Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tracking Cookies: A Few Questions


  • Please log in to reply
9 replies to this topic

#1 binx1310

binx1310

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 01 February 2007 - 04:48 AM

Are tracking cookies a threat? every time i run avg anti spy it finds about 10/15 tracking cookies.

are they a threat and is there a way to stop them?

cheers

will

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:03 AM

Posted 01 February 2007 - 05:23 AM

How to block Third Party (tracking/advertising) cookies in IE:
http://privacy.getnetwise.org/browsing/tools/ie6/block3
--------------------------------------------------------------------------------


http://www.lifehacker.com/software/firefox...eaks-209941.php
Starting in Firefox 2.0, The option to block third-party cookies has been removed from the user interface [1]. Firefox 2.0 users who wish to limit allowed cookies to those set by the originating website can use about:config to modify the preference network.cookie.cookieBehavior to "1"
--------------------------------------------------------------------------------

http://www.ghacks.net/2006/11/03/how-to-di...ies-in-firefox/
http://www.ghacks.net/category/browsing/firefox/

The developers of Firefox removed the option to disable third party cookies in firefox 2.0 stating the reason that it was not possible to block all third party cookies with this function. Third Party Cookies are mainly cookies that track user behavior, the big ad networks for instance like to use them a lot. There are basically two options to disable third party cookies in Firefox.

The first would be to disable it manually by opening about:config from the address bar. Search for network.cookie.cookieBehavior and take a look a the value. If it is set to 0 you accept all cookies, 1 means you only accept cookies from the same server, 2 means you disable all cookies. Setting it to 1 has the same effect that the option in the old firefox browsers had: it disables third party cookie

I promised a second option. You could install a add-on as well that blocks third party cookies. One of the many extensions that does that is called CookieSafe. This one for instance makes it possible to disable all cookies and allow them only for specific sites (whitelist). There is no need that most sites store cookies when you are visiting them unless you have an account on that site.
--------------------------------------------------------------------------------


http://en.wikipedia.org/wiki/HTTP_cookie
Privacy and third-party cookies
Cookies have some important implications on the privacy and anonymity of Web users. While cookies are only sent to the server setting them or one in the same Internet domain, a Web page may contain images or other components stored on servers in other domains. Cookies that are set during retrieval of these components are called third-party cookies.


Advertising companies use third-party cookies to track a user across multiple sites. In particular, an advertising company can track a user across all pages where it has placed advertising images or web bugs. Knowledge of the pages visited by a user allows the advertisement company to target advertisement to the user's presumed preferences.

The possibility of building a profile of users has been considered by some a potential privacy threat, even when the tracking is done on a single domain but especially when tracking is done across multiple domains using third-party cookies. For this reason, some countries have legislation about cookies.

The United States government has set strict rules on setting cookies in 2000 after it was disclosed that the White House drug policy office used cookies to track computer users viewing its online anti-drug advertising to see if they then visited sites about drug making and drug use. In 2002, privacy activist Daniel Brandt found that the CIA had been leaving persistent cookies on computers for ten years. When notified it was violating policy, CIA stated that these cookies were not intentionally set and stopped setting them.[8] On December 25, 2005, Brandt discovered that the National Security Agency had been leaving two persistent cookies on visitors' computers due to a software upgrade. After being informed, the National Security Agency immediately disabled the cookies.[9]

The 2002 European Union telecommunication privacy Directive contains rules about the use of cookies. In particular, Article 5, Paragraph 3 of this directive mandates that storing data (like cookies) in a user's computer can only be done if: 1) the user is provided information about how this data is used; and 2) the user is given the possibility of denying this storing operation. However, this article also states that storing data that is necessary for technical reasons is exempted from this rule. This directive was expected to have been applied since October 2003, but a December 2004 report says (page 38) that this provision was not applied in practice, and that some member countries (Slovakia, Latvia, Greece, Belgium, and Luxembourg) did not even implement the provision in national law. The same report suggests a thorough analysis of the situation in the Member States.


[edit] Drawbacks of cookies
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:03 AM

Posted 01 February 2007 - 05:28 AM

Greetings binx1310:

Tracking cookies are often used by various sites to track your surfing. Many are used to create targeted advertising at the user. How to block depends in part on what browser you are using.

In Internet Explorer:

Tools --> Internet Options --> Privacy tab --> Advanced

Put a check by Over-ride automatic cookie handling

Click on the button by Block under Third-party Cookies so there is a green dot in the white circle.

Click on the button by Prompt under First-party Cookies so there is a green dot in the white circle.

You will now be prompted to whether or not to accept cookies. Click on "more information" to find out just who and what is wanting to set it and also to find out if it is a session cookie or not. I generally block ALL cookies unless they are absolutely necessary to run the site. If you know that you don't need cookies from that site, click on "block cookie" and put a check by "Apply my decision to all cookies from this Web site." If you know that you need cookies from that site, click on "accept cookie" and put a check by "Apply my decision to all cookies from this Web site." If you discover that you made the wrong decision do this:

Tools --> Internet Options --> Privacy tab --> Sites

A window will open up listing all the sites you have blocked or allowed. You can organize them by domain or setting - that is allow or block. Scroll to the site in question, click on in then click 'remove'. When you go to the site, you will be prompted afresh and you can reverse your decision.

If you are using pre-version 2 Firefox

Tools-->Options-->Privacy-->Cookies

Put a check by Allow sites to set Cookies
Put a check by for the originating site only
by Keep cookies make sure it says Ask me every time. Select it by using the drop down arrow to the right.

Again, you will receive prompts. Click on Show details to get the information about the cookie. Unlike Internet Explorer, you won't have to click on that again. Firefox remembers that you did so.

You have three choices: Allow Allow for session and Deny

The first means that if a site uses persistent cookies, that is long-term cookies, the cookies will stay on your computer even if you reboot. Allow for session means that the cookies be deleted when you close your browser down. That means you will need to log in every time to the sites that require it - such as BleepingComputer. This is what I choose when I have to accept a cookie because I don't like having any cookies stored on my computer - a hold-over from when I used public computers exclusively. Deny, of course, means that you have blocked the cookie. If you want Firefox to remember your choice, put a check by "use my choice for all cookies from this site." If you discover you made the wrong decision, go back to the cookies in the privacy area and click on the exceptions button. You may organize the sites by site or by status - that is blocked, allowed for session, or allow.


Also, download and install SpywareBlaster which will block many tracking cookies and much spyware before the browser even gets around to prompting you. Download site: http://www.javacoolsoftware.com/spywareblaster.html

Tutorial: http://www.bleepingcomputer.com/tutorials/use-spywareblaster-to-protect-your-computer/

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#4 kirkinfl

kirkinfl

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 01 February 2007 - 06:55 AM

You will now be prompted to whether or not to accept cookies. Click on "more information" to find out just who and what is wanting to set it and also to find out if it is a session cookie or not. I generally block ALL cookies unless they are absolutely necessary to run the site. If you know that you don't need cookies from that site, click on "block cookie" and put a check by "Apply my decision to all cookies from this Web site." If you know that you need cookies from that site, click on "accept cookie" and put a check by "Apply my decision to all cookies from this Web site." If you discover that you made the wrong decision do this:

Won't this result in a LOT of interruptions to normal accessing of normal and benign sites? If one makes the changes you listed, will we have to answer a prompt on most sites we visit?

I've just changed my settings per your instructions and will try it for a while to see what happens. :thumbsup:

BTW, will these settings conflict with the blocking of third party cookies done by the Immunize function of
Spybot Search and Destroy? Anyone know?

#5 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:03 AM

Posted 01 February 2007 - 07:53 AM

To answer your question, cookies are not a 'threat', they are simply a text file. They can not be executed, they can't call home, they don't cause popups, they can't steal passwords, etc. What they can do is keep a count of how many times you visited a web page, keep your password and username for a particular site so that you don't have to log in every time, keep custom settings, etc. On some sites, they can keep a record what ads you may have clicked on so that the next time you return, they can offer ads with similar content.

Cookies are not malware. So I suppose it depends on how you define 'threat'.

#6 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:02:03 AM

Posted 01 February 2007 - 11:18 AM

For Ff 2.0 and above:
Tools/Options/Privacy. The settings should be "accept cookies from sites" and
"keep until" should be "ask me every time." You can then manage sites in the Exceptions: always keep, always block, etc.

Even the worst kind of cookie, as Groovicus points out, will not harm your computer, and these can easily be erased by any good anti-spyware application.

Regards,
John
Whereof one cannot speak, thereof one should be silent.

#7 whintersby

whintersby

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 01 February 2007 - 11:48 AM

Personally I wouldn't recommend disabling cookies as this is likely to lead to more frustration than anything. The majority of times they are there to help you and your browsing, and a high number of websites rely on these in order to recognise you specifically (for good purposes).

It's programs like Spybot and Adaware that have given cookies a bad name with the uneducated, an even programs like Webroot Spysweeper continue to scan your computer and attempt to make you pay JUST to empty your cookies - a business tactic that I find very grey and almost fraudulent.

Cookies are GOOD everybody! :thumbsup:

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:03 AM

Posted 01 February 2007 - 02:13 PM

To the question about whether the blocking and prompting settings for cookies would interfere with Spybot, the answer is no.

I hope I didn't give the impression earlier that cookies are inherently 'bad'. That said, many cookies just don't need to be there. If I'm on Amazon for example, I don't need double-click tracking my surfing through the cookies they would place if I didn't block them.

The only way keeping cookies on your own computer, such as the ones placed by BleepingComputer or Amazon, can be harmful is if another user got into your user account and entered those sites with your information.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#9 Commander Gman

Commander Gman

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 27 February 2007 - 06:34 AM

Hi There!
Cookies,these are in notepad when you open it,you'll find text there,the text written there were written by the sites you have visited while surfing the internet,these are used when you log-in or at least visit the site,although each time you visit a site ,some of them are considered as "tracking cookies/data miners" they steal your identity,information and personal data they come in your system without any authorization unlike normal cookies which dont,cookies are needed to set your settings when you visit a site or log-in so all you need is an anti-spyware program thats good on determining cookies which is tracking or non-tracking cookies,it is also recommended to scan your cookies frequently to stop identity theft.
Exact location where all cookies are stored:C:\Documents and Settings\user\Cookies (In Windows XP)
Examples of these are:
tribalfusion
doubleclick
tacoda
and more......
I recommend this to scan your cookies (download the free version)
http://www.superantispyware.com/download.html -SUPERAntiSpyware
Hope this information helps you
-Commander Gman :thumbsup:

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#10 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:03 AM

Posted 27 February 2007 - 09:25 AM

Again, cookies are simply text files; Cookies are not executables, therefore they can not 'steal your identity, information, or personal data' anymore than an envelope can steal your address. Cookies are a text file. Period. The text contained within a cookie can be used to build a profile of sites you have visited, but only by the server that set the cookies in the first place. I can not access your computer and view any cookies other than ones I may have set.

Second, this thread is a month old. Do you suppose that the original problem was maybe already resolved?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users