How to block web bugs with NoScript!

General Topics
1

Hi malware fighters,

If you cannot be tracked through script disabled in your browser, the trackers fall back to using 1 pixel tags, also known as web beacons, web bugs or tracking bugs. They can give away who opened a page and through what proxy. So to block them go to NoScript options under Advanced, and now tag Forbid “Web Bugs”. Simple as that.

polonus

2

Thanks for the info Polonus. Why isn’t it blocked by default?

3

Its blocked in mine, but then again I know what they are and I probably ticked when I tweaked it anyway.

My firewall can also block ads and not just by location but also by image size, so I can block 1pix by 1pix images.

4

Hi Tech,

You asked why it is not blocked by default. Well actually I could not tell why. A lot of these tags are for tracking, and tracking cookies are not blocked inside a browser by default either. Sometimes “they” want to know you are not a bot or an automated process. But there are other means of profiling you: referrer information, and header info also goes along unencrypted. If you analyze your header information, you can see your passwords go by unencrypted. So a browser is not actually as secure as we might think, and anonymity is almost impossible on the Internet to-day, we are completely transparant! If through a proxy - the proxy has all your data. Through tor and jap combined the exit node server could have a fair guess where you came from,and even what you did online (compare tracking info with the unmasked equivalent of previous online actions can identify you easily), and there are even other ways that will go completely under the radar. If you want to see what web beacons do inside a browser install the program bugnosis on IE7, and you can have some idea. But I think for the malicious tracking a possibility to block these pixel large pieces of info is advisable. That is why I have NoScript, combined with Stealther and Cookie Editor and User Agent switcher. But analyse what the JS View extension give you as data that scripts return, then you know that people that browse as by default have completely lost their privacy online. But it is the malware aspect that is most important, everyone knows that being on the Internet without av and a fw gets you infected in less than 12 minutes as an average. Think about this, and see why in-browser-security is becoming more and more vital…
Here is what Mozilla holds as info on your NoScript extension:
1xxxxx59.11xxx97291.1.1.utmccn=(referral)|utmcsr=noscript.net|utmcct=/getit|utmcmd=referral

pol

5

Thanks Polonus.
I’m not that hard worried about privacy in such deep way.
But, of course, I won’t tolerate to get infected 12 minutes after going on-line.
Thanks again for the info.

6

personally me think blocking “web bugs” on websites is silly (it makes sense on email)

They don’t have to use “invisible” 1x1 gif files, it can be any size, any picture, any object linked to another server and when you hit that site your browser will try to load that object and presto! you have a web bug :slight_smile:

The only way to be sure that you block all this is to set your browser to load objects only from the current server you are loading the pages on.

I wouldn’t bother really, since what information you get from that is too trivial to be used anyway particularly if you do the use anonymity stuff.

Anyway, all of these silly tricks have nothing to do with preventing malware.

Some people strike me as being overly paranoid, and lacking of an understanding of the issues.\

PS I really do not recommend anyone to install Bugnosis…