Privacy group warns of risk for MS Office

According to an advisory statement issued by the US Privacy Foundation, web bugs could be used by organisations or individuals to monitor the journey of Word, Excel or PowerPoint files when they are read by third parties. Web bugs are made possible by a facility which allows Microsoft Office applications to link documents to a web-based image file.

Once the file is accessed, a remote server can recognise when and where a document file is opened by referring to the IP address and host name of the responding computer.

Richard Smith, technical director at the USPF, also warned the bugs could be used to read and write browser-based Word documents.

‘We are concerned about the whole blurring between desktop applications and the web and this is where problems can occur,’ said Smith. But he admitted that the USPF has found no evidence that web bugs are actually being used in Word documents.

Microsoft confirmed that Word can access the internet to fetch web images, making the use of web bugs possible, but claimed there was no evidence of such activities.

According to Smith, web bugs have been used by advertising companies to track the effectiveness of campaigns by attaching them to e-mail messages, but bugs in Word files could allow companies to detect and track leaks of confidential documents and monitor whether chunks of texts are being copied in contravention of copyright laws.

This story first appeared on

Related reading