Someone called to my attention the blatherings of someone called Dense… sorry, Rense. In a rant about Yahoo!, Rense takes aim at Yahoo!’s use of “web beacons.”
Yahoo tracks all of its users everywhere on the web… Yahoo has probably been tracking everything you do online… Yahoo is now using something called ‘Web Beacons’ to track Yahoo Group users around the net and see what you’re doing and where you are going similar to cookies. Yahoo is recording every website and every group you visit.
It’s one of those stories that has a tiny kernel of truth in it, but is massively warped by someone who either doesn’t understand the technology, or refuses to let facts get in the way of a salacious story. In either case, this “urgent” story is a load of dingos kidneys.
A web beacon is usually an image file embedded in an HTML page — either a web page or an HTML email. Encoded in the URL for the image file is data unique to that page, that email recipient, perhaps a specific advertising campaign, etc. When the page is rendered, the image is downloaded, and in the log file for the web server is stored a record of all the data encoded in that URL. The data can then be used for various statistical and other purposes, including possible the tracking of a particular email address.
Websites and email marketers use it for many legitimate purposes — including site traffic reporting, unique visitor counts, advertising auditing and reporting, and personalization. A significant majority of Web beacons collect only anonymous data. However, some may be used to correlate certain actions (such as the opening of an email message) with someone’s email address to know, for example, when an email has been read. (“Open rates”, the frequency with which email is actually opened and read by a consumer, is a valuable statistic for legitimate email marketers.) Unfortunately, spammers can use the same process to validate email addresses.
If you use one of the many website traffic monitoring services, like SiteMeter, or StatCounter, or Hitbox, or any of the other major web traffic analysis services, you too are using a form of web beacon. There is a lot of web site usage data that they can gather, such as browser type, page referrer, etc., but seldom anything more personal. This is all the same data that is contained in the typical web server’s operational logs.
So what value are web beacons? Why use them? Mainly because it’s the least complicated way of letting a third-party service, such as a traffic analysis company, interpret the log data for you. It’s vastly easier (and cheaper) to include a web beacon than it is to send around massive log files or for each web site operator to run their own traffic analysis scripts.
In the case of email-based web beacons, you can get most of the same web site usage data, along with the email address… information which was already known to site that sent you the email in the first place! About the only added information they get is a date and time that you opened the email message. Beyond those pieces of data — which can be useful to number-crunching advertising gurus, but don’t mean much to anybody else — that pretty exhausts the entire available utility of web beacons.
So the core question of this Yahoo tracking myth is: Can a web beacon that might be included in a Yahoo Groups email message be used to track your computer’s usage everywhere you go on the web? Only in Fantasyland. As explained above, a Yahoo Groups web beacon can only tell Yahoo when you opened the message, because when you open the message it retrieves an image that allows them to say, “the image was retrieved at 11:37pm on 11 December, therefore the user read that email message at that time.” This data is useful for Yahoo in that they can prove to the advertiser whose ad was appended to the message that their ads were actually read by X-number of email recipients.
But how does that image retrieval process allow Yahoo to track your visit to some unknown, non-Yahoo affiliated website? The answer is simple: IT DOESN’T!
The amount of data you can actually get from web beacons is pretty limited, and only works in conjunction with sites that the web beacon provider (e.g., the traffic analysis company or advertising network) has access to by virtue of some sort of partnership or other business relationship. In the case of web beacons appearing on web pages, there would already have to be a partnership in place between the web site operator and the traffic analysis or advertising network, thus in the context of that relationship they could have chosen any method they wanted to share that data — web beacons just happen to be the simplest. And as I said earlier, the reason they use web beacons is that FTP’ing around massive server logs isn’t as easy, and indeed could be less secure.
It’s not as though there are no privacy concerns with web beacons, but let’s not imbue them with more magical powers than they actually have. Web beacons can be used by website operators to track usage of that particular website, or affiliated websites, at a level of detail that some people might find annoying. But it’s not as if this data isn’t already available to those websites; web beacons are just one tool to make the analysis easier.
If you are concerned that two companies might be teaming up to learn more about how you use both of their websites, you have every right to be concerned. But the privacy impacts of collusion between two or more companies is a very different question than a bogus story about one company that’s somehow magically tracking you everywhere. Thus, the upshot of this is that whoever wrote that this allows someone to “track all of its users everywhere on the web” is either an imbecile or a liar.
So my guess is that somebody is just trying to gin up some anti-Yahoo propaganda. Probably somebody wanting to short some Yahoo stock, or maybe a Google promoter looking to smear Google’s biggest rival.
In the case of the latter, however, it would be especially ironic because Google’s tracking techniques are far more intrusive, far more potentially injurious to someones privacy, and if you ask Google about “opting out,” they’ll laugh in your face.