A
widely used, yet virtually undetectable, means of tracking people's Internet
surfing habits is joining its better-known cousin, the cookie, as the subject of
several lawsuits and a privacy initiative by the government.
The technology, often called Web bugs or 1-pixel gifs, is prompting further
concern that the once-freewheeling Web is becoming more like an Orwellian Big
Browser.
Like cookies, Web bugs are electronic tags that help Web sites and
advertisers track visitors' whereabouts in cyberspace. But Web bugs are
invisible on the page and are much smaller, about the size of the period at the
end of this sentence.
A Web bug "is like a beacon, so that every time you hit a Web page it sends a
ping or call-back to the server saying 'Hi, this is who I am and this is where I
am,'" said Craig Nathan, chief technology officer for privacy start-up Meconomy.com and former technical liaison for
Personify.
Most computers have cookies, which are placed on a person's hard drive when a
banner ad is displayed or a person signs up for an online service. Savvy Web
surfers know they are being tracked when they see a banner ad. But people can't
see Web bugs, and anti-cookie filters won't catch them. So the Web bugs wind up
tracking surfers in areas online where banner ads are not present or on sites
where people may not expect to be trailed.
That was the case last month when the White House ordered its drug
policy office to stop using Web bugs on the government's anti-drug site Freevibe.com. Following the mandate, the
Clinton administration issued strict new rules regulating federal use of the
technology, which can surreptitiously collect personal information.
Web bugs can 
"talk" to existing cookies on a computer if they are both from the
same Web site or advertising company, such as DoubleClick, which uses bugs and
dominates the online advertising market.
That means, for example, that if a person visited Johnson & Johnson's
YourBaby Web site, which uses DoubleClick Web bugs, the bug would read the
visitor's DoubleClick cookie ID number, which shows the past online behavior for
that computer. The information would then go back to DoubleClick.
Ad networks and agencies say cookies and other tracking devices are used to
help both consumers and Web sites. Under fire from privacy advocates, ad
executives have consistently said the information collected is kept private and
is the sole property of the company that is being advertised.
The "evil" of Web bugs
But privacy advocates see an insidious side
to the tiny tag.
"The danger of that is that if you were going to a site on yeast infections,
the second it loads up, before the screen loads, somewhere in the world the fact
that you visited the site is now registered. That's the evil of Web bugs," said
Ira Rothken, a lawyer at the technology-oriented Rothken Law Firm, based in San Rafael, Calif.
The problem is magnified, he said, when a company can tie your cookie number
to personal identifying information such as a phone number and address.
This became a real concern last November when DoubleClick bought Abacus
Direct, a company that holds detailed consumer profiles on more than 90 percent
of U.S. households. Syncing DoubleClick's database about Net surfers with
personally identifiable data set off a firestorm of criticism, as well
as a government inquiry. DoubleClick has since dropped plans to link the
databases until there is agreement between government and the industry on
appropriate standards.
"Web bugs were developed to not let you know (you're being tracked) and for
the simple design aspect of an invisible dot," Nathan said.
Rothken filed a 
consumer Internet privacy suit against DoubleClick in February,
and there are three other similar suits against the ad network.
Also in February, the state attorney general in Michigan began legal
proceedings against DoubleClick. The attorney general claimed the company had
violated consumer protection laws by not telling Web visitors that DoubleClick
regularly put cookies and Web bugs on their hard drives.
The other side of the coin is that Web bugs, like cookies, can be useful. For
consumers, cookies can store passwords and other sign-on information. For Web
sites, Web bugs can help better manage content by knowing what is effective.
They also give online ad agencies a way to track campaigns when a banner isn't
present.
Bang for their advertising buck
"Using traffic-log cookies or clear
gifs is a way for advertisers to learn whether they're getting the most bang for
their advertising dollar," said Jules Polonetsky, chief privacy officer at
DoubleClick. "It's a tool that does not provide any personal information but
allows the Web site to learn how users are visiting different areas of their
site and learn which ads brought them to their site.
"We are contractually obligated to maintain that information solely for the
use of the site; it's critically private information," Polonetsky said.
Web bugs have sparked much criticism from Net experts of late.
Richard Smith, a
computer security expert, said that a wide variety of medical and pornography
sites are using the tags. He said there are Web bugs on such sites as Procrit,
which has information about AIDS drugs, and iFriends.net, an online version of
an adult peep show.
Smith has set up a Web site
that searches for Web bugs. A quick search on that site for such bugs issued by
DoubleClick, for example, returned more than 80,000 hits.
Web bugs can also be used in email. For example, companies can send a bulk
HTML email newsletter that has Web bugs, which will determine how many people
read the letter, how often they read it, and whether they forward it to anyone.
The email "would include your email address in the URL or include a coded ID or
encrypted email address to track when you opened it," Smith said.
"Web bugs are like carbon monoxide for Internet privacy," said Jason Catlett,
a privacy advocate with Junkbusters. "You can't see them, but they can damage
your privacy anyway."
