Recipe 13.9. Protecting Your Privacy by Handling Cookies Properly

Problem

You want to protect your privacy when surfing the web by handling cookies properly.

Solution

Using a graphical user interface

To customize your cookie settings in Internet Explorer, choose Tools Internet Options Privacy. Under Settings, move the slider to your desired level. Table 13-3 shows how each setting affects Internet Explorer's cookie-handling.

Customizing IE cookie-handling

You're not locked into IE's preset levels of cookie-handling. If you like, you can customize how it handles cookies so that you can, for example, accept or reject cookies from individual sites, or accept or reject all first-party and third-party cookies.

To accept or reject all cookies from a specific site, choose Tools Internet Options Privacy Sites. You'll see the Per Site Privacy Actions dialog box. Type in the name of the site you want to accept or block cookies from, and click either Block or Allow.

To customize how you handle first-party and third-party cookies, choose Tools Internet Options Privacy Advanced. Check the Override automatic cookie handling box. You can accept or reject all first-party or third-party cookies, or be prompted whether to accept them. You can also decide to always allow session cookies: cookies that last only as long as you're on a specific web site and are deleted once you leave the site.

Using downloadable software

The tools built into XP for managing cookies are reasonable, but for the most flexibility in handling cookies you should get a third-party cookie manager. The best is Cookie Pal, available at http://www.kburra.com. It's shareware; it's free to try, but $15 if you use it beyond 15 days. It lets you easily customize which sites you'll allow to put cookies on your PC, and it includes a cookie manager that lets you read and delete cookies. It also lets you accept or reject cookies on a case-by-case basis as you browse the web. If you use browsers other than IE, you might be out of luck, though. As of this writing, Cookie Pal works only with Versions 3 and 4 of Netscape Navigator and Versions 4, 5, and 6 of Opera. (Mozilla, Firefox, and later Netscape versions have similarly good managers built in, as mentioned earlier.)

Discussion

Cookies can be used to track your online activities and identify you to advertising networks and web sites. Information about you, based on what cookies gather, can be put in a database, and profiles of you and your surfing habits can be created.

Not all cookies are privacy-invaders, though, and some can be used for useful purposes, such as logging you into web sites, and customizing web sites.

Internet Explorer lets you customize your use of cookies according to the level of privacy you want. You can choose from six levels of privacy settings, from Accept All Cookies to Block All Cookies. When choosing, keep in mind that some sites won't function well or at all at the higher privacy settings, particularly if you choose to reject all cookies. I generally find that Medium High is a good compromise between protecting privacy and still being able to personalize web sites.

Cookies have gotten a lot of press most of it bad but the truth is, not all cookie use is bad. As a means of site customization, they're a great way of helping you get the most out of the Web. They can also carry information about log-in names and passwords, which is a timesaver, since you won't have to log into each site every time you visit.

Cookies can be security holes. If you use them to log you into a site automatically, anyone who uses your computer will be able to log into those sites with your username and password.

To help you better decide how to use this recipe for handling cookies, you should understand three cookie-related terms.

First-party cookie

A cookie created by the site you're currently visiting. These cookies are often used by sites to let you log on automatically without having to type in your username and password and customize how you use the site. Typically, these kinds of cookies are not invasive.

Third-party cookie

A cookie created by a site other than the one you're currently visiting. Frequently, third-party cookies are used by advertisers or advertising networks. Some people (including me) consider these kinds of cookies invasive.

Compact privacy statement

A publicly posted policy that describes the details of how cookies are used on a site for example, detailing the purpose of cookies, how they're used, their source, and how long they will stay on your PC. (Some cookies are automatically deleted when you leave a web site, while others stay valid until a specified date.)

You also need to know the difference between implicit consent and explicit consent. Explicit consent means you have specifically told a site it can use personally identifiable information about you. It's the same as opting in. Implicit consent means you haven't specifically told a site not to use personally identifiable information. It's the same as not having opted out, or specifically requesting to be taken off a list.

Export, import, or back up your cookies

Although some cookies can be intrusive, some can be helpful. They can log you into web sites automatically and customize the way you use and view the site. So, when you buy a new PC, you might want to export cookies from an older computer to it. If you have more than one PC, you might want all of them to have the same cookies. And you might want to back up your cookies for safe-keeping in case you accidentally delete the wrong ones.

To export or back up cookies from IE, choose File Import and Export. The Import/Export wizard will launch. Choose Export Cookies and follow the directions. A single text file containing all your cookies will be created in My Documents, though you can choose a different location for them. To import cookies, launch the Import/Export wizard, choose Import Cookies, and browse to the location where the cookie file has been stored.

Examine and delete cookies manually

You can't examine and delete your cookies from within Internet Explorer. However, because XP stores each IE cookie as an individual text file, you can read them and delete them just as you would any other text file. Go to C:\Documents and Settings\<Your Name>\Cookies in Windows Explorer, and you'll see a list of individual cookies in a format like this:

your name@abcnews.com[1].txt

As a general rule, the name of the web site or ad network will be after the @, but not always sometimes it will merely be a number. Open the file as you would any other text file (in Notepad, WordPad, or another text editor). Usually, there will be a list of numbers and letters inside, though you might find other useful information in there for example, your username and password for the web site. If you don't want the cookie on your hard disk, simply delete it as you would any other text file.

Netscape Navigator and Mozilla handle cookies differently than Internet Explorer. They store all cookies in a single file, cookies.txt, typically found in C:\Documents and Settings\<Your Name>\Application Data\Mozilla\Profiles\default\********.slt, where ******** is a random collection of numbers and letters. So, the directory might be C:\Documents and Settings\Name\Mozilla\Profiles\default\46yhu2ir.slt. If you've set up different Netscape/Mozilla profiles (Tools Switch Profile Manage Profiles Create Profile), cookies.txt won't be in the default subfolder, but under each profile's name. You can open the file and see each individual cookie. You can't however, delete individual entries from the file by editing this file. Instead, use Netscape's built-in Cookie Manager (at Tools Cookie Manager Manage Stored Cookies) to read and delete cookies.

In Firefox, you'll find the cookies.txt file in C:\Documents and Settings<Your Name>\Application Data\Mozilla\Firefox\Profiles\default.xxx, where xxx is a random collection of three letters. Use Firefox's built-in Cookie Manager (Tools Options Privacy) to read and delete cookies.

See Also

For comprehensive information about cookies and how to handle them, see Cookie Central at http://www.cookiecentral.com. And for Microsoft's cookie FAQ, go to http://www.microsoft.com/info/cookies.mspx.