Web Bugs.

[LTJBukem]

This morning i turned on the 'Privacy Advisor' feature of Zone Alarm and was quite surprised to find that web bugs are being blocked from this page. I know that it's the advertising banner, which is also blocked, and that web bugs can be used for many things, some of which are not invasive. But web bugs can also be used to collect IP's and are widely considered to be controversial.

So shouldn't we be warned?

[TheMusicMan]

Your so called "Web bugs" are not different from your own signature or every pic posted on this board.

Every picture on the internet collects data like your IP address, your browser, your screen resolution, OS, hostname, internet browser and much more.

Let's take your signature as an example:

http://www.sighost.us/members/spicydel/dontdoit.jpg

enables the host sighost.us to know all the data posted above since your browser (every browser) fetches the image from the host. Every server has logfiles which collect all of the posted data above. If you upload a signature and you use it in 10 different forums it would even allow sighost to profile you - meaning to "know" which forums you use.

If you are worried about images I would strongly suggest you to use some linux distribution and to use the command line only (text based forums) since every single image would be a "Web bug" if I take your post serious

Hope that post did help you

[LTJBukem]

First of all i'd like to say that it is not my intention to scaremonger or sensationalize, and that i am grateful and respectful to you for making the board as stable and reliable as it now is.

However, i did not invent nor name the 'Web Bug':-
Privacy Foundation
Symantec
Furthermore, why does every Internet Security application choose not only to recognize their existence, but also to block them?

While i do not doubt what you are saying, having checked out other boards, simply having remotely hosted sigs did not cause my firewall to warn me of 'web bugs', nor did opening, mine or other peoples, sigs in their own browsers.

As i said, i know that this is not a major cause for concern. Other boards, including zero paid and techtv, also contain 'webbugs' while some, such as winamp and neowin, do not. I do however feel that if they are to be used, the board could be open about their presence.

[TheMusicMan]

Hello,

I didn't mean to "attack" you so sorry if you got me wrong

I think that your program is reporting this one false positive because the ads here are not hardcoded - an iframe is used to display the ads to allow a better rotation.

This results in a false positive since the ads are called from another domain name (in this case one of my domains where the script is hosted)

Example code for such a false positive (actually the script that I use)

Code:

<?php

// loads the file that contain the ad codes aka image / url tags
$adfile = "adfilename.txt";
$ads = array();

// one line per ad
$fh = fopen($adfile, "r");
while(!feof($fh)) {

  $line = fgets($fh, 10240);
  $line = trim($line);
  if($line != "") {
	$ads[] = $line;
  }
}

// randomly pick an ad
$num = count($ads);
$idx = rand(0, $num-1);
echo $ads[$idx];
?>

The script above opens the adfilename.txt which contains the actual ads

Example for the adfile:

Code:

<a href="http://urlhere.com" target="_newad1"><img src="http://www.theimage.com/someimage1.gif">
<a href="http://urlhere.com" target="_newad2"><img src="http://www.theimage.com/someimage2.gif">
<a href="http://urlhere.com" target="_newad3"><img src="http://www.theimage.com/someimage3.gif">

The false positive is reported because the file that shows the ad is php code and not an image meaning it is not really a "Web Bug" like 1 x 1 pixels which are designed to get a users personal information.

So in this case (klboard) that's the reason for your "alert" but then again you will get this false positive on many sites which use an adserver or scripts to display random ads.

Hope this helps you

[LTJBukem]

OK then, that makes sense. I'll shut up about it now.

Thanks for taking the time to answer, you seem like a really nice bloke.

Best Wishes.

[TheMusicMan]

Hehe no need to "shut up" - It's great to see that people actually care about others and point things out that others don't know / should know.

Even if I work like 16 h per day online it could be that I miss something bad and then it's good if people notice something and report it.

One of my advertisers did change to "targetnet" ads one day and i would not notice it if people would not tell me - so all in one: feedback is always welcome !

[Wizzandabe]

Thanks for taking the time to answer, you seem like a really nice bloke

I was just going to say that.

Thanks Darker.