Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
There are a huge number of trackers that collect information about user actions on the Internet. We have almost gotten used to the fact that online service providers, marketing and analytics companies track all our mouse clicks, posts on social networks, history of visited sites and watched TV series. The data collected by trackers can be used, for example, to improve UI and UX or to personalize advertising.
There are different types of trackers for collecting various information: advertising (AdAgency), analytical (WebAnalytics), etc. Most of them are used primarily on websites or in applications. However, there are also more universal trackers that are used on websites, in applications, and even in email. In this article, we will tell you about one of these types of tracking elements - web beacons, and we will also show which beacons of tracking systems and companies are most often detected by our security solutions - anti-tracking plugins for web browsers and anti-spam technologies.
On websites, beacons track the number of visitors to a web page. With their help, analytical marketing agencies or the website owners themselves can measure the effectiveness of posting a particular material, evaluate the activity of the audience or advertising campaign. Also, some resources use tracking pixels as watermarks to identify content, for example, to detect plagiarism.
In emails, as with websites, the primary purpose of web beacons is to count users interacting with the content. For example, tracking pixels are used to generate email open rate reports. These reports allow companies to determine which emails are interesting to users and which are not. For example, if a mailing’s open rate drops, a company can change the message’s subject line to be more flashy and clickbait-friendly, or, on the contrary, make it more strict and informative.
In email, web beacons are implemented in a similar way: they can be images invisible to the user, placed directly in the body of the email, or JavaScript code in an attached HTML file.
When you open a web page (or email), the web beacon is "downloaded". To do this, a request is sent to the server: in the case of an image, this will be a request to download the image, and in the case of JavaScript, a request provided by the script. As a rule, the following information is sent to the server:
We compiled a list of the 20 companies whose web beacons were detected by the DNT component most frequently worldwide. We took the total number of DNT beacon triggers for these twenty systems as 100%.
Most of the companies in the TOP 20 are related to digital advertising and marketing to some extent. For example, Aniview (2.68%), which is in sixth place, specializes in video advertising. OpenX (2.19%), Taboola (1.63%), Smart AdServer (1.55%) and many others are also advertising and/or marketing companies.
Even tech giants like Google (32.53%), Microsoft (21.81%), Amazon (13.15%) and Oracle (2.86%), which account for the largest share of triggers in the TOP 20, have their own marketing and advertising divisions, and the web beacons of these companies are used far beyond just improving their own products.
If we look at the list of the most common web beacons in email, then, unlike the TOP 20 beacons used on websites, we will not see tech giants at the top: Adobe Analytics (4.49%) is in eighth place, Google (3.86%) and Microsoft (3.18%) are even lower. Such a modest share can be explained by the fact that there are quite a lot of companies on the market specializing in email marketing. We can distinguish two types of such companies:
While Internet giants own large advertising networks used by most web resources, and therefore their trackers predominate on websites, ESPs and CRMs manage most marketing mailings, and therefore their trackers predominate in email. ESP and CRM beacons collect data about users to track their response to email newsletters: what percentage of recipients open emails, how this indicator varies depending on the region, etc. The beacons we encountered most often in email traffic were from Mailchimp (21.74%) and SendGrid (19.88%) — two large American players in the email marketing field.
In addition to ESP and CRM, the TOP 20 companies whose web beacons in mail were detected most often in December also included Rakuten (5.97%), a large Japanese online retailer; LinkedIn (4.77%), a social network for maintaining business contacts; Uber (1.49%), a taxi aggregator; and Booking (0.56%), a large hotel booking service. These companies use web beacons for the same reason as ESP/CRM services: to evaluate the effectiveness of mailings and collect general statistics on users.
Many large companies have the opportunity not to turn to contractors for these purposes, but to create their own advertising departments, selling the same services as specialized advertising agencies. They often combine their knowledge about users obtained from different resources, saturating and supplementing their existing portrait. At the same time, other companies use the services of Internet giants, marketing agencies, ESPs and CRMs, allowing them to collect even more data.
From a user's perspective, it is quite difficult, if not impossible, to track where the collected data ends up. Moreover, it is often not even obvious that the data is being collected. Web beacons in emails and on websites are not visible to the user, and no one warns about them, like, for example, about the use of cookies. However, they allow companies to find out how many times and from where users visited the site, who, when and from where opened the email. By regularly collecting such information, you can get an idea not only of the reaction to specific mailings and landing pages, but also of the user's habits, for example, the time of their online activity.
If such information falls into the hands of cybercriminals, say, as a result of a leak, they can use it for their own purposes. In particular, knowing when you are not online, they can try to hack your accounts or send fake emails on your behalf. In addition, attackers themselves use web beacon technology and track the behavior of their potential victims.
To protect yourself from excessive attention from companies and especially from scammers, it is worth taking at least minimal measures against tracking. In particular, you can install a special plugin in your browser that prevents the loading of tracking elements on the page, and also set stricter privacy settings. Many VPN services offer additional blocking of tracking. In your mail, you can set up settings that prohibit automatic loading of images. Even if you open a letter containing a tracking pixel, it will not work, since all images (and a web beacon is also an image) will be loaded only with your permission. As for more complex JavaScript beacons, they are contained in an attachment and are loaded only if you open it.
There are different types of trackers for collecting various information: advertising (AdAgency), analytical (WebAnalytics), etc. Most of them are used primarily on websites or in applications. However, there are also more universal trackers that are used on websites, in applications, and even in email. In this article, we will tell you about one of these types of tracking elements - web beacons, and we will also show which beacons of tracking systems and companies are most often detected by our security solutions - anti-tracking plugins for web browsers and anti-spam technologies.
What are web beacons?
Web beacons (also known as web bugs, tracking pixels, spy pixels, etc.) are tracking elements used on web pages, applications, and email to verify that a user has accessed certain content (opened an email or visited a web page). The main purpose of web beacons is to collect statistics and compile analytical reports on user activity.On websites, beacons track the number of visitors to a web page. With their help, analytical marketing agencies or the website owners themselves can measure the effectiveness of posting a particular material, evaluate the activity of the audience or advertising campaign. Also, some resources use tracking pixels as watermarks to identify content, for example, to detect plagiarism.
In emails, as with websites, the primary purpose of web beacons is to count users interacting with the content. For example, tracking pixels are used to generate email open rate reports. These reports allow companies to determine which emails are interesting to users and which are not. For example, if a mailing’s open rate drops, a company can change the message’s subject line to be more flashy and clickbait-friendly, or, on the contrary, make it more strict and informative.
How Web Beacons Work
Typically, a beacon on a web page is an image that is loaded from an external resource. The size of such an image is usually zero or one pixel, so the user does not see it. Hence the name "tracking pixel". Also, the CSS attribute display with the value none can be used to hide the image. Less common is the implementation of web beacons via JavaScript, such as the Beacon API - an interface that allows you to send requests to the server without waiting for a response.In email, web beacons are implemented in a similar way: they can be images invisible to the user, placed directly in the body of the email, or JavaScript code in an attached HTML file.
When you open a web page (or email), the web beacon is "downloaded". To do this, a request is sent to the server: in the case of an image, this will be a request to download the image, and in the case of JavaScript, a request provided by the script. As a rule, the following information is sent to the server:
- Date and time the web page or email was opened
- Operating system version
- Browser or email client version and type
- Screen resolution
- IP address
The most common web beacons on websites and in email
We analyzed web beacons detected by our systems in December 2022 and compiled a TOP 20 list of companies whose trackers were most often encountered by our users on websites and in emails.TOP 20 web beacons on websites
In this section, we used anonymous statistics collected from December 1 to December 31, 2022, by the Do Not Track (DNT) component, which prevents tracking elements from being loaded on websites. The DNT component is included in Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud and is disabled by default. The statistics include anonymized data voluntarily provided by users.We compiled a list of the 20 companies whose web beacons were detected by the DNT component most frequently worldwide. We took the total number of DNT beacon triggers for these twenty systems as 100%.
Most of the companies in the TOP 20 are related to digital advertising and marketing to some extent. For example, Aniview (2.68%), which is in sixth place, specializes in video advertising. OpenX (2.19%), Taboola (1.63%), Smart AdServer (1.55%) and many others are also advertising and/or marketing companies.
Even tech giants like Google (32.53%), Microsoft (21.81%), Amazon (13.15%) and Oracle (2.86%), which account for the largest share of triggers in the TOP 20, have their own marketing and advertising divisions, and the web beacons of these companies are used far beyond just improving their own products.
TOP 20 Web Beacons in Email
This part of the report presents anonymized data on the activation of the Anti-Spam component on the devices of Kaspersky Lab product users. The Anti-Spam component is present in such solutions as Kaspersky Security for mail servers running Linux, Kaspersky Security for Microsoft Exchange servers, Kaspersky Secure Mail Gateway and Kaspersky Security for Microsoft Office 365.If we look at the list of the most common web beacons in email, then, unlike the TOP 20 beacons used on websites, we will not see tech giants at the top: Adobe Analytics (4.49%) is in eighth place, Google (3.86%) and Microsoft (3.18%) are even lower. Such a modest share can be explained by the fact that there are quite a lot of companies on the market specializing in email marketing. We can distinguish two types of such companies:
- ESP (Email Service Provider) — companies that provide services for organizing and supporting email newsletters.
- CRM (Customer Relationship Management) - companies specializing in platforms for managing any interactions with the client at different stages of sales.
While Internet giants own large advertising networks used by most web resources, and therefore their trackers predominate on websites, ESPs and CRMs manage most marketing mailings, and therefore their trackers predominate in email. ESP and CRM beacons collect data about users to track their response to email newsletters: what percentage of recipients open emails, how this indicator varies depending on the region, etc. The beacons we encountered most often in email traffic were from Mailchimp (21.74%) and SendGrid (19.88%) — two large American players in the email marketing field.
In addition to ESP and CRM, the TOP 20 companies whose web beacons in mail were detected most often in December also included Rakuten (5.97%), a large Japanese online retailer; LinkedIn (4.77%), a social network for maintaining business contacts; Uber (1.49%), a taxi aggregator; and Booking (0.56%), a large hotel booking service. These companies use web beacons for the same reason as ESP/CRM services: to evaluate the effectiveness of mailings and collect general statistics on users.
Conclusion
Companies strive to collect as much data about customers as possible in order to create a more detailed portrait of each user, personalize offers, and sell products and services more effectively. Various tracking systems allow organizations to track users both on websites and in applications, and in email.Many large companies have the opportunity not to turn to contractors for these purposes, but to create their own advertising departments, selling the same services as specialized advertising agencies. They often combine their knowledge about users obtained from different resources, saturating and supplementing their existing portrait. At the same time, other companies use the services of Internet giants, marketing agencies, ESPs and CRMs, allowing them to collect even more data.
From a user's perspective, it is quite difficult, if not impossible, to track where the collected data ends up. Moreover, it is often not even obvious that the data is being collected. Web beacons in emails and on websites are not visible to the user, and no one warns about them, like, for example, about the use of cookies. However, they allow companies to find out how many times and from where users visited the site, who, when and from where opened the email. By regularly collecting such information, you can get an idea not only of the reaction to specific mailings and landing pages, but also of the user's habits, for example, the time of their online activity.
If such information falls into the hands of cybercriminals, say, as a result of a leak, they can use it for their own purposes. In particular, knowing when you are not online, they can try to hack your accounts or send fake emails on your behalf. In addition, attackers themselves use web beacon technology and track the behavior of their potential victims.
To protect yourself from excessive attention from companies and especially from scammers, it is worth taking at least minimal measures against tracking. In particular, you can install a special plugin in your browser that prevents the loading of tracking elements on the page, and also set stricter privacy settings. Many VPN services offer additional blocking of tracking. In your mail, you can set up settings that prohibit automatic loading of images. Even if you open a letter containing a tracking pixel, it will not work, since all images (and a web beacon is also an image) will be loaded only with your permission. As for more complex JavaScript beacons, they are contained in an attachment and are loaded only if you open it.
