 |
One of the new features built-in to IE 7 is the ability to accept and/or block any or all cookies if
desired.
So how does
this work?
A Web site (that uses
Cookies) generates a unique ID number
for each visitor and store the ID number on each user's
machine using a cookie file. This is way for a site to
accurately count visitors, the site can track not only your
purchases, but also the pages that you read, the ads that you
click on, information you have given to the site in online
forms, etc.
When you visit a web site your browser sends your cookie
containing the ID value back to the server. The server then
saves a record in the database that contains the time that you
downloaded the page and the URL, along with your ID and checks
(or resets) the expiration date.
There are certain (usually 3rd party) providers that can
actually create cookies that are visible on multiple sites.
Many web sites use 3rd party providers to serve ad banners
and Cookies on their sites. They can also place small (1x1
pixels) GIF files on the site that allow [example]
DoubleClick to load cookies on your machine. These tracking
servers can then monitor
your movements across multiple sites.
|
Protecting
Your Privacy
So what's the big deal? ..... it's
just a Cookie, right?
Well that depends on if you understand how things really
work. These 3rd party Cookies are generated by companies that get
paid to obtain as much information as possible about your viewing
habits, preferences, computer settings, etc.
Now you multiply this times the amount of ads and Cookie prompts on the page
supplied by 3rd parties ..... This doesn't take into account the
other tricks they use such as web bugs - single pixel images, hidden
hit counters, page trackers, and other undefined javascripts.
Getting the idea? ........ and that's just on one page! Then you
find an interesting link to another page and the process starts all
over again (ugh!) So the next time someone states that Cookies are
safe, be very cautious about the information you are divulging.
Never assume that these characters are playing by the rules either!
A good example of "not playing by the rules" is
Adware.Sheldor
"Monitors any new cookies that are created. If the cookies contain
certain keywords, advertisements for an adult-content Web site will
then be displayed."
Other Examples:
Ben Edelman has uncovered adware installers actually creating
Cookies for other "Affiliates". Now technically this is
not allowed, but most adware installers never play by the rules
anyway!
Or McAfee's article on
Adclicker-DF which states:
"Adds the following domains to the following key with the default
value of 0x00000001, so that they are always allowed." (These
are all 3rd party Ad Servers)
Disabling all cookies does not make you anonymous or prevent Web
sites from tracking your browsing habits. HTTP requests still
include information about where you came from (HTTP Referer), your
IP address, browser version, operating system, and other
information.
Editors Note: I have yet to find a site where 3rd party cookies
are required to be able to access the desired site. "Tracking
Cookies" as those listed in Ad-Aware and
SpyBot can be effectively blocked by blocking all Third-party
Cookies and I would also recommend adding those servers to the
"Restricted Zone".
A prime example of a site that uses a (ridiculous) huge amount of
3rd party Cookies [screenshot]
There were so many listed there they wouldn't all fit in the Privacy
Prompt box.
McAfee description of "Tracking Cookie" - These cookies may be
used to track personal settings, identification data, as well as
behavioral and usage details. [Example]
Cookie-2o7
| Open Internet Options | Privacy, click on
the Advanced button. Place a check in "Override automatic
cookie handling".
Set "First Party Cookies" to Block, set "Third Party
Cookies" to Block.
Note: you will need to manually Allow certain cookies, you should add: "*.microsoft.com" (no quotes) to the "Always Allow" list to avoid any
problems with Windows Update or the many other Microsoft sites,
including the MSKB which requires Cookies to be accepted. I would
recommend adding any sites that you frequent such as Banking, and
any sites that require you to log in, etc.
You'll find that after a while this only requires a very
short list.
|
 |
Cookie Manager Programs
These programs were useful with previous versions of Internet
Explorer, however they are simply no longer needed. This feature is
now built into IE and consumes no additional resources as these 3rd
party programs do.
Anti-Spyware Users
If you are constantly prompted to remove 3rd party "Tracking
Cookies" and/or "Data Miners" after scanning
your machine, then your "Layered Protection" is not set up properly!
It's simple enough to go thru the Antispyware "scan log" and determine which Cookies keep
reappearing. Then add these to the "Always Block"
option, or simply block all 3rd party Cookies (recommended)
Editors Note: lately some malware infections are adding
these 3rd party Cookies, without you even visiting these sites.
That's what I mean about "playing by the rules" don't take
anything for granted.
The HOSTS file and Restricted
Zone file both contain most of the "Tracking Cookies" listed in
the database of most Anti-Spyware or Antivirus programs. The
object is to prevent these (3rd party) Cookies from loading,
not removing them "after the fact".
Test your Cookie Settings -
GRC Visitor Cookie Data Display - Web Browser Cookie Forensics
Cookie Viewer
Cookie
Viewer [freeware] allows you to view information stored in a
Cookie, delete unwanted Cookies on your hard drive. Note: when
viewing Cookies stored on your drive if you discover any unwanted
Cookies make a note of the server it is coming from (usually 3rd
party) add that site to your "Always Block" list in the
Internet Options | Privacy tab | Edit button.
Editors Note: I recommend both of these terrific
"Layered Protection" utilities. 
Viewing the Cookies
Index.dat
To view the info in the Cookies "index.dat"
Download: RegSeeker
1.35 (freeware)
Click Histories, select: "IE History Cache Cookies (index.dat)"
You can then delete the Cookie itself or remove any sites listed in
the (Cookies) index.dat.
To delete the
Index.dat Files
CCleaner
(freeware) will clear the browser cache and the "index.dat"
Note: there are several other freeware utilities that will delete
the cache, however I find CCleaner to have the best set of features.
However in their latest version they have added the Yahoo Toolbar
[ugh!] you can uncheck that option during the install or download
the version
without the toolbar.
Cookies in the
News
JupiterResearch report finds that over 48 million Internet users
are running anti-spyware applications that delete third-party
tracking cookies. And nearly 38 million are using aggressive
anti-spyware applications that remove nearly 75% of tracking
cookies.
And now for a little irony ... while browsing to the
following article the viewer gets bombarded with Clikz/RealMedia/ads,
if you look at the screenshot
... well do you think they are getting a little carried away?
What about Flash
Cookies?
An often overlooked area is the "Local Shared Objects", the flash
equivalent of cookies.
 |
Shared objects, or "Flash cookies," can be
cleared or turned off via the
Flash Player Settings Manager, an application similar to
your browser settings where cookies can be disabled. The
Settings Manager lets you delete shared objects and set your
shared object preferences (such as your desire to be
prompted, permissions, and storage limits) for all websites
or only specific ones. You can also see how many Flash
Cookies already exist by doing a local search and enter:
*.sol |
Typical storage areas are:
C:\Documents and Settings\<username>\Application
Data\Macromedia\Flash Player (XP)
C:\Users\<username>\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer
(Vista)
[and]
C:\Users\<username>\AppData\Roaming\Macromedia\Flash Player\#SharedObjects
You may be surprised by how many (unneeded) sub-folders actually
exist there ...
Various Troubleshooting
Articles
This site subscribes to the following:
General Criteria
for Detection