25 Years of Programming
An open source source for C, C++, OWL, BASIC, MDB, XLS, DOT, and more... 		Home   Projects   Sitemap   Search   Blog   Forum+Chat   About Us   Privacy   Terms of Use   Feedback   FAQ   Images   Services   Ads   Donate

Antispyware software:

Before buying a product,
I look at Amazon.comGo to Amazon.com customer reviews to see what other people are saying about it.

How to block tracking cookies with your browser, so they're not on your PC between spyware scans

Like millions of people, I regularly scan for spyware with Lavasoft Ad-Aware and also with a second scanner, which in my case is Trend PC-cillin Internet Security.

Neither has ever found "true" spyware like keyloggers or data harvesters, but they both routinely find dozens of "tracking cookie" objects which they consider privacy threats.

It didn't take long to realize I was deleting the same few dozen tracking cookies repeatedly, and it seemed like there should be a way to prevent them getting on my PC in the first place.

Of course, there is a way to do that, by using the cookie handling options of Internet Explorer and Firefox.

The advantage of rejecting the cookies outright is that they won't sit on your computer between spyware scans. Instead of being able to accumulate sensitive tracking data from the time they're created until the day you delete them, they aren't allowed to collect any data at all.

How to make a list of tracking cookies to block

1) Use your spyware scanner to help build the list

After doing a scan, copy the names of the cookies that were marked as threats.

A few cookies have misleading names that make it hard to tell what site to block. In those cases, a web search on the cookie name can turn up information posted about them by other people.

In a few cases, I either guessed or blocked all the variations that seemed reasonable: .com, .net, etc.

A couple of cookies are sneaky, and I haven't figured out how to block them yet. They keep coming back.

2) Enter the names of the sites in your browser's cookie manager dialog box

In Internet Explorer, go to: Tools > Internet Options > Privacy > Sites.

In Firefox, go to: Tools > Options > Privacy > Exceptions

Click "Block" after entering each one. It would be helpful if there were a more automated way to do this, or to import a list, but there isn't.

Tracking cookie block list, blacklist:

The following tracking cookies are ones I've blocked for several months without any apparent loss of important functionality on the sites where they're used.

Most of them were flagged as tracking cookie threats by Lavasoft or PC-cillin or both, except for a couple that I added to the list for other reasons.

To create your own cookie block list in Internet Explorer or Firefox, enter each of these as shown here:

  • 247realmedia.com
  • 2o7.net
  • about.com
  • adbrite.com
  • adlegend.com
  • adrevolver.com
  • adtech.de
  • advertising.com
  • apmebf.com
  • atdmt.com
  • atwola.com
  • bfast.com
  • bluestreak.com
  • burstnet.com
  • buy.com
  • buyservices.com
  • casalemedia.com
  • cnet.com
  • com.com
  • dealtime.com
  • doubleclick.com
  • doubleclick.net
  • emediate.dk
  • esomniture.com
  • euroclick.com
  • euroclick.net
  • fastclick.net
  • go.com
  • gureport.co.uk
  • hitbox.com
  • information.com
  • layer-ads.com
  • layer-ads.de
  • liveperson.net
  • mediaplex.com
  • overture.com
  • pointroll.com
  • questionmarket.com
  • realmedia.com
  • realtracker.com
  • revsci.net
  • serving-sys.com
  • specificclick.net
  • spylog.com
  • statcounter.com
  • trafficmp.com
  • tribalfusion.com
  • web-stat.com
  • webtrends.com
  • webtrendslive.com
  • yieldmanager.com
  • zedo.com

You'll know the blocks are working when your spyware scans report fewer tracking cookie objects than they used to.

When you add a site to the block list, Internet Explorer checks to see if a cookie from that site already exists. If it does, it deletes it.

Are tracking cookies really spyware?

The most threatening kinds of spyware, which I call "true" spyware, are real software, computer programs, that actively execute on your PC and do malicious things such as record keystrokes to capture passwords as you type them, harvest email addresses, or scan your hard disk to find Social Security numbers, bank account numbers, or the passwords you use at websites. Then they use your internet connection to send the collected information to a remote computer somewhere. If you have a high-speed internet connection, they could transfer the entire contents of your hard drive to somebody else without your knowing.

Tracking cookies, by contrast, are small data files stored in one designated folder on your computer. They are not software (computer programs). They don't "run". They don't have access to your hard drive and cannot scan it for information. They are text files that can only sit there doing nothing. They are created by websites when you visit them (more correctly, they are created by the web pages you get from those sites), and they can only store whatever information that website knows about you.

That makes them sound pretty harmless in comparison to true spyware, and in a sense they are.

However, they can sometimes contain sensitive data such as about your internet browsing, and there is something special about tracking cookies that makes them different from the ordinary cookies that many websites use:

Tracking cookies are often placed on your computer not by the website you are visiting, but by one of their advertisers. The advertiser might have their ads on many sites, and thus can collect your browsing data not just for one site, but for all the sites containing their ads.

Thus, they know which sites you went to and which pages you looked at, and all that data is stored within that advertiser's one cookie. The advertiser can analyze your data and determine which ads to show you based on your interests, etc.

Even that might not sound so bad (and again, compared to real spyware, maybe it isn't). But what if the ad company is also able to determine, by some other means such as your entering a contest or filling out a questionnaire, who you are? Now they know who you are, the city where you live (they can determine that from your IP address), and a lot about your web surfing, and can build a rather good profile about you. In other words, even if most of the data in the cookie is anonymous, that doesn't mean they can't use other methods to get the data that isn't in the cookie, and combine the two.

So it is probably best to consider tracking cookies as spyware because even though they are not software themselves, they CAN be used to spy on you in ways you might not want.

Where are cookies stored?

In Windows XP, persistent cookies are stored in this folder, where "User" is the name of the logged-in user. In some default Windows XP installations, the user is called Owner:

  • C:\Documents and Settings\User\Cookies

By default, \Cookies is a Hidden System folder that you cannot view unless the options at Windows Explorer > Tools > Folder Options > View > Advanced Settings have been set to make Hidden and System folders visible.

Remember that not all cookies are tracking cookies. Whenever you delete all your cookies (by any method), you will lose all the information that websites have stored about your logins and preferences. For example, all the sites where you have checked the "Remember me" box will no longer remember you, and you will have to log in the next time you visit the site.

More about cookies

Both IE7 and FF have Help sections about managing cookies. The one in FF is more generally informative.

Assistance is available in the forum.

 

 

Valid HTML 4.01 Transitional Valid CSS
View content labeling at ICRA.
Copyright ©2008 Steven Whitney. Last modified 04/20/2008.