Over the past few years, we’ve become very familiar with web technologies like the infamous cookie. In fact, cookies are such a large part of the web that the European Union forced all websites to display a notice under the amusingly-named EU Cookie Directive.
You would think that a mature technology like cookies would be well understood, but in the age of ad-blockers, companies are finding crafty ways to avoid playing by the rules.
Cookies are one of many aspects that make up the backbone of internet browsing. They allow you to remain logged into websites across sessions and they can store per-user preferences. For the privacy-minded, blocking and clearing cookies is a commonly-offered piece of advice for minimizing online tracking.
However, along with the rise of the “supercookie,” there is another player in the online tracking game: web beacons.
What Are Web Beacons?
Web beacons are small objects that are embedded, usually invisibly, into a web page. The most common form of web beacon is the 1×1 GIF (not to be confused with the animated GIFs you know from memes). The format is the same, but GIFs are used as beacons because the format is universally recognized on every modern web browser.
Why such a small graphic size? Because it minimizes the file size, which minimizes the amount of time needed to download it, which minimizes the impact it has on the loading speed of a web page. As such, even low-bandwidth and low-data connections can handle web beacons.
When your browser connects to a web page and the web page contains a web beacon image, your browser makes a request to the web server to download that image — and with this request, the server logs certain details like your IP address, the date and time, and more.
The site owner can then use these logs to track how many times a web page is accessed, along with the times it was accessed and the locations of users who accessed it. The request can also reference the existence of any cookies that have previously been set on the computer by the web server.
Web beacons have also become a useful tool for advertisers who want to build up browsing profiles in order to determine which ads to display on a given web page. Along with alternative names like web bug and page tag, web beacons are also referred to as clear GIFs or tracking pixels in reference to the inserted 1×1 GIF.
Beacons in Emails
Beacons aren’t limited to just websites. They’re commonly used to track and monitor email opening rates as well as link clicks. The email marketing company MailChimp, made famous by the true crime podcast Serial, uses Open Tracking, which is a method of inserting beacons into images right inside emails.
When your email client attempts to load the image, the beacon alerts the server that the unique identifier has been accessed, which allows the server to mark that particular email as opened. This is an important metric for email marketers, along with which links get clicked.
The beacons can also be embedded into links, usually as a referral ID at the end of the URL. When a link is clicked, the unique ID allows MailChimp to identify which links were opened and when.
Beacons on Facebook
These days Facebook is no stranger to privacy controversies, but it wasn’t always that way. In fact, their first major privacy misstep was over the use of web beacons back in 2007. The Facebook Beacon collected data from Beacon partners about which websites were visited and what kinds of activities happened on those sites.
The big problem, however, was that Facebook was publishing that information to profiles without first asking users if they wanted that information published.
Unsurprisingly, people weren’t happy with this, especially since there was no way to block Facebook from publishing that information. In fact, people were so offended by this new “feature” that a class-action lawsuit was brought against Facebook, resulting in a £9 million (around $11.2 million) settlement and termination of the Facebook Beacon.
How Can You Stop These Beacons?
Most online advertisers and analytics companies try to respect the privacy of users by only collecting non-identifiable aggregated data. However, many privacy advocates claim that unwarranted and unwanted tracking is still invasive and should be prevented.
Despite the impression of Google as a large surveillance machine, the company’s old motto of “Don’t be evil” guides a lot of their decisions. One way that Google attempts to protect their users is in their email application, Gmail.
Gmail users used to be well-acquainted with the alerts in every email asking if you wanted to display the images in said emails. This was to prevent malicious content being downloaded without the user’s knowledge or consent.
Then in 2013, Google made an important change to Gmail: all email images would now be loaded by default, except those images were first downloaded and cached by Google on Google’s own servers. This prevented malicious content from being downloaded AND resulted in a faster and improved email experience.
But this approach to displaying images in emails complicates matters for email beacons. Since the images are now downloaded by Google, publishers lose information about who initially opened the email. All they receive is Google’s IP address. This method also prevents the beacons from reading any cookies on your computer.
Privacy-focused extensions like Privacy Badger from the Electronic Frontier Foundation (EFF) are able to block some web beacons. They can also block other forms of online tracking that gather data about you around the web, but not always. Unfortunately, web beacons are designed to be invisible and can’t always be caught by privacy extensions.
Should You Stop These Beacons?
Although web beacons are commonly referred to as online trackers, the information they collect is not personally identifiable.
Facebook’s Pixel, for example, can only see the websites you visit that have enabled the Pixel. When you visit a Pixel-enabled site, they will only be able to see the time and date, along with some browser information, rather than your full browsing history.
Of course, web beacons are only part of a larger trend in online tracking. There’s a constant race between advertisers and privacy advocates over who controls your online data. Web beacons are relatively harmless on their own. It’s only when their data is combined with other information, like your Facebook profile, that the practice becomes controversial.
How do you feel about web beacons? Is the technology useful or do you think it’s just another money making scheme by advertisers? Do you use web or email beacons on your website? Let us know in the comments below!