2. TODAYS AGENDA
• WHAT IS A WEB BUG ?
• HOW THEY WORK
• USES OF WEB BUGS
• EMAIL WEB BUGS
• HOW THEY WORK
• WHEN GOOD BUGS GO BAD
• EMAIL WIRETAPPING
• I BET YOU DIDN’T KNOW…
• RULES OF ENGAGEMENT
• THE FUTURE IS ‘P3P’
3. WHAT IS A WEB BUG ?
PR A F
IV CY OUNDAIONDE INIT
T F ION
AW bug is agr phic on aW pa orin a E ilmessa t tis designed t monit w is r ding t W pa orE ilmessa W bugs ae oft inv e
eb a eb ge n ma ge ha o or ho ea he eb ge ma ge. eb r en isibl
beca t ae typical onl 1- 1 pixelin size. T ae r esent a HT LIM t gs.
use hey r ly y by- hey r epr ed s M G a
DOUBL CL DE INIT
E ICK F ION
“Acl rG [Ga Int cha F ma] orpixelt g [aso know a a'w bea is al ofcode t tcompa pl ce on t w sit w al s us t hel t
ea IF r phics er nge or t a l n s eb con'] ine ha nies a heir eb es hich low o p hem
a l t a erising ca igns a t gener lusa pat ns ofv or t t w sit
nayze heir dv t mpa nd he a ge ter isit s o heir eb es”
W R T YDIF E
HE E HE F R
“… Cl rG s a pixelt gs ae somet eroneousl cal 'w bugs.' W e cl rG s a pixelt gs do notca a da ge t yourcomput , 'w bugs,' oft witen in
… ea IF nd a r imes r y led eb hil ea IF nd a use ny ma o er eb en r t
J v Scr , cont in execut bl fil a ma ca ham t yoursoft ae orcomput ”
a a ipt a a e es, nd y use r o wr er
W BUG
HY ?
”T w d "bug" is being used t denot asmal ea esdr
he or o e l, v opping device”
Sour htp:/w w iv cyfoundaion.or
ce: t / w .Pr a t g
4. HOW THEY WORK
THIS IS A DOUBLECLICK ( sic) ‘ WEB BUG’
ht /d.doubl ick.neta iv c= 4 4 ;t pgv ;ca= x15pr d= "+ or
tp:/a ecl /ct ity;sr 68 13 ype= w t od;or d;document r n('< img sr "' + spotighta + '? W H= 1 HE HT 1 BOR R 0 ');
.witel c= l t g " IDT IG = DE = >
ht / w .t yshop.com/
tp:/w w hefl
WHAT THEY LIKE TO EAT
W aw pa is l ded t t g is a iv t a itr ds t cookie fil in t br sera pa ba t it ser ert folow infor t
hen eb ge oa he a ct aed nd ea he e he ow nd sses ck o s v he l ing maion:
• IPa ess oft comput t tfet t W bug
ddr he er ha ched he eb
• UR oft pa t tt W bug is l t on
L he ge ha he eb ocaed
• UR oft W bug ima
L he eb ge
• T t w bug w s v ed
ime he eb a iew
• T ofbr sert tfet t W bug ima
ype ow ha ched he eb ge
• Apr iousl setcookie v l
ev y aue
5. US ES OF WEB BUGS
• A net or ca use W bugs t a infor t t aper lpr e ofw tsit aper is v ing. T per lpr e is ident byt
d w ks n eb o dd maion o sona ofil ha es son isit he sona ofil ified he
br sercookie ofa a net or A some l t t t per lpr e w is st ed in adaaba ser erbel
ow n d w k. t aer ime, his sona ofil hich or t se v ongingt t a net or
o he d w k,
det mines w tba a one is show
er ha nner d n.
• A heruse ofW bugs is t pr ide a independenta
not eb o ov n ccount ofhowma peopl ha e v ed apat a W sit
ing ny e v isit ricul r eb e.
• W bugs ae aso used t gaherst t ics a W br serusa a differ pl ces on t Int net
eb r l o t aist bout eb ow ge t ent a he er .
• BUGNOSIS
6. WEB BUGS IN EMAIL MES S AGES
• Aw bug ca be used t find outifapat a ema messa ha been r d bysomeone a ifso, w the messa w s r d.
eb n o ricul r il ge s ea nd hen ge a ea
• AW bug ca pr ide t IPa ess oft r
eb n ov he ddr he ecipientift r
he ecipientis at ing t r in a
tempt o ema nonymous.
• W hin a or nizaion, a w bug ca giv a ideahowoft amessa is being for aded a r d.
it n ga t eb n e n en ge w r nd ea
• T mea e howma peopl ha e v ed t sa ema messa in amaket ca ign.
o sur ny e v iew he me il ge r ing mpa
• T det ifsomeone ha v ed aj ema messa ornot Peopl w do notv amessa ae r
o ect s iew unk il ge . e ho iew ge r emoved fr t l forfut e ma ings.
om he ist ur il
• T synchr aW br sercookie t apat a ema a ess. T t ick al s aW sit t knowt ident yofpeopl w come t t sit a al t dae.
o onize eb ow o ricul r il ddr his r low eb e o he it e ho o he e t aer t
7. UP CLOS E
EXAMPLE OF AN EMAIL WEB BUG
• E ilW bugs ae r esent a 1- 1 pixelIM t gs j l W bugs forW pa How er beca t senderoft messa ar dy
ma eb r epr ed s by- G a ust ike eb eb ges. ev , use he he ge l ea
know yourE ila ess, t aso incl t E ila ess in t W bug UR . T E ila ess ca be in pl in t orencr ed.
s ma ddr hey l ude he ma ddr he eb L he ma ddr n a ext ypt
< imgw h= '1' height '1' sr "htt / w .m0 / l
idt = c= p:/w w .netm/ogopen0 sp? id= 3 t 3 153 3
2.a v &caid= 70 0 7&ema = SM HS%4 t c.net at= " ">
il IT 0ia " l
EMAIL VENDORS KNOWN TO US E WEB BUGS
• E ct
xa is
• Digit lImpa
a ct
• Responsys
8. EMAIL WIRETAPPING
T expl al s someone t sur ept iousl monit witen messa at ched t for aded messa Some oft possibl w ys t tt expl might
his oit low o r it y or r t ges ta o w r ges. he e a ha his oit
be used incl
ude:
M or t pah ofaconfident le- ilmessa a witen comment at ched.
onit ing he t ia ma ge nd r t s ta
In abusiness negot t conduct v e- il one side ca l r inside infor t fr t ot side a t pr lis discussed t ough t
iaion ed ia ma , n ean maion om he her s he oposa hr he
recipientcompa int na e- ilsyst
ny's er l ma em.
Abugged e- ilmessa coul ca ur t nds ofe- ila esses a t for aded messa is sentaound t w l
ma ge d pt e housa ma ddr s he w r ge r he ord.
Commer lent ies, pat al t ba offshor ma seek t offere- ilw et ppinga aser ice.
cia it ricul ry hose sed e, y o ma ir a s v
9. S EGWAY TO VAGUELY RELATED TOPIC
• Commercial surveillance- DONE
• Unscrupulous surveillance- DONE
• Workplace surveillance-NOT DONE
10. I BET YOU DIDN’T KNOW…
"M e t n t ee- rer ofmaorU.S. fir ( 77.7 percent) r d a r iewempl communicaions a a iv ies on t j incl
or ha hr quat s j ms ecor nd ev oyee t nd ct it he ob, uding
phone cal e- il Int netconnect a comput fil
ls, ma , er ions, nd er es."
Sour A ica M na
ce: mer n a gementA t (A A sur eyof"W kpl ce M or &Sur l nce 20 1”
ssociaion M ) v or a onit ing veila 0
But during the 9-5 workday…
• 70 ofalInt netpor a t a occur (sour SexTa ).
% l er nogr phy r ffic s ce: r cker
• 3 t 4 % ofInt netsur is notbusiness- el t (sour IDC).
0o 0 er fing r aed ce:
• M e t n 60 ofonl pur ses ae ma (sour Niel / R t
or ha % ine cha r de ce: sen/Net aings).
11. THE RULES OF ENGAGEMENT
EMPLOYERS ARE NOT REQUIRED BY LAW TO DIS CLOS E:
• T fr
he equencyoft monit ing.
he or
• T infor t t be monit ed.
he maion o or
• Howt infor t w lbe st ed used a discl in t fut e.
he maion il or nd osed he ur
• T l wpl ces no l aion on howempl s use t fr s oft sur l nce,
he a a imit t oyer he uit heir veila
• E oyees ha e no r t r iewst ed e- ila W v s.
mpl v ight o ev or ma nd eb isit
• Ifempl s choose t ignor t l wa notinfor empl
oyer o e he a nd m oyees oft monit ing, t mostsev e penat forafir offenderis a a
he or he er ly st n dminist aiv penat of$50 ;
r t e ly 0
THEM AND US
“E oyer w d be w la ised t discl t empl
mpl s oul el dv o ose o oyees w tis being monit ed a w E oyees, mea hil shoul ma itt business t l r w monit ing
ha or nd hy. mpl nw e, d ke heir o ean hich or
syst ae in pl ce, a w tt ca bil ies ae”
ems r a nd ha he pa it r
Sour htp:/w w iv cyfoundaion.com
ce: t / w .Pr a t
12. THE FUTURE IS ‘P3P’
• T Pl t m forPr a Pr ences Pr ect(P3 s cr t setofcr er forsit t tsetcookies on user T d pat cookies w h pol w lbe ev l t byt
he afor iv cy efer oj P),ha eaed it ia es ha s. hir ry it icies il auaed he
user br sert det mine w hert meetuserpr ences, a hence be a ed.
's ow o er het hey efer nd ccept
• P3P's Full Policy and Compact Policy:
A"F l P3 pol is adet il XM documentt tcompl el descr aldaacolect pr ct forasit In a ion t F lPol sit ae a e t communicae t
ul" P icy a ed L ha et y ibes l t l ion a ices e. ddit o ul icies, es r bl o t heir
pol w h r r t onl cookie daat ough amecha cal aCompa Pol ACompa Pol is acust HT Phea t tis senta t t acookie is set T
icies it egad o y t hr nism led ct icy. ct icy om T der ha t he ime . he
Compa Pol CP, uses asequence ofa oximael 52 t
ct icy, ppr t y okens t summaize asit pol w h r r t t tcookie. Ow t CPs condensed naur t ae fa ea
o r e's icy it egad o ha ing o t e hey r r sier
forW Br ser t int pr a ma decisions upon tha ae F lPol
eb ow s o er et nd ke n r ul icies.
• Int netE or 6.0 w lr e t d pat t tsetcookies t del p3 "compa cookie pol
er xpl er il equir hir ries ha o iver p ct icies" w h t cookies. T d pat cookies t tdo notha e pol
it heir hir ry ha v icies
w lbe bl
il ocked.