BBC Homepage World Service Education
BBC Homepagelow graphics version | feedback | help
BBC News Online
 You are in: Sci/Tech
Front Page 
UK Politics 
Talking Point 
In Depth 

Thursday, 20 July, 2000, 13:38 GMT 14:38 UK
Pixel-high privacy spy
Spies BBC
Big Brother is getting smaller all the time
By BBC News Online internet reporter Mark Ward

Spies too small to see are keeping an eye on you while you browse the world wide web.

If the bugs are put in an e-mail there is no real defence against them

David Banisar, Epic
The "web bugs" hide computer codes behind images only a pixel in size to gather information about surfing habits.

The bugs are almost impossible to defend against. Privacy experts say the hidden images are the first of a new generation of "spyware" designed to watch what people do on the web without them knowing.

Many websites use invisible images to ensure the graphics they want people to see sit in the right position.

Bugged browsers

But now some companies are putting invisible images only a pixel square on web pages that have a more sinister use.

"They are a secret way of gathering information about someone," said David Banisar, a civil liberties expert from the Electronic Privacy Information Centre (Epic).

The image usually matches the background colour of the page it sits on to ensure they are completely invisible. Every image or letter on a computer screen is drawn by filling in, leaving blank or colouring pixels or picture elements.

Common resolutions for computer screens are 1024 by 768, 800 by 600 or 640 by 480 pixels. The bugs may be invisible to surfers but as far as a computer is concerned they are just another image.

Packed pixels

Because of this, HTML code can be hidden behind them, and that HTML code can be used to gather information about your surfing habits.

Data web bugs can gather
IP address of your computer
web location of bug
web page bug is attached to
Time the bug was viewed
Which browser you are using
Any cookies already on your computer
When you visit a webpage, your browser requests all the images, text, boxes and adverts that make up the page from several different computers.

Typically the request for the invisible "web bug" image goes to a server that has the job of collating information on lots of web users.

When a browser such as Netscape communicator or Internet Explorer requests data it usually sends information about the machine and person using it.

The HTML code hidden in the image can request additional information from that computer or the past visits to that site.

The web bugs can mine information about who owns the site you are surfing from as well as details about your computer such as what data is held in the Windows registry.

The bugs work best in conjunction with cookies - files that log what you do on a website - and can interrogate them to find out more about you.

No defence

While many people turn off cookies, few are aware that there are other ways for them to be watched.

The only way to stop them completely is to turn off the graphics on all the websites you browse.

But Mr Banisar says that this does not mean that people avoid the attention of web bugs. Anything that can read HTML, such as e-mail programs, Usenet readers, instant chat programs and word processors, can be bugged.

"If the bugs are put in an e-mail, there is no real defence against them," said Mr Banisar.

Some companies are now peppering all the web pages that they advertise on with web bugs. Visiting one bugged page will mean that all the pages in that network will gather information about you.

Consumer consent

Some websites such as allow users to check how leaky their computer is and what information it is giving out.

A lot of pages are bugged. Using search engines to ferret out the tell-tale HTML code returns thousands of hits.

If you are browsing behind a firewall you can make sure that tiny images are stripped out before the pages are served up.

The data being collected is usually sent to online advertising services such as Doubleclick, Engage Technologies and MatchLogic.

The US Federal Trade Commission is known to be investigating the use of web bugs and is worried that people are being watched without their consent.

"In the absence of any legal protection, it is up to the consumer to figure it out for themselves," said Mr Banisar. "Unfortunately it is too complex for anyone short of a PhD programmer to work out."

Search BBC News Online

Advanced search options
Launch console
See also:

12 Jul 00 | Sci/Tech
'Snooping' bill protests stepped up
12 Jul 00 | UK
Trading in information
05 Jul 00 | Europe
EU probes Echelon
21 Jun 00 | Talking Point
Is net surveillance prying or policing?
14 Jun 00 | Europe
Greek protest over ID cards
25 May 00 | Sci/Tech
Watching while you surf
10 May 00 | Talking Point
Should your e-mails be screened at work?
05 Apr 00 | UK Politics
Information bill rebellion threatened
22 Feb 00 | Washington 2000
Encryption for all
Links to more Sci/Tech stories are at the foot of the page.

E-mail this story to a friend

Links to more Sci/Tech stories