Section 23.6. Looking Ahead

23.6. Looking Ahead

Bugnosis was a bigger success than we planned for, but it remains a very simple tool. It still needs improvement in two main areas: email web bugs and P3P. Future improvements are likely to take it further afield. But first, let's enumerate its current deficiencies.

23.6.1. Exposing Email Tracking

Bugnosis looks only for surveillance built into web pages. However, because HTML is widely supported by email user agents, the same techniques for tracking users on the Web can be used against email users. This is a far more serious situation. Email addresses correspond to individuals, not to computers or network devices, so they are more personal than IP addresses. When a user views a bugged email, the watcher gets a server hit for the embedded images and can generate a log entry recording which particular email recipient read the message. And if the user forwards it to someone else, the watcher gets another hit when the other user reads it, and so on.

We don't know of any systematic studies of sender-based email surveillance. Email user agents increasingly defer fetching images and sending cookies precisely in order to prevent this form of user tracking, but that doesn't mean that the watchers are giving up. In the past year, we've seen email tracking being used by several large pharmaceutical companies, various nonprofit organizations, spammers (of course), and, ironically, even a web consumer advocacy group (in a newsletter that included an article about spyware defenses!). We hope to make a version of Bugnosis that is able to detect email tracking, but it's harder to build and deploy as effectively, mostly because of the large number of different email readers in common use.

23.6.2. Platform for Privacy Preferences Project

Bugnosis is presently unaware of P3P policies (which are described along with Privacy Bird in Chapter 22). But it should take them into consideration, because a site that commits to privacy disclosure in this way is arguably not trying to hide, even if it does use invisible images to generate log entries. Yet Bugnosis still has a role to play even in a world where every site publishes a P3P policy, because it can measure whether a web site's practices are consistent with its policy, at least regarding the narrow question of clickstream logging. A site that claims not to collect clickstream information yet does use web bugs is sending very mixed messages.

23.6.3. Further Privacy Awareness Tools and Research

Users often send emails to the Bugnosis support address asking privacy and security questions that aren't directly related to Bugnosis. In the language of Chapter 5, Bugnosis possesses a level of learned trust: many people have installed it; they've become slightly more enlightened; they didn't get burned in the process; and so they see it as an authoritative resource for privacy questions. How can this trust be leveraged to improve the user community's awareness of Internet privacy? Bugnosis could incorporate social processes techniques such as those highlighted in Chapter 25, to allow privacy mavens to bring their enthusiasm and expertise to the community without becoming C++ developers. Bugnosis would be a natural launching pad for detecting spyware. Speaking of spyware, Bugnosis could also be used to gather information about how users interact with privacy mechanisms for privacy research purposeswith appropriate anonymizing of gathered data, and user opt-in, of course.

NOTE

If you are interested in building upon the Bugnosis code base, please do! Bugnosis and its source code are available from http://www.bugnosis.org/.