Personal firewalls and Microsoft's coming "cookie cutter" may help users squash these pests. But privacy
regulation may be the ultimate answer.
Consumers worried about privacy won't get a good solution to Internet "Web bugs" any time soon, privacy
and security experts said Thursday.
Web bugs - special HTML coding that requests information over the Internet and returns information about the
user - allow online marketers to track consumers and corporations to protect proprietary data.
"The benefits of the feature outweigh the tracking risks," said Richard Smith, chief technology officer
for the Privacy Foundation in Denver.
On Wednesday, the foundation released a report that put all Internet-enabled applications - not just Microsoft
Corp.'s Word, Excel and PowerPoint - in the spotlight as new staging grounds from which marketers and employers
can track users.
By embedding HTML code in a document mailed to or downloaded by users, anyone can be identified by their Internet
"Companies might use this to locate any leaks, (and) marketing companies use Web bugs every day of the
week," said Smith, who himself used the technique to identify virus writers and hackers several years ago.
"As the distinction between Web applications and the desktop blur, (Internet tracking) will start happening
The Web bugging technique is a creative application of HTML coding that was created so Webmasters could keep components
of their pages in different places. For example, all images could be kept on a separate server, and as a user loaded
a page, that server would supply the images.
The user is bugged when the server from which the content is being requested records who is requesting that
"A lot of junk e-mail puts in an HTML Web bug that identifies you," said Jason Catlett, president
of pro-privacy Junkbusters Corp. "Other hidden tracking numbers can tell them a great deal more."
For example, Microsoft Office applications can access the cookies created by Internet Explorer. "In many
cases, the Web bug is an opportunity to get your cookies," said Catlett, who sees little means of defense.
While some banner ad-blocking software can stop Web bugs that try to contact servers owned by well-known data collectors,
such as DoubleClick, the software fails to stop surveillance by lesser-known sites.
Several personal firewall products can prevent some of the effects of Web bugs.
Zone Labs Inc.'s free ZoneAlarm can be used to prevent applications other than a user's browser from connecting
to the Internet. And, new technology for Microsoft's Internet Explorer allows users to manage cookies, preventing
some information from leaking out.
Neither solution completely solves the problem, however. A Web bug embedded in a Web page or e-mail can still
get by Zone Alarm, while Microsoft's new technology blocks only cookies, not simpler Web bugs.
"We are looking how to deliver enhanced privacy very quickly," said Fred Felman, vice president of
marketing for Zone Labs. "We are not ready to announce new features, but they are on the table."
A regulatory solution?
In the end, there may be no technological solution.
"The WWW is a perfect medium for surveillance," said Junkbuster's Catlett. "What needs to be
done is that Americans need privacy rights. I don't see how you can stop the large swarm of Web bugs, otherwise."
Ari Schwartz, policy analyst with the Center for Democracy and Technology, a Washington, D.C.-based think tank,
also believes that other - non-technical - solutions are needed.
"People should pressure companies to not to do this surreptitious collection of information," Schwartz
said. "If we do need legislation, it could help people be alerted when this is going on and give them some
As things stand, with no knowledge of what information their PCs are distributing over the Internet, Web users
have little choice at all.