Bugnosis
Copyright © 2000, 2001 Privacy Foundation. All rights reserved.
|
BugnosisCopyright © 2000, 2001 Privacy Foundation. All rights reserved. |
Web bugs are hidden surveillance devices in Web pages. Like cookies, they can be used to track your movements throughout the Web, but they are harder to spot. Bugnosis can help you find them.
Bugnosis operates by analyzing the Web pages that you visit while surfing. When it discovers a Web bug, it alerts you with a sound ("uh-oh!") and pops up a window containing details about the Web bug. It also makes visible the Web bugs hidden on the page, so you can see where they are placed. By revealing Web bugs, Bugnosis makes it possible for ordinary Web users to "watch the watchers."
Bugnosis is an educational tool, not a Web bug blocker. For more information, visit the Bugnosis FAQ site.
Bugnosis has been designed to work on PCs running a Microsoft Windows operating system and the Internet Explorer Web browser, version 5.0 or higher.
Bugnosis tags each image it encounters with a list of properties. The properties are described below. Each property is just one additional piece of information; normally, an image will have to have several of the properties below in order to be designated a Web bug.
Tiny means that the image takes up a very small amount of visual space on the screen, suggesting that the Web designer who placed it intended to hide it from view. Generally speaking, an image will have to be tiny for Bugnosis to designate it a Web bug. But tiny images are also used by Web developers to control the visual layout of a Web page, so an image can be tiny without being a Web bug.
Once means that the image is only used once within the document. This property helps to distinguish tiny images that are used for tracking of users and those that are used to control the visual layout of the Web page (see Tiny).
Domain means that the image comes from a different domain than the original Web document. This suggests that a third-party computer may be tracking the users that visit a particular Web site. An image usually has to come from a different domain to be identified as a Web bug.
Cookie means that the URL for the image overlaps significantly with information stored in a cookie. This may suggest that a Web site is "synchronizing cookies," i.e., sharing data about you with another Web server.
Lengthy means that the URL for the image is unusually long and may contain more information than is usually necessary for simply retrieving the image from the Web server.
Protocols means that the URL for the image contains more than one protocol field
(i.e.,
TPCookie means that the image comes from a different domain than the document and manipulates a cookie (Third Party Cookie). Third party cookies can be used to track users across multiple Web sites.
Recognized site means that the URL for the image is in Bugnosis' list of "well known" Web sites.
Here's what Bugnosis showed us one day when we visited www.cbs.com.
Bugnosis analysis of: CBS.com (http://www.cbs.com/)
Highlighted images may be Web bugs.
Highlighted images are suspicious.
| Properties | Contact | Image URL |
|---|---|---|
| Tiny, Once, Domain, TPCookie (id=651044d4) |   |
http://ad.doubleclick.net/ad/network.now.com/network;tile=5;sec=3000;sz=1x1;ord=991270395711? |
| Once, Domain, TPCookie (id=651044d4) | |
http://ad.doubleclick.net/ad/network.now.com/network;tile=5;sec=3000;sz=468x60;ord=991270395641? |
| Recognized site - Tiny, Once, Domain | |
http://a1732.g.akamai.net/7/1732/121/5472601571f31e/cbsimages.cbsig.net/Common/images/nopixel.gif |
| Once | http://www.cbs.com/Common/images/nav_survivor.gif | |
| http://www.cbs.com/Common/images/bullet.gif | ||
| http://www.cbs.com/Common/images/spacer.gif |
The first line describes a very suspicious image from DoubleClick.net embedded within the www.cbs.com page. The image has the "Tiny", "Once", "Domain", and "TPCookie" properties. Based on this evidence, Bugnosis concludes that this is probably a Web bug, colors the line red, and says "uh-oh!" Note that the value of the third party cookie (id=651044d4) is displayed here too. This number is DoubleClick's unique identifier for the user who visited CBS.com. This single line of Bugnosis output shows that when the user went to CBS' home page, his own computer was secretly enlisted to tell DoubleClick.net that he went there.
The first line also includes the and
icons. By clicking on the first icon,
the user can navigate to DoubleClick's privacy policy. The second icon opens up an e-mail window
with a sample message addressed to DoubleClick's privacy contact. Bugnosis doesn't have this
information for every site -- if you look at the last three lines, you will see that it doesn't
even know how to find the privacy Web page or e-mail address at CBS.com.
The second line shows an important difference. Even though the image it refers to is also from DoubleClick, the line is colored yellow, and the e-mail icon is missing. This is because the image does not have the "Tiny" property -- it's not trying to hide. This image is actually a standard "banner advertisement" that was clearly visible on the CBS home page. Bugnosis considers this image merely suspicious. The image can be used to transmit information (indeed, it also carries the same cookie value as the first image), but at least it delivers an advertisement to the user. In contrast, the first image tried to be invisible; clearly it was there only for information transmission purposes. Since Bugnosis doesn't consider this second image to be a Web bug, it doesn't offer the e-mail icon.
Bugnosis considers the remaining images completely innocuous. In fact, Bugnosis will normally not even show you these images, since they're so routine. Unless you change its options, Bugnosis will only show the Web bugs in red and the suspicious images in yellow, and it will omit all of the others. (The original page had many more such innocent entries, but we manually removed them from this example for brevity.)
Click the Bugnosis icon 
in the Internet Explorer tool bar, and then right-click
in the Bugnosis window for a context menu. Most of the choices (Save, Send to, Print, About)
are
pretty straightforward. You can also select Options to configure Bugnosis.
by default)
so you can see where the bug was
planted on the page. Sometimes you will find that Web bugs are planted next to other information
that suggests what the bug may be used for. First, note that you can disable the Bugnosis sound, and you can make it stop popping up, just by changing the Bugnosis options. If you still want to uninstall, just choose the "Uninstall" context menu entry that you'll see when you right-click in the Bugnosis window.
Please use the e-mail address privacy-tools@cs.du.edu for questions, comments, suggestions, and bug reports related to Bugnosis. We can't guarantee a personal response, but we read all of the e-mail that gets sent our way.
This software was written by Adil Alsaid at the University of Denver Department of Mathematics and Computer Science under the direction of Prof. David Martin.
Bugnosis uses the "uh-oh" sound kindly provided by Ipswitch, Inc.
Bugnosis contains the Regex++ library:
Regex++ version 3.02, 18 April 2000 Copyright (c) 1998-2000 Dr John Maddock Permission to use, copy, modify, distribute and sell this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation. Dr John Maddock makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty.
Copyright © 2000, 2001 Privacy Foundation. All rights reserved. "Bugnosis" and the "cute bug" icons are registered trademarks of the Privacy Foundation. The Bugnosis software carries no representation or warranty with respect to functionality, merchantability, or suitability for a particular purpose, nor any other representation or warranty whatsoever. Bugnosis users assume all risk associated with the application.