Don’t get baked by Cookies – Surf Safe & Anonymous Pt 3

If you want to be anonymous in real life, buy a big coat. Online, and for your PC, it’s more complex. Why do it? To shore up your identity, safeguard data, secure eCommerce and give peace of mind.

This guvGuide helps you find the level of anonymity to suit you, to take control of your identity, to enjoy faster, safer surfing and, in Part 3…

…to reject bad cookies while accepting good ones.

[sniplet guvSellBox]

I’ve endeavoured to make this guide as comprehensive as possible; detailed, yet bulleted. But hey, if there’s something missing, you’ve got a suggestion, or a disagreement, please leave a comment below, and we’ll improve the guide. Tx.

Cookies for Rookies

Cookies are key, literally, to your online experience. They are highly useful. They are also used to spy on you. Seeing as you use them every time you log on, and they sit on your PC, you need to know what they are and how to control them to your benefit, rather than to the benefit of others.

What are cookies?

They’re text files that a web server stores on a user’s hard disk. Generally, they’re used to help websites differentiate users. They convenience users too, helping with logging in, recalling preferences, assisting shopping, form filling and suchlike. Without them, surfing would be tedious or, on many sites, impracticable.

Put another way, cookies are like a set of keys. Each key opens a different door, and each cookie assists navigating a different site. Lose you key, and you may have to create another. If you lose the cookie to your online bank, you can get a replacement, but it wastes time.

So they are useful. But. They are also employed, routinely, to invade your privacy.

What they are not

There are some popular misconceptions. Let’s lose those:-

• they are not worms, viruses, trojans, malware, nor biscuits
• they are not programs or executable
• they cannot access your data or hard drive, and are merely stored in a cookie folder or in the computer’s memory
• they don’t generate popups
• they won’t spam you

Like I say, they are little text files, containing some data.

What data do they hold about you, and how is that legitimately used

Cookies from scrupulous websites carry no personalised information. They may contain any of the following, combined in a code:-

• a unique identifier, your key
• a website path
• the type and version of your web browser
• the type and version of your operating system
• an expiration date

When you return to a site, the web server hosting that site matches up your key with any profile you have provided previously. For example, if you left the site from a particular page, it may reload that page for your convenience by noting the previous website path or, if you entered personal information at that site, maybe because you are a registered user, it will find your details on it’s database.

Also, it may have noted your browser type or OS to serve you a relevant version of it’s content. The expiration date is exactly that; after a recorded time the cookie becomes obsolete.

For example, my Facebook cookie reads, more or less:-

datr
c00dcb42e1bfafb138748deac9b0f1642389c6a4bf3c4a2dcfas7b97ceef7f5
facebook.com/
9223
342354616
2924304
4023480976
29234169
*
cavalry_transit_start_time
1222532376343
facebook.com/
1344
2482344296
29972534
235225296
29525524
*

The only recognisable item of information is the uri, facebook.com. All the rest is their code. When I head over to Facebook from this machine, the site looks for a cookie, finds this code, matches it with my profile stored on their database, and loads my personalised homepage.

Whether or not I allow cookies, of whatever type, if I enter personal details at a website, they are likely recording those details into a database. This data collection is more relevant to how anonymous we wish to be, than is the cookie. In other words, for total anonymity, don’t enter personal details at a site. The cookie is merely a way for a site to match your computer to your website profile. So worry less about the cookie.

Now let’s take a more radical example. Cruise over to www.ReallyDodgyPornSite.com and it’s possible that not only will they spawn a cookie, but your visit may make possible a raft of other porn sites to also set cookies. Taken to an extreme, your system may become clogged with illicit cookies, slowing down your system.

Cookies from legitimate websites are harmless. Almost…

The different types, the good and the bad

There are two types.

• Session cookies   Also called ‘transient’ cookies, they are temporary, occupying your computer memory, expiring when you close the browser window. They do things like track a shopping cart, so that when you check out your selected items are remembered. So many sites need you to accept session cookies to function properly. These cookies hinder anonymity the least. Few people can do without them.
• Persistent cookies   Also referred to as ‘stored’, ‘permanent’ & ‘first-party’ cookies, these files are retained on your hard drive, generally until you delete them. They allow a website to recall your previous visit so that, when you go back, the site loads more quickly. They remember, for example, login details and preferences. You can set your browser to accept all cookies or just those from trusted sites, allowing you to control anonymity web-wide. For most people to accept all is the most convenient option.
• Third-party cookies   These are persistent cookies too, but sourced from a third party. Consider this. You go to xyz.com and their content, plus persistent cookie, is returned to your PC from their server. More content, plus a third-party cookie, is called from their third-party content partners, typically serving the onsite adverts. Accumulatively, these sneaky little critters allow marketing companies to track your browsing, creating a profile of your preferred content. With this information to hand, they will serve up more relevant ads. To where else this information is sold is anybody’s guess. Third-party cookies are intrusive, sitting on your computer like an uninvited guest. Few people need them.

So, third-party cookies tend to be bad. Not always. But frequently. They infringe on anonymity by tracking your browsing habits and, in those hypothetical cases where your details may be sold by a website to their third-party partner, for example, these habits can be matched directly to you. I have no idea how common this is. Probably more so in dubious nations with dubiously-gathered intelligence, one can only guess. You get the picture.

Session and first-party persistent cookies, on the other hand, are ultra useful and, in terms of anonymity, reduce yours by zero. On the other hand, whatever data you enter at a given website, whether matched with a cookie or not, is as revealing as the data you voluntarily provided. Oh yes, and they know what browser and operating system you use. Big deal. So be careful with the data entry.

How to control cookies to your benefit

With this information, we can set our preferred cookie options. Personally, I enable Session and Persistent, disabling Third-party cookies. Here’s how I do that. If you want different options, you’ll find these at the same place:-

Firefox

• Tools > Options > Privacy > [check] Accept cookies (accepts Session and Persistent cookies); [uncheck] Accept third-party cookies
• Tools > Options > Privacy > Exceptions to add sites from which you do not want any cookies

Internet Explorer 7

• Tools > Internet Options > Privacy > Advanced > [check] Override automatic cookie handling; [check] Accept First-party cookies; [check] Always allow cookie sessions; [check] Block Third-party cookies
• Tools > Internet Options > Privacy > Sites to add sites from which you do not want any cookies

Internet Explorer 6 – if you’re using that browser, you should go to Windows Update and upgrade to IE7 (or bin it altogether for Opera, Chrome or Firefox!)

Opera

• Tools > Preferences > Advanced > Cookies > [check] Accept only cookies from the site I visit (this allows Session and Persistent, disabling Third-party cookies)
• Tools > Preferences > Advanced > Cookies > Manage Cookies to add sites from which you do not want any cookies

Chrome

• Customise > Options > Under The Hood > Cookie settings > [dropdown] Restrict how third-party cookies can be used
• Customise > Options > Under The Hood > Show cookies > to add sites from which you do not want any cookies

Safari

• Edit > Preferences > Security > Accept cookies > [check] Only from sites you navigate to (for example, not from advertisers on those sites.) This is set by default on Safari. Hey, full marks Safari.
• There is no cookie exception facility (that I can find) on Safari. Oops, nil points Safari.

We’re experts on cookies. They’re no longer a worry. The ad men have been foiled, sorry guys! Most importantly, we have regained control of our online identity, the PC is a little faster and it’ll require less attention.

Part 4 of this series, out tomorrow, controls javascript to shed the risk while retaining its functionality. Then, in Part 5, we wrap up this series by setting up a proxy server.

Jump to another section of the anonymity guide:-

• Part 1: Anonymising your PC
• Part 2: 21 Tips to Surf Safe
• Part 3: How to Accept Cookies
• Part 4: Controlling Javascript
• Part 5: Video How-to: Set up a Proxy Server

What have I forgotten? Tons probably. Your comments are valued …

Be Sociable, Share!
• 

• Tweet

Related posts:

1. Preview: How to Surf Anonymously & Hide Your PC
2. How to Surf Anonymously & Hide Your PC: Part 1 – Anonymising Your PC
3. How to Surf Anonymously & Hide Your PC: Part 2 – 21 Tips to Surf Safe
4. Enable the Phishing Setting for Firefox, Internet Explorer, Opera, Chrome & Safari Browser