From CSULA CS Wiki
Jump to: navigation, search reports that

A previously uncharted feature in Microsoft Word could allow authors of documents to monitor the travels of their files through cyberspace, according to the Privacy Foundation.

Such surreptitious "bugging" can occur when the file, usually sent as a mail attachment, contains a link to an image file on a remote Web server. If the document contains an invisible marker that requests the image, once it is opened, it could send a signal back to the document's creator. That signal would contain the IP address of the recipient's computer, according to the foundation.

If the document is forwarded, the process repeats itself. Theoretically, the author could build up an impressive cache of information about the various recipients.

The so-called Web bugs in Word files can also read and write browser cookies in Internet Explorer. Those cookies could let the author match up the viewer of the document with visits to the author's website, according the foundation.

Richard Smith, chief technology officer for the Privacy Foundation, Denver, did not attribute any malignant intent to Microsoft, Redmond, Wash. "It's just sort of an unintended consequence of the merging of the Internet with desktop applications," he noted. "This is something software developers should think through. Imagine if MP3 started linking to Web images and you could watch every time someone played an MP3 file?"

This is an interesting use of the way many images are displayed. Instead of copying an image, one can copy the URL of the image. Then when the image is to be displayed in a document or a web page, the image is fetched from its source. This is a well-know effect. It is so well known that web sites that make images available ask that the images be copied instead of having the URL copied. Copying the URL places a burden on the original web site.

I had not realized that image URLs could be embedded in MS Word documents, though.