal pages, compared with less than 4 percent of pages over all and 16 percent of home pages for major companies. In a similar survey that Cyveillance conducted in 1998, fewer than 0.5 percent of personal Web pages contained Web bugs.
Andrew Weinstein, a spokesman for America Online, said that its Web bugs collect no personally identifiable information on the visitors to personal pages, and had a single purpose: "to send checks to people" whose Web pages attract new customers to the company.
But privacy advocates find the potential of such bugs alarming. Scott Charney, an Internet privacy and security expert at PricewaterhouseCoopers, said that he had seen an early draft of the Cyveillance survey, and that if Web bugs were in fact being used without consumers' knowledge to gather information, "it's extremely troubling — the technology should not be used to collect information in such a covert way."
The New York Times article referred to a survey conducted by Cyveillance, which is based in Arlington, Va., which included a million Web pages, to determine how prevalent these bugs have become; since the company works with clients to safeguard their reputations in the online world, Cyveillance executives said, the survey was intended to warn companies about the growing controversy surrounding the bugs. The Cyveillance report did not identify companies that place Web bugs. To get a copy of the Cyveillance Study (PDF File) click here
San Diego-based WebSideStory is one company offering a method of collecting and analyzing data which takes advantage of these so-called Web Bug / Web Beacon clear-GIF pixels to measure traffic and provide other data on Web site usage. WebSideStory said it believes its technology is more protective of consumer privacy than other methods of gathering traffic data such as Web server log files. The company added that it does not link data to personal information or an individual's Web surfing habits, but uses only aggregate traffic figures.
One can determine a number of things about someone, including their IP Address, the domain associated with that IP Address, what page referred them to this page, their browser setting for Language, whether Javascript is enabled or not, the version of Javascript supported, whether cookies are enabled or not, whether Java is enabled or not, the Operating System being used, the Browser being used, the Monitor Resolution and Color settings, Plug-ins installed, the ISP type (Educational, Commercial, Network), the URL they entered on, and whether this was their first visit this month or not (based on IP number).
For broadband users that have a static IP the IP address will indicate whether they are repeat visitors or not, but even it does not directly reveal who you are (unless your ISP is willing to help identify you, and most ISP are not, without a court order), and the rest of the information, while interesting, does not really violate your privacy to any significant degree. One can't determine your name, address, phone number, or even email address.
| IP Address 129.42.208.144 | Date Visited August 20, 2001 4:50:49 PM | |||
| Domain: ss6.bluebird.ibm.com | Return Frequency: | |||
| Referrer: http://hotbot.lycos.com/?MT=APCU+%2Buser+%2Bassociation.. | ||||
| Language: English | Javascript: Enabled | Javascript Version: 1.3 | ||
| Cookies: Enabled | Java: Enabled | Operating System: Windows 98 | ||
| Browser: Netscape Navigator 4.73 | Monitor Resolution: 1024 x 768 | Monitor Color: 16 million (24-bit) | ||
| Plug-ins: HP Peripheral Interrogator, Adobe Acrobat, Shockwave for Director, RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit), QuickTime Plug-in 4.1.2, Windows Media Player Plug-in, Microsoft® Windows Media Services, PhoneFree Bubble Chat 6.1, PhoneFree 6.1, AppShareUI Netscape Plugin, IBM AFP Viewer Plugin, Street Technologies Plug-in for Netscape, Internet Streaming Bamba Video/Audio Player, Headspace Beatnik Player Stub V1.0.0.1, Shockwave Flash, LiveAudio, NPAVI32 Dynamic Link Library, Netscape Default Plug-in | Country: Commercial | |||
| Entry Page: http://www.apcug.org/index.shtm | Monthly Unique Visitor: No | |||
For further information see:
Because they're called "bugs," people think they have special powers or abilities, or contain some kind active spying technology, like a telephone bug. They do not. They can be used for good, or they can be used for not-so-good purposes, but they are not that different from another tracking mechanizm, with a less frightening name, "Cookies".
One company which generates many of the cookies you will see from various web sites is DoubleClick. In April, 2000 at the Computer and Technology Showcase I presented a program on Firewalls and other Net security matters one section of which covered DoubleClick:
Another approach is to use something like the IDcide Privacy Companion (which is available for IE 4 and 5.01, with a beta version for IE 5.5). It lets you know when you are being tracked on the Net and who is tracking you, and you can set it for:
Federal law requires that any device that listens in on communication, whether it be a bug in a room or a phone tap, requires a wiretap order. In the case of electronic communication via computers, the law specifically requires a wiretap order only if the communication is intercepted in transmission via computer modems and phone lines. That preserves the government's ability to seize a computer, with a simple search warrant, and examine copies of e-mail already sent or received, or anything else that might be stored on the computer's hard drive.
Privacy advocates are especially concerned that the key logger was planted on the basis of a simple search warrant and not a court-approved wiretap order, which is more difficult to obtain and carries far greater restrictions. Prosecutors insist that the key logger planted by the FBI did not intercept communication, but they have refused to divulge how the technology works to back up that claim.
HackerWacker is a site with a LOT of links related to various Privacy and Security sites, however it is not an appropriate site for the beginner.
I hope all of this does not make you paranoid. After all, you are not being paranoid if they really are out to get you. <grin>
For more information on the Tulsa Computer Society click here