E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


The Previously Undocumented Feature Can Allow the Surreptitious Tracking of Computer Files on the Internet

Source: Privacy Foundation

Posted on September 5, 2000

      Readers of email document attachments beware: the author of a computer file may be able to track the path of the file to your computer and others through the use of "Web bugs," the Privacy Foundation reported on August 30.

      The finding could have broad implications for businesses, public agencies and other entities, which may seek to use this tracking ability - and for individuals, who are unlikely to know that the file they are reading is communicating back through the Internet to the author.

      "We are not aware of Web bugs being used in this way," said Richard M. Smith, chief technology officer of the Privacy Foundation. "But the possibility is troubling given the trend of using the Internet and monitoring software to track individual behavior."

      A detailed Privacy Advisory, along with demonstrations and graphics of how the document Web bug works, plus a list of questions and answers, is available at the foundation's website at http://www.privacyfoundation.org.

      The tracking potential occurs when a file sent through the Internet, typically as an email attachment, contains an image file located on a remote Web server. This can happen through a range of popular Microsoft programs, including Word, Excel and PowerPoint. (The Privacy Foundation continues to investigate this issue with regard to other software programs.)

      If the document contains an invisible marker called a Web bug, then when the request for the image is made and acted upon within the displaying program, a signal will be sent back to the document author. This signal, obtained through server logs, will contain the IP number, from which a host name of the computer can usually be obtained.

      In addition, if the bugged document is forwarded to any another computers and opened, it can send back the IP number and host name of those computers to the original sender. In some cases, combined with the use of cookies in Internet Explorer, an author could match up the computer viewers of a document to their visits to the author's Web site. The Privacy Foundation findings were presented to Microsoft Corp. early in August for review. The company acknowledged the potential use of Web bugs to track Word documents, but said that there is no evidence that such activities are occurring.

      The Privacy Advisory, authored by Smith, notes a myriad of potential uses for document Web bugs: tracking the path of confidential files, detecting copyright infringement, and surreptitious market research. In most cases, it is unlikely that the person who opens such a document on a computer would know that the Web bug exists.

      "The potential use of Web bugs in Word points to a more general problem," said Smith. "Any file format that supports automatic linking to Web pages or images can lead to the same problem. Software engineers should take this privacy issue into consideration when designing new file formats."

      Smith noted, for instance, that Web bugs could be used within text material that accompanies downloaded MP3 music files to track how many times a song is played and on which computer.

      The investigation into this matter by the Privacy Foundation was triggered by a tip from Barry Shell, research communications editor at the Centre For Systems Science, Simon Fraser University, Burnaby, BC, Canada.

      As part of a quarterly program to acknowledge privacy research, the Privacy Foundation will present Shell with a check for $1,000.

      Based in Denver, the Privacy Foundation is a non-profit and non-partisan organization dedicated to research on electronic privacy issues and efforts to educate the public.

      The Foundation's research on the privacy implications of communications technologies is conducted at the Privacy Center at the University of Denver, under the direction of computer science professor David Martin, in consultation with Richard M. Smith.

      Contact: Richard M. Smith or Stephen Keating at the Privacy Foundation. Phone: 303-717-2607.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.