Tracking cookies and what to do about them

Am I Paranoid?

I have long been paranoid about being tracked on the Internet. Imagine that you are out at the mall shopping. You notice two or three people seem to follow you into every shop you enter. They are taking notes.   And when you actually buy something, you see them talking to the cashier after you leave.  That would make me paranoid as ever. Wouldn’t you be? That is sort of what tracking cookies can do.

Cookies

Before I go on, here is some simple information about cookies if you are not sure what they are.  Cookies sound yummy.  I assure you, that in a browser like FireFox, Internet Explorer or Safari, cookies are quite bland.  They are small pieces of data that are stored in the browser as requested by the web site.  The cookie belongs to the web site in the sense that it sets the cookie and can read it later.  One site cannot read another site’s cookies from your browser.  It is important to note that the browser does not have to store the cookie as requested.  It can flat out refuse or it can store it in a modified way.  You can tell the browser what to do with cookies.  That is what this article is all about.

Let me continue.  Cookies come in two flavors, temporary or permanent.  Temporary cookies go away when you restart your browser.  Permanent cookies have an expiration date in the future.  They can hang around for a long long time.  The expiration date is decided by the site who asks for the cookie.  I have seen some that expire in 2037.  The other thing to know is that if a site includes some element from another site, say an image, that other site can also set a cookie of its own.  Say you are at devsanctum.com and it requests a cookie.  Fine, you allow that.  But that site brings in an image from another site, say riverspring.net.  Riverspring.net can set its own cookie.  Now you have two cookies.

I’m not trying to tell you that cookies are bad things.  Like most things in life, they can be good or bad depending on their use.  What I am talking about here is an area of cookie use that I find a little uncomfortable.

Back to regular programming.  Most of this tracking cookie thing revolves around advertising. I say “most” because there are other uses.  If you login to your bank to do online banking, as you move from screen to screen, the bank website will use a cookie to identify you across the pages.  Otherwise you would be logging in at every page.  Your banking site only needs a temporary cookie because you will do what you have to do then go away.  You do not want it to remember you forever.  That would be bad.  However, if I go to a site that has a banner ad for Foozles which sets a cookie for the purpose of knowing where I saw its ad, that is different than what my bank needs.  It is using my computing resources to track me with no benefit to me at all.  In my opinion, temporary cookies are usually fine.  They are not normally used for tracking.  And they are necessary in many cases.

Now on to the good stuff.  I am sure you have seen ads on web pages.   Of course, those advertisers want you to click on those ads. Even better, they want you to click on the ad and then buy something.  Seems simple enough.  Except the site where you see the ad is often not the place that is selling the product.  You actually buy the product somewhere else. And the place who is actually selling the product wants to or is required to reward the site where you first saw the ad. Rather than ask you at the time you make a purchase, a cookie is stored in your browser when you view the original web page. Then when you buy the product, they know where you saw the original ad and the seller can compensate the web site accordingly.  Again, my computing resources are being used for purposes that bring no benefit to me at all.

The thing is that many relationships between advertisers and sites that display ads are more complicated.  When they display the ad, they want to record that you saw the ad there first.  They might actually get paid just because you saw the ad.  You might go to the site some time later, perhaps days later.  And they still want to know where you saw the original ad.  For this reason they store permanent cookies.  Additionally, there might be more than one tracking mechanism in place.  Since money is involved, they have to track everything. This additional tracking allows the advertisers to verify that the ad was viewed that many times as the site claims.  They don’t want to just take their word for it.  Benefit to site and advertiser.  No benefit to me.

So I try as best as I can to disable all of this tracking.  I use the FireFox browser partly because it allows me to control cookies.  I can tell it which site I want to allow setting cookies and which sites I do not.  And I can tell it to allow some sites to store only temporary cookies even though it asks for permanent ones.  The browser accepts the site’s request for a permanent cookie but gets rid of the cookie once FireFox is restarted.  How cool is that?

The site that requested the cookies thinks that it will track you to the grave but little does it know that when you restart the browser, that tracking mechanism is gone!

Next time you use the site, it will establish a new tracking cookie and think that you are someone who it has never seen before.  I also make FireFox to tell me when it is about to set a cookie for a site I have not seen before.  And at that point, I can tell it what to do with that request and future requests from that site.

The one thing I accept as part of surfing the web is that my browser is constantly asking me what to do with cookies.  If you turn this on, you will be amazed at how many cookies some sites set.  Of course, if you only go to a few sites, the number of times you get asked to approve a cookie request goes down.  But if you are like me, and go to new sites constantly, the process never ends.  When in doubt, I allow a temporary cookie.  And I can go in later and remove it.

Here is a list of tracking and advertising sites you can block.

2o7.net
3dstats.com
activemeter.com
adbasket.net
adbureau.net
adinterax.xom
adrevolver.com
advertising.com
atdmt.com
casalemedia.com
clickbank.net
clickability.com
cpcmanager.com
cqcounter.com
euroclick.com
fastclick.net
hitbox.com
onestat.com
popfly.com
popfly.ms
questionmarket.com
searchmarketing.com
searchtrack.net
sitemeter.com
spylog.com
statcounter.com
superstats.com
tacoda.net
webtrendslive.com
webtrends.com
yieldy.com
zedo.com

This is certainly not a complete list.  I am sure there are more.  Here is how to do it in FireFox.

In FireFox 3, open the Tools menu and select Options.  Click the Privacy tab.

Click the Exceptions button.

In the area that is labeled “Address of website” enter each one on the list and click the Disable button.  Yes, I know it takes a while.  There is no rest for the paranoid.

Once all this is in place, browsing the web becomes easier.  I significantly reduce the tracking that a site can do on me.