Take a Bite Out of Cookies

Protect your privacy and keep your surfing habits to yourself with proper cookie handling.

Cookies are small text files that web sites put on your hard disk to personalize the site for you or to track and then record your activities on the site. Cookies have gotten a lot of press—most of it bad—but the truth is, not all cookie use is bad. As a means of site customization, they’re a great way of helping you get the most out of the Web. They can also carry information about log-in names and passwords, which is a time-saver, since you won’t have to log into each site every time you visit. If you delete all your cookies, you won’t automatically get your Amazon wish list the next time you visit their site.

Warning

Cookies are big time-savers when it comes to logging you into web sites automatically, but they can also be security holes as well. If you use them to log you in automatically, anyone who uses your computer will be able to log into those sites with your username and password.

But cookies can also be used to track your online activities and identify you. Information about you, based on what cookies gather, can be put in a database, and profiles of you and your surfing habits can be created.

Because cookies can be privacy-invaders, XP gives you a number of ways to restrict how web sites place and use cookies on your PC. To understand how to restrict the ways cookies are used on your PC, you first need to understand three cookie-related terms:

First-party cookie

A cookie created by the site you’re currently visiting. These cookies are often used by sites to let you log on automatically—without having to type in your username and password—and customize how you use the site. Typically, these kinds of cookies are not invasive.

Third-party cookie

A cookie created by a site other than the one you’re currently visiting. Frequently, third-party cookies are used by advertisers or advertising networks. Some people (including me) consider these kinds of cookies invasive.

Compact privacy statement

A publicly posted policy that describes the details of how cookies are used on a site—for example, detailing the purpose of cookies, how they’re used, their source, and how long they will stay on your PC. (Some cookies are automatically deleted when you leave a web site, while others stay valid until a specified date.)

To protect your privacy, you also need to know the difference between implicit consent and explicit consent. Explicit consent means that you have specifically told a site that it can use personally identifiable information about you. It’s the same as opting in. Implicit consent means that you haven’t specifically told a site not to use personally identifiable information. It’s the same as not having opted out, or specifically requesting to be taken off a list.

Internet Explorer lets you customize how it handles cookies. You can choose from six levels of privacy settings, from Accept All Cookies to Block All Cookies. When choosing, keep in mind that some sites won’t function well or at all at the higher privacy settings, particularly if you choose to reject all cookies. I generally find that Medium High is a good compromise between protecting privacy and still being able to personalize web sites.

To customize your cookie settings in Internet Explorer, choose Tools Internet Options Privacy. Move the slider (shown in Figure 4-3) to your desired level.

Customizing cookie settings in Internet Explorer

Figure 4-3. Customizing cookie settings in Internet Explorer

Table 4-1 shows how each setting affects Internet Explorer’s cookie handling.

Table 4-1. Internet Explorer’s privacy settings and your privacy

Setting

How the setting affects your privacy

Block All Cookies

Blocks all cookies, without exception.

Does not allow web sites to read existing cookies.

High

Blocks cookies from all web sites that don’t have a compact privacy policy.

Blocks all cookies that use personally identifiable information without your explicit consent.

Medium High

Blocks third-party cookies from sites that don’t have a compact privacy policy.

Blocks third-party cookies that use personally identifiable information without your explicit consent.

Blocks first-party cookies that use personally identifiable information without your implicit consent.

Medium (Default)

Blocks third-party cookies from sites that don’t have a compact privacy policy.

Blocks third-party cookies that use personally identifiable information without your implicit consent.

Accepts first-party cookies that use personally identifiable information without your implicit consent, but deletes them when you close Internet Explorer.

Low

Blocks third-party cookies from sites that don’t have a compact privacy policy.

Accepts third-party cookies that use personally identifiable information without your implicit consent, but deletes them when you close Internet Explorer.

Accept All Cookies

Accepts all cookies, without exception.

Allows web sites read existing cookies.

Tip

In Mozilla, pretty good cookie management is built in. Access settings via Edit Preferences Privacy & Security Cookies, where you can enable or disable a variety of specific cookie-handling settings (accept, flag, decline, or ask you on a per-cookie basis) based on your own privacy settings (similar to those of IE), or the originating web site’s settings.

Customizing IE Cookie Handling

You’re not locked into IE’s preset levels of cookie handling. If you like, you can customize how it handles cookies so that you could, for example, accept or reject cookies from individual sites, or accept or reject all first-party and third-party cookies.

To accept or reject all cookies from a specific site, choose Tools Internet Options Privacy Edit. You’ll see the Per Site Privacy Actions dialog box, as shown in Figure 4-4. Type in the name of the site you want to accept or block cookies from, and click on either Block or Allow.

The Per Site Privacy Actions dialog box

Figure 4-4. The Per Site Privacy Actions dialog box

To customize how you handle first-party and third-party cookies, choose Tools Internet Options Privacy Advanced. Check the “Override automatic cookie handling” box, as shown in Figure 4-5. You can accept or reject all first-party or third-party cookies, or be prompted whether to accept them. You can also decide to always allow "session cookies”—cookies that last only as long as you’re on a specific web site and are deleted once you leave the site.

The Advanced Privacy Settings dialog box

Figure 4-5. The Advanced Privacy Settings dialog box

Export, Import, or Back Up Your Cookies

Although some cookies can be intrusive, some can also be helpful as well. They can log you into web sites automatically and customize the way you use and view the site. So, when you buy a new PC, you might want to export cookies from an older computer to it. If you have more than one PC, you might want all of them to have the same cookies. And you might want to back up your cookies for safe-keeping in case you accidentally delete the wrong ones.

To export or back up cookies from IE, choose File Import and Export. The Import/Export Wizard will launch. Choose Export Cookies and follow the directions. A single text file containing all your cookies will be created in My Documents, though you can choose a different location for them. To import cookies, launch the Import/Export Wizard, choose Import Cookies, and browse to the location where the cookie file has been stored.

Examine and Delete Cookies Manually

You can’t examine and delete your cookies from within Internet Explorer. However, because XP stores each IE cookie as an individual text file, you can read them and delete them just as you would any other text file. Go to C:\Documents and Settings\Your Name\Cookies in Windows Explorer, and you’ll see a list of individual cookies in a format like this:

your name@abcnews.com[1].txt

As a general rule, the name of the web site or ad network will be after the @, but not always—sometimes it will merely be a number. Open the file as you would any other text file (in Notepad, WordPad, or another text editor). Usually, there will be a list of numbers and letters inside, though you might find other useful information in there—for example, your username and password for the web site. If you don’t want the cookie on your hard disk, simply delete it as you would any other text file.

Netscape Navigator and Mozilla handle cookies differently than Internet Explorer. They store all cookies in a single file, cookies.txt, typically found in C:\Documents and Settings\<Your Name>\[Application Data\]Mozilla\Profiles\default\********.slt, where ******** is a random collection of numbers and letters. So, the directory might be C:\Documents and Settings\Name\Mozilla\Profiles\default\46yhu2ir.slt. If you’ve set up different Netscape/Mozilla profiles (Tools Switch Profile Manage Profiles Create Profile), cookies.txt won’t be in the default subfolder, but under each profile’s name. You can open the file and see each individual cookie. You can’t however, delete individual entries from the file by editing this file. Instead, use Netscape’s built-in Cookie Manager (at Tools Cookie Manager Manage Stored Cookies) to read and delete cookies.

Get a Third-Party Cookie Manager

The tools built into XP for managing cookies are reasonable, but for the most flexibility in handling cookies you should get a third-party cookie manager. My favorite (and my editor’s favorite) is Cookie Pal, available at http://www.kburra.com. It lets you easily customize which sites you’ll allow to put cookies on your PC, and it includes a cookie manager that lets you read and delete cookies. It also lets you accept or reject cookies on a case-by-case basis as you browse the Web. If you use browsers other than IE, you might be out of luck, though. As of this writing, Cookie Pal works only with Versions 3 and 4 of Netscape Navigator and Versions 4, 5, and 6 of Opera. (Mozilla and later Netscape version have similarly good managers built in, as mentioned earlier.)

Opt Out of Cookie-Based Ad Networks

Online ad networks have the potential to create in-depth, privacy-invading profiles of your web travels and personal interests, because they can place a single cookie on your hard disk that will track you across multiple sites. Normally, sites can’t share cookie information with each other, but ad networks have found a way around this, so they can aggregate your behavior from many web sites.

You can fight back by opting out of some of the biggest online ad networks. You’ll have them place an opt-out cookie on your hard disk that will tell the various sites not to track what you’re doing; this will go a long way toward protecting your privacy.

To opt out of the DoubleClick online advertising network, go to http://www.doubleclick.com/us/corporate/privacy/privacy/ad-cookie/ and click on the “Ad Cookie Opt-Out” button at the bottom of the page.

To see whether the opt-out worked, if you’re an Internet Explorer user, go to your cookies folder, which is typically C:\Documents and Settings\<Your Name>\Cookies. Look for a cookie named your name@doubleclick[1].txt—for example, preston gralla@doubleclick[1].txt. The contents of the cookie should look something like this:

id OPT_OUT doubleclick.net/ 1024 468938752 31583413 3447013104 29418226 *

In Netscape Navigator, your cookies.txt file is typically found in C:\Documents and Settings\<Your Name>\Application Data\Mozilla\Profiles\default\********.slt, where ******** is a random collection of numbers and letters. So, the directory might be C:\Documents and Settings\Name\Mozilla\Profiles\default\46yhu2ir.slt. Look in the file for an entry that looks like this:

.doubleclick.net     TRUE    /     FALSE  1920499138        id         OPT_OUT

You can instead use Netscape’s built-in Cookie Manager to examine the cookie, by choosing Tools Cookie Manager Manage Stored Cookies.

Some other advertising networks let you opt out as well. For details, go to http://www.networkadvertising.org/optout_nonppii.asp and follow the instructions for opting out. To verify that you’ve successfully opted out of the other ad networks, click on the Verify Cookies menu item on the left part of the page.

Get Windows XP Hacks now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.