25 Years of Programming
An open source source for C, C++, OWL, BASIC, MDB, XLS, DOT, and more...
How to block tracking cookies in Internet Explorer and Firefox
Like millions of people, I regularly scan for spyware with an antivirus/antispyware program, which in my case is Trend Micro Internet Security. I also scan occasionally with a second scanner, Lavasoft Ad-Aware.
Neither has ever found "true" spyware like keyloggers or data harvesters, but they both find dozens of "tracking cookie" objects which they consider privacy threats.
It didn't take long to realize I was deleting the same few dozen tracking cookies over and over again, and it seemed like there should be a way to prevent them getting on my PC in the first place.
There is a way to do that, using the cookie handling options of Internet Explorer and Firefox.
The advantage of rejecting the tracking cookies outright at the time the website tries to write them is that they won't sit on your computer between spyware scans. Instead of being able to accumulate tracking data from the time they're created until the day you delete them, they aren't allowed to collect any data at all.
How to make a list of tracking cookies to block
1) Use your spyware scanner to help build the list
2) Enter the website names in your browser's cookie manager dialog box
Tracking cookie block list, blacklist:
The following tracking cookies are ones I've blocked for several months without any apparent loss of functionality on the sites where they're used.
Most of them were flagged as tracking cookie threats by Lavasoft or Trend Micro Internet Security or both, except for a couple that I added to the list for other reasons.
To create your own cookie block list in Internet Explorer or Firefox, enter each of these as shown here:
You'll know the blocks are working when your spyware scans report fewer tracking cookie objects than they used to.
When you add a site to the block list, Internet Explorer checks to see if a cookie from that site already exists. If it does, it deletes it.
Are tracking cookies really spyware?
The most threatening kinds of spyware, which I call "true" spyware, are real software, computer programs, that actively execute on your PC and do malicious things such as record keystrokes to capture passwords as you type them, harvest email addresses, or scan your hard disk to find Social Security numbers, bank account numbers, or the passwords you use at websites. Then they use your internet connection to send the collected information to a remote computer somewhere. If you have a high-speed internet connection, they could transfer the entire contents of your hard drive to somebody else without your knowing.
Tracking cookies, by contrast, are small data files stored in one designated folder on your computer. They are not software (computer programs). They don't "run". They don't have access to your hard drive and cannot scan it for information. They are text files that can only sit there doing nothing. They are created by websites when you visit them (more correctly, they are created by the web pages you get from those sites), and they can only store whatever information that website knows about you.
That makes them sound pretty harmless in comparison to true spyware, and in a sense they are.
However, they can sometimes contain sensitive data such as about your internet browsing, and there is something special about tracking cookies that makes them different from the ordinary cookies that many websites use:
Tracking cookies are often placed on your computer not by the website you are visiting, but by one of the advertisements on the page. Your browser fetches the ad from the advertiser's website, not from the "main" site you're looking at, and the cookie it writes (known as a "third-party" cookie) is a separate cookie from the one (if any) that the main site creates (known as a "first-party" cookie).
When your browser fetches the ad, the advertiser receives information about which web page the ad is being fetched for, and they can write that data into their cookie. If they have their ads on many sites, they can collect a list of the pages you viewed on all those sites. This is how tracking cookies "track" you.
The reason they do it is to build a profile of your interests so that when you visit a new page where one of their ads is displayed, they can send you an ad tailored to what they perceive your interests to be, based on the websites and pages you've visited.
Even that might not sound so bad (and again, compared to real spyware, maybe it isn't). So far, the advertiser only knows you by your cookie. They can determine your approximate geographical location by your IP address, but they don't know your name or email address or much else about you except the list of web pages you've visited.
However, they might be able to determine by other means who you are. As an example, they could invite you to enter a contest or sweepstakes where the entry form requires your name and email address (does "Win a free iPod!" or "Congratulations, you are our 1,000,000th visitor!" sound familiar?), or they could present you with a questionnaire that (based on the interests stored in your cookie) they think you will want to fill out. Whatever information you give them can be combined with your cookie data to build a more complete profile that isn't anonymous anymore.
Antivirus and antispyware companies probably classify tracking cookies as privacy-invading spyware because of scenarios like this. Even though the cookies are not software themselves, they CAN be used in schemes that collect more data than the average web surfer realizes is possible.
In Windows XP, persistent cookies are stored in this folder, where "User" is the name of the logged-in user. In some default Windows XP installations, the user is called Owner:
By default, \Cookies is a Hidden System folder that you cannot view unless the options at Windows Explorer > Tools > Folder Options > View > Advanced Settings have been set to make Hidden and System folders visible.
Remember that not all cookies are tracking cookies. Whenever you delete all your cookies (by any method), you will lose all the information that websites have stored about your logins and preferences. For example, all the sites where you have checked the "Remember me" box will no longer remember you, and you will have to log in the next time you visit the site.
There are some situations where a website might say that the solution to a problem with their site is to "delete your cookies". If you're able to do it, it's better to find the cookies associated with that site (there can be more than one) and delete only them, rather than to delete all cookies.
More about cookies
Assistance is available in the forum.
Copyright ©2012 Steven Whitney. Last modified Sun 07/29/2012 10:55:30 -0700.