Web bugs are small, transparent images or scripts embedded in web pages or emails to perform clandestine services for a third party, such as tracking browsing habits. They can also be used to protect against plagiarism or provide return receipts. Spammers also use web bugs, but they can be defeated by disabling images or using a firewall.
The original web bug is a transparent image, a few pixels or less, commonly embedded in web pages or emails to perform clandestine services for a third party. Web bugs allow you to show the page background, making them invisible. They’re called “bugs” after the discriminated remote listening devices of the same name. The modern Web bug doesn’t have to take the form of a tiny transparent image. Scripts, iFrames, style tags, and other implementations within a page can serve the same purpose.
Every netizen is familiar with the experience of clicking on a link to visit a website and then watching the content load in the browser window. What some surfers may not realize is that the website host may be allowing a third party to embed a web bug into the page. In this case, when a computer requests the page, the embedded image must come from a third party. Your computer’s unique address, called the Internet Protocol (IP) address, is automatically forwarded to the third-party server, which transfers the web bug to your computer. In the process the third party obtains that computer’s IP address, even if the surfer has never visited their website.
Marketers use web bugs embedded on popular Internet pages as a way to track people’s browsing habits. Web bugs can be used in conjunction with computer cookies to create profiles or dossiers of “Joe’s” browsing habits, keeping a record of the sites Joe visited, how often Joe visited them, and the content of those pages. Browsing profiles can span days, weeks, months and even years. While generally referred to as anonymous, a profile can easily be associated with an email address, real name, or other personal and unique identifier.
A web bug can also be used to protect against plagiarism. If a webmaster places a bug on every page of a website, and an unauthorized person copies the source code (content) to their website, every time a visitor to the remote website clicks to read that content, the embedded web bug will “call home” to the original website. The webmaster can find evidence of this by analyzing the server logs.
In HTML-enabled emails, a web bug might be embedded to provide a return receipt to the sender. A return receipt is an optional check in email clients that lets the sender of an email know when the recipient has read a message. Often people disable this check so that return receipts cannot be generated. Assuming the recipient opens the email while online, the embedded bug will contact the third-party website, requesting that the web bug be transferred to the recipient’s IP address. This automatically generates a return receipt even if this setting is disabled in the email client.
Another use of web bugs is to match an IP address with an otherwise anonymous email address. If you send an email with an embedded Web bug to an anonymous email address, when the recipient opens the email, their IP address will be delivered to the website hosting the Web bug.
Spammers also make use of web bugs. Consumers who open HTML-enabled spam unknowingly submit their IP addresses to spammers, revealing working addresses. To avoid getting into these lists, delete junk mail without opening it.
To defeat web bugs in email some people disable images, however there are still ways to embed a bug in HTML-enabled mail. A more secure method is to use text-based email instead. To eliminate web bugs while browsing, use a firewall with this optional feature.
Protect your devices with Threat Protection by NordVPN
