What is a Web Bug?

The original Web bug is a transparent image, just a few pixels or less in size, commonly embedded in webpages or email to perform clandestine services for third parties. Web bugs allow the background on the page to show through, making them invisible. They are called “bugs” after the discriminate, remote listening devices of the same name. The modern Web bug need not take the form of a tiny transparent image. Scripts, iFrames, style tags and other implementations within a page can serve the same purpose.

Every netizen is familiar with the experience of clicking on a link to visit a website then watching the content load in the browser window. What some surfers might not realize is that the host of the website can allow a third party to embed a Web bug in the page. In this case when a computer requests the page, the embedded image must come from the third party. The computer’s unique address, called an Internet Protocol address (IP), is automatically forwarded to the third party server, which transfers the Web bug to the computer. In the process the third party gains that computer's IP address, even though the surfer never visited their website.

Marketers use embedded Web bugs on popular pages across the Internet as a means of tracking people’s surfing habits. Web bugs can be used in conjunction with computer cookies to build profiles or dossiers of "Joe’s" surfing habits, keeping a running log of sites Joe visited, how often Joe visited them, and the content of those pages. Surfing profiles can span days, weeks, months and even years. Though generally stated as being anonymous, a profile can easily become associated with an email address, real name, or other personal, unique identifier.

A Web bug can also be used to guard against plagiarism. If a webmaster places a bug on each page in a website and an unauthorized person copies the source code (content) to their own website, every time a visitor at the remote website clicks to read that content, the embedded Web bug will "phone home" to the original website. The webmaster can find evidence of this by analyzing server logs.

In HTML-enabled email, a Web bug might be embedded to provide a return receipt to the sender. A return receipt is an optional control in email clients that allows the sender of an email to know when the recipient has read a piece of mail. Often people disable this control so that return receipts cannot be generated. Assuming the recipient opens the email while online, the embedded bug will contact the third party website, requesting the Web bug be transferred to the recipient’s IP address. This automatically generates a return receipt even if this setting is disabled in the email client.

Another use for Web bugs is to match an IP address to an otherwise anonymous email address. By sending an email with an embedded Web bug to an anonymous email address, when the recipient opens the email, his or her IP address will be handed over to the website hosting the Web bug.

Spammers also make use of Web bugs. Consumers opening HTML-enabled spam unwittingly send their IP addresses back to the spammers, revealing working addresses. To avoid getting on these lists, delete unsolicited mail without opening it.

To defeat Web bugs in email some people disable images, however there are still ways to embed a bug in HTML-enabled mail. A safer method is to use text-based email instead. To squash Web bugs while surfing, use a firewall with this optional feature.