Hack35.Take a Bite Out of Cookies

Hack 35. Take a Bite Out of Cookies

Protect your privacy and keep your surfing habits to yourself with proper cookie-handling.

Cookies are small text files that web sites put on your hard disk to personalize the site for you or to track and then record your activities on the site. Cookies have gotten a lot of pressmost of it badbut the truth is, not all cookie use is bad. As a means of site customization, they're a great way of helping you get the most out of the Web. They can also carry information about log-in names and passwords, which is a timesaver, since you won't have to log into each site every time you visit. If you delete all your cookies, you won't automatically get your Amazon wish list the next time you visit that site.

Cookies are big timesavers when it comes to logging you into web sites automatically, but they can also be security holes as well. If you use them to log you in automatically, anyone who uses your computer will be able to log in to those sites with your username and password.

But cookies can also be used to track your online activities and identify you. Information about you, based on what cookies gather, can be put in a database, and profiles of you and your surfing habits can be created.

Because cookies can be privacy-invaders, XP gives you a number of ways to restrict how web sites place and use cookies on your PC. To understand how to restrict the ways cookies are used on your PC, first you need to understand three cookie-related terms:

First-party cookie

A cookie created by the site you're currently visiting. These cookies are often used by sites to let you log on automaticallywithout having to type in your username and passwordand customize how you use the site. Typically, these kinds of cookies are not invasive.

Third-party cookie

A cookie created by a site other than the one you're currently visiting. Frequently, third-party cookies are used by advertisers or advertising networks. Some people (including me) consider these kinds of cookies invasive.

Compact privacy statement

A publicly posted policy that describes the details of how cookies are used on a sitefor example, detailing the purpose of cookies, how they're used, their source, and how long they will stay on your PC. (Some cookies are automatically deleted when you leave a web site, while others stay valid until a specified date.)

To protect your privacy, you also need to know the difference between implicit consent and explicit consent. Explicit consent means you have specifically told a site it can use personally identifiable information about you. It's the same as opting in. Implicit consent means you haven't specifically told a site not to use personally identifiable information. It's the same as not having opted out, or specifically requesting to be taken off a list.

Internet Explorer lets you customize how it handles cookies. You can choose from six levels of privacy settings, from Accept All Cookies to Block All Cookies. When choosing, keep in mind that some sites won't function well or at all at the higher privacy settings, particularly if you choose to reject all cookies. I generally find that Medium High is a good compromise between protecting privacy and still being able to personalize web sites.

To customize your cookie settings in Internet Explorer, choose Tools Internet Options Privacy. Move the slider (shown in Figure 4-9) to your desired level.

Figure 4-9. Customizing cookie settings in Internet Explorer

Table 4-1 shows how each setting affects Internet Explorer's cookie-handling.

In Firefox, pretty good cookie management is built in. Access settings via Tools Options Privacy. You can block cookies, allow cookies on a site-by-site basis, set expiration times for cookies, and more.

4.5.1. Customizing IE Cookie-Handling

You're not locked into IE's preset levels of cookie-handling. If you like, you can customize how it handles cookies so that you can, for example, accept or reject cookies from individual sites, or accept or reject all first-party and third-party cookies.

To accept or reject all cookies from a specific site, choose Tools Internet Options Privacy Sites. You'll see the Per Site Privacy Actions dialog box, as shown in Figure 4-10. Type in the name of the site you want to accept or block cookies from, and click either Block or Allow.

Figure 4-10. The Per Site Privacy Actions dialog box

To customize how you handle first-party and third-party cookies, choose Tools Internet Options Privacy Advanced. Check the "Override automatic cookie handling" box, as shown in Figure 4-11. You can accept or reject all first-party or third-party cookies, or be prompted whether to accept them. You can also decide to always allow session cookies, cookies that last only as long as you're on a specific web site and are deleted once you leave the site.

Figure 4-11. The Advanced Privacy Settings dialog box

4.5.2. Export, Import, or Back Up Your Cookies

Although some cookies can be intrusive, some can be helpful. They can log you into web sites automatically and customize the way you use and view the site. So, when you buy a new PC, you might want to export cookies from an older computer to it. If you have more than one PC, you might want all of them to have the same cookies. And you might want to back up your cookies for safe-keeping in case you accidentally delete the wrong ones.

To export or back up cookies from IE, choose File Import and Export. The Import/Export Wizard will launch. Choose Export Cookies and follow the directions. A single text file containing all your cookies will be created in My Documents, though you can choose a different location for them. To import cookies, launch the Import/Export Wizard, choose Import Cookies, and browse to the location where the cookie file has been stored.

4.5.3. Examine and Delete Cookies Manually

You can't examine and delete your cookies from within Internet Explorer. However, because XP stores each IE cookie as an individual text file, you can read them and delete them just as you would any other text file. Go to C:\Documents and Settings\<Your Name>\Cookies in Windows Explorer, and you'll see a list of individual cookies in a format like this:

your name@abcnews.com[1].txt

As a general rule, the name of the web site or ad network will be after the @, but not alwayssometimes it will merely be a number. Open the file as you would any other text file (in Notepad, WordPad, or another text editor). Usually, there will be a list of numbers and letters inside, though you might find other useful information in therefor example, your username and password for the web site. If you don't want the cookie on your hard disk, simply delete it as you would any other text file.

Netscape Navigator and Mozilla handle cookies differently than Internet Explorer. They store all cookies in a single file, cookies.txt, typically found in C:\Documents and Settings\<Your Name>\Application Data\Mozilla\Profiles\default\********.slt, where ******** is a random collection of numbers and letters. So, the directory might be C:\Documents and Settings\Name\Mozilla\Profiles\default\46yhu2ir.slt. If you've set up different Netscape/Mozilla profiles (Tools Switch Profile Manage Profiles Create Profile), cookies.txt won't be in the default subfolder, but under each profile's name. You can open the file and see each individual cookie. You can't however, delete individual entries from the file by editing this file. Instead, use Netscape's built-in Cookie Manager (at Tools Cookie Manager Manage Stored Cookies) to read and delete cookies.

In Firefox, you'll find the cookies.txt file in C:\Documents and Settings\<Your Name>\Application Data\Mozilla\Firefox\Profiles\default.xxx, where xxx is a random collection of three letters. Use Firefox's built-in Cookie Manager (Tools Options Privacy) to read and delete cookies.

4.5.4. Get a Third-Party Cookie Manager

The tools built into XP for managing cookies are reasonable, but for the most flexibility in handling cookies you should get a third-party cookie manager. My favorite (and my editor's favorite) is Cookie Pal, available at http://www.kburra.com. It lets you easily customize which sites you'll allow to put cookies on your PC, and it includes a cookie manager that lets you read and delete cookies. It also lets you accept or reject cookies on a case-by-case basis as you browse the Web. If you use browsers other than IE, you might be out of luck, though. As of this writing, Cookie Pal works only with Versions 3 and 4 of Netscape Navigator and Versions 4, 5, and 6 of Opera. (Mozilla and later Netscape versions have similarly good managers built in, as mentioned earlier.)

4.5.5. Opt Out of Cookie-Based Ad Networks

Online ad networks have the potential to create in-depth, privacy-invading profiles of your web travels and personal interests because they can place a single cookie on your hard disk that will track you across multiple sites. Normally, sites can't share cookie information with each other, but ad networks have found a way around this, so they can aggregate your behavior from many web sites.

You can fight back by opting out of some of the biggest online ad networks. You'll have them place an opt-out cookie on your hard disk that will tell the various sites not to track what you're doing; this will go a long way toward protecting your privacy.

To opt out of the DoubleClick online advertising network, go to http://www.doubleclick.com/us/corporate/privacy/privacy/ad-cookie/ and click the Ad Cookie Opt-Out button at the bottom of the page.

To see whether the opt-out worked, if you're an Internet Explorer user, go to your cookies folder, which is typically C:\Documents and Settings\<Your Name>\Cookies. Look for a cookie named your name@doubleclick[1].txtfor example, preston gralla@doubleclick[1].txt. The contents of the cookie should look something like this:

id OPT_OUT doubleclick.net/ 1024 468938752 31583413 3447013104 29418226 *

In Netscape Navigator, your cookies.txt file is typically found in C:\Documents and Settings\<Your Name>\Application Data\Mozilla\Profiles\default\********.slt, where ******** is a random collection of numbers and letters. So, the directory might be C:\Documents and Settings\Name\Mozilla\Profiles\default\46yhu2ir.slt. Look in the file for an entry that looks like this:

.doubleclick.net    TRUE   /    FALSE  1920499138      id       OPT_OUT

You can instead use Netscape's built-in Cookie Manager to examine the cookie, by choosing Tools Cookie Manager Manage Stored Cookies.

Some other advertising networks let you opt out as well. For details, go to http://www.networkadvertising.org/optout_nonppii.asp and follow the instructions for opting out. To verify that you've successfully opted out of the other ad networks, click the Verify Cookies menu item on the left part of the page.

4.5.6. See Also

• [Hack #33]

• [Hack #34]

• [Hack #36]

• [Hack #37]