|So how does
A Web site (that uses
Cookies) generates a unique ID number
for each visitor and store the ID number on each user's
machine using a cookie file. This is way for a site to
accurately count visitors, the site can track not only your
purchases, but also the pages that you visit, the ads that you
click on, information you have given to the site in online
When you visit a web site your browser sends your cookie
containing the ID value back to the server. The server then
saves a record in the database that contains the time that you
downloaded the page and the URL, along with your ID and checks
(or resets) the expiration date.
There are certain providers that can
actually create cookies that are visible on multiple sites.
Many web sites use 3rd party providers to serve ad banners
and Cookies on their sites. They can also place small (1x1
pixels - WebBug) GIF files on the site that allow [example] DoubleClick to load cookies on your machine. These tracking
servers can then monitor
your movements across multiple sites.
So what's the big deal? ..... it's
just a Cookie, right?
Well that depends on if you understand how things really
work. These 3rd party Cookies are generated by companies that get
paid to obtain as much information as possible about your viewing
habits, preferences, computer settings, etc.
Now you multiply this times the amount of ads and Cookie prompts on the page
supplied by 3rd parties ..... This doesn't take into account the
other tricks they use such as web bugs - single pixel images, hidden
Getting the idea? ........ and that's just on one page! Then you
find an interesting link to another page and the process starts all
over again (ugh!) So the next time someone states that Cookies are
safe, be very cautious about the information you are divulging.
Never assume that these characters are playing by the rules either!
A good example of "not playing by the rules" is
"Monitors any new cookies that are created. If the cookies contain
certain keywords, advertisements for an adult-content Web site will
then be displayed."
Ben Edelman has uncovered adware installers actually creating
Cookies for other "Affiliates". Now technically this is
not allowed, but most adware installers never play by the rules
Or McAfee's article on
Adclicker-DF which states:
"Adds the following domains to the following key with the default
value of 0x00000001, so that they are always allowed." (These
are all 3rd party Ad Servers)
Disabling all cookies does not make you anonymous or prevent Web
sites from tracking your browsing habits. HTTP requests still
include information about where you came from (HTTP
IP address, browser version, operating system, and other
Editors Note: I have yet to find a site where 3rd party cookies
are required to be able to access the desired site. "Tracking
Cookies" as those listed in many
Antispyware scanners can be effectively stopped by using the
below option "Block all Third-party
Cookies" and I would also recommend adding those servers to the
A prime example of a site that uses a (ridiculous) huge amount of
3rd party Cookies [screenshot]
There were so many listed there they wouldn't all fit in the Privacy
McAfee description of "Tracking Cookie" - "These cookies may be
used to track personal settings, identification data, as well as
behavioral and usage details". [Example]
Internet Explorer Cookie Location
Persistent cookies have an expiration date. These cookies are
stored in the local users account under
folder, and the
folder for applications running under low privileges.
With Protected Mode Turned on, the browser essentially runs as a low
privilege process; as a result of which it can store / read / write
cookies in the LOW version of the Cookies folder:
However if you attempt to view your Cookies thru Internet
Explorer, you are only presented with the Cookies that exist in the
"\Cookies" folder and not the "\Cookies\Low" location ... go figure?
... also the "\Cookies\Low" folder does not show up unless you
enable "Hidden Folders" in Windows Explorer ...
To view Hidden Files
To allow yourself to view all file types, open Windows Explorer >
Tools > Folder Options > View tab
or Organize > Folder and search options > View tab
- Scroll down to the Hidden Files and Folders section
- Select: "Show hidden files and folders"
- Uncheck: "Hide file extensions for known file types"
- Uncheck: " Hide protected operating system files"
- Ok the Prompt, click Apply, Ok
Editors Note: general users should reverse the above when not in
need as this exposes all system files, including several on the
Desktop (desktop.ini) which you do not want to mess with ...
|Open Internet Options | Privacy, click on
the Advanced button.
Place a check in "Override automatic
Uncheck "Always allow session cookies"
Set "First Party Cookies" to Block, set "Third Party
Cookies" to Block.
Note: you will need to manually Allow certain cookies, you should add: "*.microsoft.com" (no quotes) to the "Always Allow" list to avoid any
problems with Windows Update or the many other Microsoft sites,
including the MSKB which requires Cookies to be accepted. I would
recommend adding any sites that you frequent such as Banking, and
any sites that require you to log in, (Social Networking) etc.
You'll find that after a while this only requires a very
Cookie Manager Programs
These programs were useful with previous versions of Internet
Explorer, however they are simply no longer needed. This feature is
now built into Internet Explorer and consumes no additional resources as these 3rd
party programs do.
If you are constantly prompted to remove 3rd party "Tracking
Cookies" and/or "Data Miners" after scanning
your machine, then your "Layered Protection" is not set up properly!
It's simple enough to go thru the Antispyware "scan log" and determine which Cookies keep
reappearing. Then add these to the "Always Block"
option, or simply block all 3rd party Cookies (recommended)
Editors Note: lately some malware infections are adding
these 3rd party Cookies, without you even visiting these sites.
That's what I mean about "playing by the rules" don't take
anything for granted.
The MVPS HOSTS file contains the majority of the "Tracking Cookies" listed in
the database of most Anti-Spyware or Antivirus programs.
object is to prevent these (3rd party) Cookies from loading,
not removing them "after the fact".
Test your Cookie Settings -
GRC Visitor Cookie Data Display - Web Browser Cookie Forensics
IECookiesView is a small utility that displays the details of
all cookies that Internet Explorer stores on your computer. This
includes the "\Cookies\Low" folder.
The freeware utility is a standalone executable, and installation is
not required. (XP/Vista/Win7) [screenshot]
Viewer [freeware - XP] allows you to view information stored in a
Cookie, delete unwanted Cookies on your hard drive. Note: when
viewing Cookies stored on your drive if you discover any unwanted
Cookies make a note of the server it is coming from (usually 3rd
party) add that site to your "Always Block" list in the
Internet Options | Privacy tab | Edit button.
Or simply block all 3rd party Cookies (recommended)
Editors Note: WinPatrol
help you manage your Cookies.
Viewing the Cookies
To view the info in the Cookies "index.dat"
2.1 (freeware - XP/Vista/Win7/8)
Click Histories, select: "IE History Cache Cookies (index.dat)"
You can then delete the Cookie itself or remove any sites listed in
the (Cookies) index.dat.
To delete the
(freeware) will clear the browser cache and the "index.dat"
Note: there are several other freeware utilities that will delete
the cache, however I find CCleaner to have the best set of features.
Be aware in their latest version they have added the Yahoo Toolbar
[ugh!] you can uncheck that option during the install or download
the (slim) version without the toolbar.
Cookies in the
JupiterResearch report finds that over 48 million Internet users
are running anti-spyware applications that delete third-party
tracking cookies. And nearly 38 million are using aggressive
anti-spyware applications that remove nearly 75% of tracking
And now for a little irony ... while browsing to the
following article the viewer gets bombarded with Clikz/RealMedia/ads,
if you look at the screenshot
... well do you think they are getting a little carried away?
What about Flash
An often overlooked area is the "Local Shared Objects", the flash
equivalent of cookies.
||Shared objects, or "Flash cookies," can be
cleared or turned off via the
Flash Player Settings Manager, an application similar to
your browser settings where cookies can be disabled. The
Settings Manager lets you delete shared objects and set your
shared object preferences (such as your desire to be
prompted, permissions, and storage limits) for all websites
or only specific ones.
You can also see how many Flash
Cookies already exist by doing a local search and enter:
Typical storage areas are:
C:\Documents and Settings\<username>\Application
Data\Macromedia\Flash Player (XP)
You may be surprised by how many (unneeded) sub-folders actually
exist there ...
So how do you protect yourself ... you have to go online ... yes
online, Adobe does not allow you to control your flash privacy
setting from your machine.
Start here and go thru the various tabs and select the privacy
settings that suit your needs. I would suggest unchecking the option
for “Allow third-party Flash content to store data on your
computer”. Please note these setting only remain until the
next Adobe flash update and there has been several just
this year. Flash player has been targeted by malicious culprits for
it's many vulnerabilities ... you can however retain your
preferences by setting the "settings.sol" file to Read Only
on your hard drive.
The settings.sol file is located in the following location:
\Users\<user name>\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
(where "<user name>" is the profile name you are using)
Once located, right-click and select Properties and place a check
in the Read only option, click Apply/Ok
Editors Note: Once Adobe is unable to "write" to
settings.sol it will create a new file - settings.sxx - When this
occurs you will need to set that file to Read Only also.
There are a few drawbacks to the above ... but I've learned to
live with them ... some sites will complain when they are not
allowed to store their tracking data on your machine. [Example-1]
Flash Cookie Cleaner