If you have an Internet connection, you’re sure to have encountered web beacons before, but you may not know what a web beacon actually is.
It’s an umbrella term that includes many different things.
What they have in common is their purpose: learn about your online behavior.
In this article, we’ll explain what a web beacon is. We’ll look at the different web beacons you’re likely to encounter. And we’ll discuss what you can do to avoid them.
So What Is It?
The first web beacons were small, transparent images, embedded in email messages or web pages.
When a user opened an email or accessed a website with an embedded web beacon, their browser or email client would unknowingly download the embedded image.
And in doing so, they would inevitably send information about their behavior and their device to the website operator or the email sender.
Web beacons have since evolved to include visible elements of a web page or email message. These elements include graphics, buttons, banners. And even non-visual elements like scripts, input links, objects, etc., of emails and websites.
Hence a web beacon is also referred to as a web bug, tracking bug, tag, web tag, page tag, tracking pixel, pixel tag, 1×1 GIF, or clear GIF.
And the thing about web beacons is that, to your browser, they’re just regular images. So your browser downloads the beacons without making a fuss. It won’t warn you. You simply won’t know.
Framing is the practice of hosting certain resources that are part of the website, on third-party servers.
This means that to fully access the website example.com, you’re not just downloading content from example.com’s servers, you’re also downloading resources from third-party.com.
In downloading those third-party elements, you are, of course, sending back information about your behavior and your device back to that third-party as well as the site owner.
And that third-party is generally an ad network.
Framing made third-party tracking go mainstream.
The whole point of web beacons is to collect behavioral data on how you interact with the email or web page in question.
Website operators and advertisers use beacons in a similar way, but for slightly different purposes.
Website owners typically want analytics on website visits and use.
- How many unique visitors?
- How many page views?
- How much time was a visitor on a given page?
- What is the most viewed page on the site?
Things like that…
If you operate a website and use, say, Google Analytics to gather data about visitors to your site, you pasted some code, provided by Google, into your Html pages.
Guess what? You likely pasted a web beacon (among other things).
You will gain all sorts of insights into your website traffic. But you will have to share those insights with Google.
And Google, or whatever advertiser is supplying the beacon, will no doubt be using the beacon to gather behavioral data that’s beyond the scope of the website operator’s analytics.
And they will use that data for their own purposes. After all, being an advertiser, data is their business.
These include, but are not limited to, the number of times their ads were displayed, clicked on, or lead to a purchase, etc.
As far as emails are concerned, web beacons are typically used to find out if and when an email was opened and to collect behavioral information such as:
- Ads clicked
- And basically any interaction with the content.
What Do Beacons Collect?
This is actually easy and hard to answer, at the same time. It’s easy because you can always say: “They collect whatever they can” – because that’s true.
But it’s also difficult to answer specifically. This is because the types of information collected are always evolving (usually growing). The collection techniques are also constantly getting more sophisticated.
And, of course, different beacons will collect different things.
Do bear in mind that web beacons are usually used in conjunction with other behavioral tracking tools, such as cookies, embedded web links, browser fingerprinting, etc.
For more information on browser fingerprinting, have a look at our Browser Fingerprinting: Everything You Should Know article.
But here is a minimal list. You can consider that web beacons collect the following information, at the very least.
- The IP address of your device
- The URL of the visited web page
- The URL to the server hosting the beacon
- The timestamp of the beacon download
- A set cookie value (this one opens a can of worms…)
- The browser used to access the site and download the beacon
I just did a random search for privacy policies and picked one at random. I don’t think it really matters which website it is.
Most privacy policies are a collection of boilerplate statements coming out of the company’s legal department. They tend to be very similar to one another.
“Website Browsing Data – We collect information about your visits to and your activity on our websites that you view and interact with, the address of the website from which you arrived and other clickstream behaviour such as the pages you view or the links you click. Some of this information is collected using Automatic Data Collection Tools which include cookies, web beacons and embedded web links”.
That’s pretty much in line with our minimal list.
And again, web beacons are typically used in conjunction with other tracking tools. There are a plethora of tools readily available to violate your privacy. And violating your privacy is big business.
We’re in the golden age of surveillance. Remember that.
Can Web Beacons be Blocked?
The good news is, yes, web beacons can easily be blocked. But there’s a price.
Blocking Web Beacons With a Browser Plugin
You could also probably block most of them with an ad-blocking browser plugin. But browser plugins tend to come with their lot of privacy issues.
And a browser plugin won’t help you with emails unless you use webmail. And most of us use a mail client app these days.
That being said, I would only recommend EFF’s Privacy Badger for this. It’s effective and is produced by a trustworthy organization.
For more information on Privacy Badger, check out our How To Stop Facebook From Tracking Your Web Browsing? article. There is a section on Privacy Badger towards the end of the article.
If you don’t want to install a browser plugin, here are DIY instructions on how to block web beacons manually.
Blocking Web Beacons in Emails
To block Web beacons in emails, disable Html View, and select Plain Text Email View in your email client. This will prevent you from downloading any email beacons.
And this is the preferred solution.
If the above option is not available in your email app, disable downloading of images, if you can. This will prevent you from downloading graphic web beacons.
The obvious downside to this measure is that your emails will be much more… well, bland… They won’t have any images.
Blocking Web Beacons on Websites
To block web beacons on websites, start by disabling cookies. Yes, this means you won’t be able to log in to any sites.
You can also disable image downloading in your browser.
Alternatively, you can use your browser’s Reader View, to strip out image elements, frames, scripts, etc. and simply download the text.
So, web beacons are privacy-invasive bugs that will track you on the Internet. The good news is that they’re rather easy to block – at the price of a blander Internet.
This is very much a balancing act between privacy and convenience. As for me, I like bland emails and I prefer using Reader Mode to read online articles. It’s less distracting and easier to read.
As always, you need to decide for yourself what you’re willing to give up in the name of privacy. I just hope my articles can help you along the way.
What Is a Web Beacon? [And What You Can Do About It]
By Marc Dahan
Last updated: May 10, 2020