Privacy Group IDs Microsoft ‘Bugs’

Web “bugs” that can be placed in Microsoft Word, Excel 2000 and PowerPoint 2000 documents can enable their authors to track where and how often the documents are read on the Internet, says a privacy watchdog group.

A document’s author can trace how a bugged document is passed from one person or organization to another, the Denver, Colorado-based Privacy Foundation said in a privacy advisory.

How Bugging Works

According to the foundation, a bugged document is linked to an image file on a remote Web server, but only the URL of the Web bug is stored in a document, not the image. When the document is opened, a signal is sent back to its creator with the IP address and other information identifying the recipient’s computer. The process repeats itself each time the document is forwarded.

“In most cases, the reader of a particular document will not know that the document is bugged, or that the Web bug is surreptitiously sending identifying information back through the Internet,” Richard M. Smith, the Privacy Foundation’s chief technology officer, wrote in the advisory.

The foundation said the bugs can be used to detect and track such things as leaks of confidential documents from a company; copyright infringement of newsletters and reports; and distribution of a press release.

Cookies Tracked Too

Web bugs in Word documents can also track “cookies” in Internet Explorer, enabling an author to match the viewer of a Word document to visits to the author’s Web site, the foundation said.

Smith said the Privacy Foundation has found no evidence that Web bugs are being used in Word documents, but added “there is little to prevent their use.” He did not recommend removing the feature allowing links to Web pages and said no “good preventative solution” appears evident.

Smith said the foundation contacted Microsoft twice this month about the bugs and Microsoft confirmed Word will access the Internet to fetch Web images linked to a Word document. The foundation urged the Web browser cookies inside of Word documents be disabled.

Group Recommends Bug Alert

Smith recommended that users who are worried about bugging should get a program such as ZoneAlarm. The software warns if an unauthorized program is attempting to access the Internet.

Privacy has emerged as a major concern among Net users. A report this month by the Pew Internet & American Life Project found 84 percent of Net users feared businesses and others would get personal information without the user’s knowledge. Seventy-one percent favored policies that place the burden of ensuring privacy on Web sites, not on users, according to the report.

Meanwhile, the U.S. Federal Trade Commission (FTC) said Wednesday that calls to its “identity theft” hotline tripled in July, to an average of more than 1,000 a week. The FTC says the Internet has contributed to identity theft, which most commonly involves credit card fraud.