25 Years of Programming
An open source source for C, C++, OWL, BASIC, MDB, XLS, DOT, and more...

Home Projects Sitemap Search Blog Forum+Chat About Us Privacy Terms of Use Feedback FAQ Images Services Payments Humor

Language translation
by Google is available
when JavaScript enabled.
Google Translate
is an alternative.

How to block tracking cookies in Internet Explorer and Firefox

Like millions of people, I regularly scan for spyware with an antivirus/antispyware program, which in my case is Trend Micro Internet Security. I also scan occasionally with a second scanner, Lavasoft Ad-Aware.

Neither has ever found "true" spyware like keyloggers or data harvesters, but they both find dozens of "tracking cookie" objects which they consider privacy threats.

It didn't take long to realize I was deleting the same few dozen tracking cookies over and over again, and it seemed like there should be a way to prevent them getting on my PC in the first place.

There is a way to do that, using the cookie handling options of Internet Explorer and Firefox.

The advantage of rejecting the tracking cookies outright at the time the website tries to write them is that they won't sit on your computer between spyware scans. Instead of being able to accumulate tracking data from the time they're created until the day you delete them, they aren't allowed to collect any data at all.

How to make a list of tracking cookies to block

1) Use your spyware scanner to help build the list

After doing a scan, copy the names of the cookies that were marked as threats.

Some cookies have misleading names that make it hard to tell what site to block. You can often find the website name by opening the cookie file in Notepad. Alternatively, a web search on the cookie name can turn up information posted about it by other people.

In a few cases, I either guessed or blocked all the variations that seemed reasonable: .com, .net, etc.

2) Enter the website names in your browser's cookie manager dialog box

Browser Cookie manager location

Internet Explorer Tools > Internet Options > Privacy > Sites

Firefox Tools > Options > Privacy > Exceptions

Click the "Block" button after entering each one. It would be helpful if there were a more automated way to do this, or to import a list, but there isn't.

Tracking cookie block list, blacklist:

The following tracking cookies are ones I've blocked for several months without any apparent loss of functionality on the sites where they're used.

Most of them were flagged as tracking cookie threats by Lavasoft or Trend Micro Internet Security or both, except for a couple that I added to the list for other reasons.

Color legend:

Black = No additional comment.
Blue = Website might not work properly if you are a member and block its cookies.
Red = Cookie seems difficult to block, and keeps coming back.

To create your own cookie block list in Internet Explorer or Firefox, enter each of these as shown here:

247realmedia.com
2o7.net
about.com
adbrite.com
adlegend.com
adrevolver.com
adtech.de
advertising.com
alexa.com
apmebf.com
ask.com
atdmt.com
atwola.com
bfast.com
bluestreak.com
bravenet.com
ads.bridgetrack.com
burstnet.com
buy.com
buyservices.com
casalemedia.com
cnet.com
com.com

coremetrics.com
dealtime.com
digitalpoint.com
doubleclick.com
doubleclick.net
emediate.dk
esomniture.com
euroclick.com
euroclick.net
fastclick.net
go.com
gureport.co.uk
hitbox.com
hotlog.ru
indextools.com
information.com
insightexpressai.com
layer-ads.com
layer-ads.de
live365.com
liveperson.net

mediaplex.com
onestat.com
overture.com
pointroll.com
questionmarket.com
realmedia.com
realtracker.com
revsci.net
serving-sys.com
specificclick.net
spylog.com
statcounter.com
tacoda.net
trafficmp.com
tribalfusion.com
valueclick.net
web-stat.com
webtrends.com
webtrendslive.com
yieldmanager.com
zedo.com

You'll know the blocks are working when your spyware scans report fewer tracking cookie objects than they used to.

When you add a site to the block list, Internet Explorer checks to see if a cookie from that site already exists. If it does, it deletes it.

Troubleshooting:

Problem	Possible solution
You can't block a cookie (it keeps coming back)	See if the website is in your Trusted Sites security zone. Internet Explorer always accepts cookies from Trusted Sites regardless of what other cookie handling settings are in effect.
You are unable to receive a cookie	See if the site is in your Restricted Sites security zone. Internet Explorer never accepts cookies from Restricted Sites.

Are tracking cookies really spyware?

The most threatening kinds of spyware, which I call "true" spyware, are real software, computer programs, that actively execute on your PC and do malicious things such as record keystrokes to capture passwords as you type them, harvest email addresses, or scan your hard disk to find Social Security numbers, bank account numbers, or the passwords you use at websites. Then they use your internet connection to send the collected information to a remote computer somewhere. If you have a high-speed internet connection, they could transfer the entire contents of your hard drive to somebody else without your knowing.

Tracking cookies, by contrast, are small data files stored in one designated folder on your computer. They are not software (computer programs). They don't "run". They don't have access to your hard drive and cannot scan it for information. They are text files that can only sit there doing nothing. They are created by websites when you visit them (more correctly, they are created by the web pages you get from those sites), and they can only store whatever information that website knows about you.

That makes them sound pretty harmless in comparison to true spyware, and in a sense they are.

However, they can sometimes contain sensitive data such as about your internet browsing, and there is something special about tracking cookies that makes them different from the ordinary cookies that many websites use:

Tracking cookies are often placed on your computer not by the website you are visiting, but by one of the advertisements on the page. Your browser fetches the ad from the advertiser's website, not from the "main" site you're looking at, and the cookie it writes (known as a "third-party" cookie) is a separate cookie from the one (if any) that the main site creates (known as a "first-party" cookie).

When your browser fetches the ad, the advertiser receives information about which web page the ad is being fetched for, and they can write that data into their cookie. If they have their ads on many sites, they can collect a list of the pages you viewed on all those sites. This is how tracking cookies "track" you.

The reason they do it is to build a profile of your interests so that when you visit a new page where one of their ads is displayed, they can send you an ad tailored to what they perceive your interests to be, based on the websites and pages you've visited.

Even that might not sound so bad (and again, compared to real spyware, maybe it isn't). So far, the advertiser only knows you by your cookie. They can determine your approximate geographical location by your IP address, but they don't know your name or email address or much else about you except the list of web pages you've visited.

However, they might be able to determine by other means who you are. As an example, they could invite you to enter a contest or sweepstakes where the entry form requires your name and email address (does "Win a free iPod!" or "Congratulations, you are our 1,000,000th visitor!" sound familiar?), or they could present you with a questionnaire that (based on the interests stored in your cookie) they think you will want to fill out. Whatever information you give them can be combined with your cookie data to build a more complete profile that isn't anonymous anymore.

Antivirus and antispyware companies probably classify tracking cookies as privacy-invading spyware because of scenarios like this. Even though the cookies are not software themselves, they CAN be used in schemes that collect more data than the average web surfer realizes is possible.

Where are cookies stored?

In Windows XP, persistent cookies are stored in this folder, where "User" is the name of the logged-in user. In some default Windows XP installations, the user is called Owner:

C:\Documents and Settings\User\Cookies

By default, \Cookies is a Hidden System folder that you cannot view unless the options at Windows Explorer > Tools > Folder Options > View > Advanced Settings have been set to make Hidden and System folders visible.

Remember that not all cookies are tracking cookies. Whenever you delete all your cookies (by any method), you will lose all the information that websites have stored about your logins and preferences. For example, all the sites where you have checked the "Remember me" box will no longer remember you, and you will have to log in the next time you visit the site.

There are some situations where a website might say that the solution to a problem with their site is to "delete your cookies". If you're able to do it, it's better to find the one cookie associated with that site and delete only it, rather than to delete all of them.

More about cookies

Both IE7 and Firefox have Help sections about managing cookies. Click Help in the browser's menu bar. The one in Firefox is more informative.
For its interest-based AdSense advertising, Google uses what it calls the DoubleClick DART cookie, a tracking cookie that allows them to deliver ads based on a user's interests. They provide a way to opt out and also to permanently opt out. However, the opt out mechanism only works if you allow cookies from DoubleClick (it sets an "opt out" cookie), and permanently opting out requires the installation of a browser plug-in. Instead, if you use the method described in the above article to block cookies from DoubleClick, you do not need to use either of the "opt out" options.

Assistance is available in the forum.