Thursday, June 14, 2007

Web Privacy : Spotting Web Bugs

What is a Web Bug?

From the Web Bug FAQ:

A Web Bug is a graphics on a Web page or in an Email message that is designed to monitor who is reading the Web page or Email message. Web Bugs are often invisible because they are typically only 1-by-1 pixel in size. They are represented as HTML IMG tags. For example, here are two Web Bugs recently found on Quicken's home page (www.quicken.com):


<img style="display: none;" src="http://ad.doubleclick.net/ad/pixel.quicken/NEW" border="0" height="1" width="1" />

<img src="http://media.preferences.com/ping?ML_SD=IntuitTE_Intuit_1x1_RunOfSite_Any%20%20%20%20%20%20%20%20%20&db_afcr=4B31-C2FB-10E2C&event=reghome&group=register&%20%20%20%20%20%20%20%20%20time=1999.10.27.20.5%20%20%20%20%20%20%20%20%206.37" border="0" height="1" width="1" />


The two Web Bugs were placed on the home page by Quicken to provide "hit" information about visitors to DoubleClick and MatchLogic (AKA, preferences.com), two Internet advertising companies.

Information that a Web Bug can track includes:
  • The IP address of the computer that fetched the Web Bug
  • The URL of the page that the Web Bug is located on
  • The URL of the Web Bug image
  • The time the Web Bug was viewed
  • The type of browser that fetched the Web Bug image
  • A previously set cookie value
The 1x1 IMG bug is still very common, probably because the technique works across all browsers and even when javascript is disabled. However, a Web Bug could be a SCRIPT (javascript), IFRAME, APPLET or some other HTML element.

Are Web Bugs bad?

That is up to you to decide :) Many web sites rely on advertising, so having stats on who uses their sites and how the sites are used provides vital marketing information.

On the other hand information privacy is a hot topic with recent criticism over Google's lack of privacy policies and how Microsoft is developing algorithms that correctly guess the gender and age of web surfers.

In the interest of full disclosure my blog has a Google Analytics Web Bug that I use to review which of my posts are the most popular.

How Can I spot a Web Bug?

You can view the HTML source of a web site and look for images with a 1x1 pixel size. Doing this inspection manually is pretty impractical for large web sites.

However, I came across this genius Greasemonkey script that, after a web page has loaded, will search for any 1x1 images and change their size to 101x101 and color to bright green! The result is that when you are scrolling through a web page any Web Bugs in the page will be obvious.

(If you're using Firefox I highly recommend you install the Greasemonkey addon. It allows you to attach user defined javascript to any web page, giving you the opportunity to change the look or behavior of a web site to just the way you like it.)

That script has a couple of limitations:
  1. It highlights all 1x1 images as possible Web Bugs. There are a lot of sites that still use spacer GIFs to control formatting in older browsers.
  2. It does not highlight non-IMG Web Bugs.
To get around the limitations I extended the script to do the following:
  1. Highlight 1x1 images only if the URL to the image contains query parameters. e.g. http://example.com/ad/counter.aspx?ID=T1234
  2. For non-IMG Web Bugs list the URLs in bright green at the bottom of the page. I constructed a list of some of the worst offending Web Bug sites from the SecuritySpace Web Bug Tracking Survey.
So here is the modified script:


// ==UserScript==
// @name Detect Web Bugs
// @namespace http://robertmaldon.blogspot.com/
// @description Attempt to detect web bugs by expanding the size of bugged 1x1 images (based on original idea http://www.click-now.net/forums/index.php?showtopic=1826) and listing other possible bugs at the bottom of the web page.
// ==/UserScript==

// ver 1.0 @ 2007-06-13
// First release

( function(){

function logWebBug(tagName, text) {
var bugText = document.createTextNode("WeB BuG [" + tagName + "] " + text);

var bugDiv = document.createElement("div");
bugDiv.border = "11";
bugDiv.style.borderColor = '#ff0000';
bugDiv.style.backgroundColor = '#00ff00';
bugDiv.appendChild(bugText);

document.getElementsByTagName("body")[0].appendChild(bugDiv);
}

window.addEventListener("load", function(e) {

// Search for 1x1 images that also contain a query string
var imgList = document.getElementsByTagName("img");
for (var i = 0; i < imgList.length; i++) {
if (imgList[i].src != "" && imgList[i].src.match(/\?/) &&
imgList[i].naturalWidth == 1 && imgList [i].naturalHeight == 1) {
imgList[i].width = "101";
imgList[i].height = "101";
imgList[i].alt = "WeB BuG";
imgList[i].border = "11";
imgList[i].style.borderColor = '#ff0000';
imgList[i].style.backgroundColor = '#00ff00';

logWebBug("img", imgList[i].src);
}
}

// Search for other types of web bugs
var tags = ['img', 'script', 'iframe', 'style', 'embed', 'applet', 'object'];
var domains = ['4u.pl', '51yes.com', 'adbrite.com', 'addfreestats.com',
'bfast.com', 'blog.seesaa.jp', 'bravenet.com', 'casalemedia.com',
'clckm.com', 'clustrmaps.com', 'cnomy.com', 'cnzz.com',
'cybermonitor.com', 'doubleclick.net', 'fastclick.net', 'fc2.com',
'feedburner.com', 'gemius.pl', 'google-analytics.com',
'googlesyndication.com', 'hostingprod.com', 'infoseek.co.jp',
'js.users.51.la', 'liveperson.net', 'nedstatbasic.net',
'overture.com', 'qq.com', 'rbc.ru', 'searchignite.com',
'sedoparking.com', 'shinystat.com', 'shinystat.it',
'sitemeter.com', 'skyrock.com', 'snap.com', 'sponsorads.de',
'statcounter.com', 'technorati.com', 'textad.net',
'tradedoubler.com', 'valuecommerce.com', 'webmasterplan.com',
'webring.com', 'xrea.com', 'yandex.ru'];
for (var i = 0; i < tags.length; i++) {
var elementList = document.getElementsByTagName(tags[i]);
for (var j = 0; j < elementList.length; j++) {
for (var k = 0; k < domains.length; k++) {
if (elementList[j].src.match(domains[k])) {
logWebBug(tags[i], elementList[j].src);
}
}
}
}

return;
}, false);

})();

If you are running Firefox you can install the script by doing the following:
  1. Install Greasemonkey if you haven't done so already
  2. Manually install the script above or install by clicking on this download link
  3. Surf away!
It shouldn't take long to find Web Bugs - they're everywhere!. Below is an example from the bottom of the New York Times home page which contains a classic 1x1 Web Bug and lots of DoubleClick Web Bugs.

I've Found A Web Bug I Don't Like. How Do I Block It?

If you are using Firefox then install the Adblock Plus addon and add the URL of the Web Bug to the block list.

No comments: