TechTV reports that the Do-Not-Call list web page, hosted by AT&T, has a web bug on it that could relate the individual signing up on the page to an IP address if the right reports are run. Now, I haven’t given this a lot of thought (yet) but it doesn’t seem to me like this is much of an exposure, is it? I mean, by virtue of going to the web page, doesn’t AT&T already have everything that the web bug will give them? If AT&T is already hosting and managing the FTC’s servers and has sufficient access and rights to put the web bug there in the first place, they certainly have access to all the userinformation. And I can understand, having been in the business for a while, that the web bug would allow AT&T to monitor performance. Still, it seems a little odd.
I think this is probably more a matter of insufficient thought being given to an ordinary business practice.