A non-profit Internet privacy group released free software Thursday that it says enables online users to find out whether they are being tracked -- and, if so, who is doing the tracking.

The Privacy Foundation said its "Bugnosis" is a browser extension designed to identify the increasingly widespread "bugs" that are often hidden in Web pages, surreptitiously collecting information about users and passing it on to others.

"Our goal with the software is to reveal how Web bugs are tracking all of us on the Internet, and to get companies to 'fess up about why they are using them," the foundation's chief technology officer, Richard Smith, said in a statement.

"Any company that uses Web bugs on their site should say so clearly in their privacy policies and explain the following: why they are being used, what data is sent by a bug, who gets the data and what they are doing with it."

Eavesdropping Devices
Web bugs -- 1 x 1 pixel graphic files embedded in the code of Web pages -- are becoming standard practice for advertising and marketing companies. A company called Intelytics recently scanned 51 million Web pages and found that nearly a third used tracking devices, and of the top 100 e-commerce sites, 74 used bugs that tracked visitors from third-party Web sites.

Internet tracking and security company Security Space offers a monthly report identifying companies that benefit from Web bugs. That list has included such online giants as Yahoo! and America Online, as well as online ad company DoubleClick.

Some of the data collected by bugs might be considered unobtrusive, such as that which companies use to gauge the effectiveness of ads, confirm purchases, or collect demographic data for "online profiling" purposes. But bugs can also be used as small eavesdropping devices, and are often used to tell other companies where to put their "cookies," those text files marketers put on computers to identify users and their buying habits.

Sex, Health and Politics
Bugs can determine the IP address of the computer that fetched the bug, the URL of the main Web site, the URL of the Web bug image and a previously set "cookie value." That means, for example, that a user's e-mail address, given in confidence at one site, can be sent to any number of third-party sites without the user's knowledge or permission.

Also, such personal information as health interests, political affiliations and sexual disclosures can be shared.

"Whatever is expressed at one Web site could be carried by a Web bug to many other Web sites," the Privacy Foundation site explains.

E-Mail Versions Planned
Bugnosis works with Internet Explorer 5 or greater for Windows. It analyzes the Web pages a user visits and sounds an alert when it finds any Web bugs. It also provides some details about the bug in a small window, and makes the Web bug visible on the page. In some cases, it can provide the e-mail address of the company that placed the bug.