From Wikipedia, the free encyclopedia
A Web beacon is an object that is embedded in a Web page or e-mail and is usually invisible to the user but allows checking that a user has viewed the page or e-mail. Alternative names are Web bug, tracking bug, pixel tag, and clear gif.
Typically, a Web beacon is a small (usually 1x1 pixels) transparent gif image (or an image of the same color of the background) that is embedded in an HTML page, usually a page on the Web or the content of an e-mail. Whenever the user opens the page with a graphical browser or e-mail reader, the image is downloaded. This download requires the browser to request the image to the server storing it, allowing the server to take notice of the download. As a result, the organization running the server is informed of when the HTML page has been viewed.
While Web beacons are used in the same way in Web pages or e-mails, they have different purposes:
- If the beacon is embedded in an e-mail, the image is requested when the user reads the e-mail for the first time, and can also be requested every other time the user loads the e-mail again;
- Whenever a Web page (with or without beacons) is downloaded, the server holding the page knows and can store the IP address of the computer requesting the page; this information can therefore be retrieved from the server log files without the need of using beacons; beacons are used when monitoring has to be done by a server that is different than the one holding the Web pages; this is necessary for example when the Web pages are served by different servers, or when the monitoring has to be done by a third party.
As for all files transferred using the HyperText Transfer Protocol, Web beacons are requested by sending the server their URL, and possibly the URL of the page containing them. Both URLs contain information that can be useful for the server:
- The URL of the page containing the beacon allows the server to determine which particular Web page the user has accessed;
For example, an e-mail sent to the address
email@example.com can contain the embedded image of URL
Whenever the user reads the e-mail, the image at this URL is requested.
The part of the URL after the question mark is ignored by the server
for the purpose of determining which file to send (in this case), but
the complete URL is stored in the server's log file. As a result, the
bug.gif is sent and shown in the e-mail reader; at the same time, the fact that the particular e-mail sent to
firstname.lastname@example.org has been read is also stored in the server. Using this system, a spammer or email marketer can send similar e-mails to a large number of addresses to check which ones are valid and read by the users.
Web beacons can be used in combination with HTTP cookies like any other object transferred using the HTTP protocol.
A non-technical explanation
The beacon is one of the ingredients of the page, just like other images and text, except it is very small and/or clear such that it is effectively invisible. Web pages and graphical e-mails use presentation code that tells your computer what to do when a page is opened. This code usually contains the text of the page, but it typically also contains a number of instructions that cause your computer to ask either the website's server or another server to send you further content, such as an image. Web beacons are images retrieved in this way. The action of calling the material from another server allows the event to be counted. They are a convenient way of gathering statistics and managing cookies within a complex network.
When a user's web browser renders a webpage containing web beacons other information can be gathered by the web site, such as: the IP address of the requesting computer; time the material was viewed; the type of web browser that retrieved the web beacon image; and the existence of cookies previously set by that server. This is information that is available to any web server you visit.
As an example of the way web beacons can make user logging easier, consider a company that owns a network of sites. This company may have a network that requires all images to be stored on one host computer while the pages themselves are stored elsewhere. They could use web beacons in order to count and recognize users traveling around the different servers on the network. Rather than gathering statistics and managing cookies on all their servers separately, they can use web beacons to keep them all together.
E-mail Web beacons
Web beacons embedded in e-mails have greater privacy implications than beacons embedded in Web pages. Typically, the URL of web beacons contained in e-mail messages carry a unique identifier. This identifier is chosen when the e-mail is sent and recorded together with the recepient e-mail address. The later download of the URL signals that the e-mail has been read. The sender of the e-mail is therefore also able to record the exact time that a message was read and the IP number of the computer used to read the mail or the proxy server that the user went through. In this way the sender can gather detailed information about when and from where each particular recipient reads e-mail. Additionally, every time the e-mail message is displayed another request goes to the sender's web site.
Web beacons are used by e-mail marketers, including spammers, to verify that e-mail addresses are valid and that the content of e-mails is actually viewed by users. When the user reads the e-mail, the e-mail client requests the image, letting the sender know that the e-mail address is valid and that e-mail was viewed. The e-mail need not contain an advertisement or anything else related to the commercial activity of the spammer. This makes detection of such e-mails harder for mail filters and users.
Tracking via web beacons can be prevented by using mail clients that do not download images whose URLs are embedded in HTML e-mails. Many graphical e-mail clients can be configured to avoid accessing remote images. Examples include the Gmail, Yahoo! SpamCop/Horde webmail clients, and Mozilla Thunderbird, Opera, and relatively recent versions of Microsoft Outlook, and KMail mail readers. But other HTML techniques like iframes can still be used to track e-mail viewing, so some of these clients still are not adequately protecting their users.
Text-based mail readers such as Pine do not interpret HTML or show images, so are not subject to tracking by e-mail web beacons. Plain-text e-mail messages cannot contain Web beacons since they can not have images, and so are safe with any mail client.
Web beacons can also be filtered out at the server level so that they never reach the end user. MailScanner is just one example of gateway software that can disarm iframes as well as web beacons.
As a result of these measures, web beacons are slowly losing their effectiveness and can't be relied on to accurately count read rates for e-mail campaigns.