How to Surf Anonymously & Hide Your PC: Part 3 – How to Set Cookies



Examining stored cookies

If you want to be anonymous in real life, buy a big coat. Online, and for your PC, it's more complex. Why do it? To shore up your identity, safeguard data, secure eCommerce and give peace of mind.

Better Anonymity with wpCop.com

UPDATE: Feb 2013

This guide is old. The theory is good but the practise is worn.

For up-to-date advice please check out my new site wpCop which, while niche targetting WordPress security, also covers the bases for PC, web and server security.

Particularly:-

Guvnr, BTW, has relaunched to front as the blog for both wpCop and, shortly, my server installation guide vpsBible.

If you've got any security-related questions, pop by the the wpCop forums.

Hope that helps.

guv

This guvGuide helps you find the level of anonymity to suit you, to take control of your identity, to enjoy faster, safer surfing and, in Part 3…

…to reject bad cookies while accepting good ones.

A comprehensive guide, spread over 5 posts:-

Setup Unmanaged VPS (4 Noobs!) ... with vpsBible
Secure WordPress. Properly. ... with wpCop, the platform's dedicated security website
Olly 'the_guv' Connelly's vpsBible.com site and 'WordPress 3 Ultimate Security' book.

Cookies for Rookies

Cookies are key, literally, to your online experience. They are highly useful. They are also used to spy on you. Seeing as you use them every time you log on, and they sit on your PC, you need to know what they are and how to control them to your benefit, rather than to the benefit of others.

What are cookies?

They're text files that a web server stores on a user's hard disk. Generally, they're used to help websites differentiate users. They convenience users too, helping with logging in, recalling preferences, assisting shopping, form filling and suchlike. Without them, surfing would be tedious or, on many sites, impracticable.

Put another way, cookies are like a set of keys. Each key opens a different door, and each cookie assists navigating a different site. Lose you key, and you may have to create another. If you lose the cookie to your online bank, you can get a replacement, but it wastes time.

So they are useful. But. They are also employed, routinely, to invade your privacy.

What cookies are not

There are some popular misconceptions. Let's lose those:-

  • they are not worms, viruses, trojans, malware, nor biscuits
  • they are not programs or executable
  • they cannot access your data or hard drive, and are merely stored in a cookie folder or in the computer's memory
  • they don't generate popups
  • they won't spam you

Like I say, they are little text files, containing some data.

What data do they hold about you, and how is that legitimately used

Cookies from scrupulous websites carry no personalised information. They may contain any of the following, combined in a code:-

  • a unique identifier, your key
  • a website path
  • the type and version of your web browser
  • the type and version of your operating system
  • an expiration date

When you return to a site, the web server hosting that site matches up your key with any profile you have provided previously. For example, if you left the site from a particular page, it may reload that page for your convenience by noting the previous website path or, if you entered personal information at that site, maybe because you are a registered user, it will find your details on it's database.

Also, it may have noted your browser type or OS to serve you a relevant version of it's content. The expiration date is exactly that; after a recorded time the cookie becomes obsolete.

For example, my Facebook cookie reads, more or less:-

datr
c00dcb42e1bfafb138748deac9b0f1642389c6a4bf3c4a2dcfas7b97ceef7f5
facebook.com/
9223
342354616
2924304
4023480976
29234169
*
cavalry_transit_start_time
1222532376343
facebook.com/
1344
2482344296
29972534
235225296
29525524
*

The only recognisable item of information is the uri, facebook.com. All the rest is their code. When I head over to Facebook from this machine, the site looks for a cookie, finds this code, matches it with my profile stored on their database, and loads my personalised homepage.

Whether or not I allow cookies, of whatever type, if I enter personal details at a website, they are likely recording those details into a database. This data collection is more relevant to how anonymous we wish to be, than is the cookie. In other words, for total anonymity, don't enter personal details at a site. The cookie is merely a way for a site to match your computer to your website profile. So worry less about the cookie.

Now let's take a more radical example. Cruise over to www.ReallyDodgyPornSite.com and it's possible that not only will they spawn a cookie, but your visit may make possible a raft of other porn sites to also set cookies. Taken to an extreme, your system may become clogged with illicit cookies, slowing down your system.

Cookies from legitimate websites are harmless. Almost…

Cookie types, the good and the bad

There are two types.

  • Session cookies   Also called ‘transient' cookies, they are temporary, occupying your computer memory, expiring when you close the browser window. They do things like track a shopping cart, so that when you check out your selected items are remembered. So many sites need you to accept session cookies to function properly. These cookies hinder anonymity the least. Few people can do without them.
  • Persistent cookies   Also referred to as ‘stored', ‘permanent' & ‘first-party' cookies, these files are retained on your hard drive, generally until you delete them. They allow a website to recall your previous visit so that, when you go back, the site loads more quickly. They remember, for example, login details and preferences. You can set your browser to accept all cookies or just those from trusted sites, allowing you to control anonymity web-wide. For most people to accept all is the most convenient option.
  • Third-party cookies   These are persistent cookies too, but sourced from a third party. Consider this. You go to xyz.com and their content, plus persistent cookie, is returned to your PC from their server. More content, plus a third-party cookie, is called from their third-party content partners, typically serving the onsite adverts. Accumulatively, these sneaky little critters allow marketing companies to track your browsing, creating a profile of your preferred content. With this information to hand, they will serve up more relevant ads. To where else this information is sold is anybody's guess. Third-party cookies are intrusive, sitting on your computer like an uninvited guest. Few people need them.

So, third-party cookies tend to be bad. Not always. But frequently. They infringe on anonymity by tracking your browsing habits and, in those hypothetical cases where your details may be sold by a website to their third-party partner, for example, these habits can be matched directly to you. I have no idea how common this is. Probably more so in dubious nations with dubiously-gathered intelligence, one can only guess. You get the picture.

Session and first-party persistent cookies, on the other hand, are ultra useful and, in terms of anonymity, reduce yours by zero. On the other hand, whatever data you enter at a given website, whether matched with a cookie or not, is as revealing as the data you voluntarily provided. Oh yes, and they know what browser and operating system you use. Big deal. So be careful with the data entry.

How to control cookies to your benefit

With this information, we can set our preferred cookie options. Personally, I enable Session and Persistent, disabling Third-party cookies. Here's how I do that. If you want different options, you'll find these at the same place:-

Firefox

Firefox cookie settings dialogue box

  • Tools > Options > Privacy > [check] Accept cookies (accepts Session and Persistent cookies); [uncheck] Accept third-party cookies
  • Tools > Options > Privacy > Exceptions to add sites from which you do not want any cookies

Internet Explorer 7

  • Tools > Internet Options > Privacy > Advanced > [check] Override automatic cookie handling; [check] Accept First-party cookies; [check] Always allow cookie sessions; [check] Block Third-party cookies
  • Tools > Internet Options > Privacy > Sites to add sites from which you do not want any cookies

Internet Explorer 6 – if you're using that browser, you should go to Windows Update and upgrade to IE7 (or bin it altogether for Opera, Chrome or Firefox!)

Opera

  • Tools > Preferences > Advanced > Cookies > [check] Accept only cookies from the site I visit (this allows Session and Persistent, disabling Third-party cookies)
  • Tools > Preferences > Advanced > Cookies > Manage Cookies to add sites from which you do not want any cookies

Chrome

  • Customise > Options > Under The Hood > Cookie settings > [dropdown] Restrict how third-party cookies can be used
  • Customise > Options > Under The Hood > Show cookies > to add sites from which you do not want any cookies

Safari

  • Edit > Preferences > Security > Accept cookies > [check] Only from sites you navigate to (for example, not from advertisers on those sites.) This is set by default on Safari. Hey, full marks Safari.
  • There is no cookie exception facility (that I can find) on Safari. Oops, nil points Safari.

Wrapping up on cookies

We're experts on cookies. They're no longer a worry. The ad men have been foiled, sorry guys! Most importantly, we have regained control of our online identity, the PC is a little faster and it'll require less attention.

Part 4 of this series, out tomorrow, controls javascript to shed the risk while retaining its functionality. Then, in Part 5, we wrap up this series by setting up a proxy server.

Jump to another section of the anonymity guide:-

9


About the Author:

Olly Connelly (yeah, that's me) blogs at guvnr.com, polices WordPress security at wpCop.com and helps noobs build web servers at vpsBible.com, so if you've got sleeping problems you know where to come.

Discussion

  1. Mark Bochar  November 18, 2010

    Anonymous Browsing is browsing the while hiding the user’s IP address and any other personally identifiable information from the websites that one is visiting.This World Wide Web is also Known as Anonymous web browsing.Anonymous Browsing is browsing the while hiding the user’s IP address and any other personally identifiable information from the websites that one is visiting.This World Wide Web is also Known as Anonymous web browsing.

    Shag Drive is the first and only plug and play device allowing you to surf all of your favorite sites discreetly, leaving no trace or history.

    With Shag Drive, you simply plug it in to a USB port on your computer and you have complete anonymity to surf adult sites, discreet dating sites or other personal sites without your employer or family knowing.

  2. lora  November 4, 2010

    Very enlightening and beneficial to someone whose been out of the circuit for a long time.

    – Lora

  3. Mark Bochar  November 3, 2010

    A web proxy server is a server that you can use to take the place of another server and act as that server in every way. While the proxy server will still be getting everything it needs from the normal server, you will not interact with the normal server in any way and in fact this means that the proxy web server will act as a middle man of sorts between you and the server that you wish to interact with.I have a tried a hardware also which is wonderful little tool helping me to browse anonymously.I found a hardware also which is wonderful little tool helping me to browse anonymously.

  4. the_guv  February 5, 2009

    @excel, thank you.
    @daisymoo, oh but I am!

  5. daisymoo  February 5, 2009

    never knew you were so paranoid, Olly 🙂

  6. excel  January 28, 2009

    this is a great guide, all very handy

  7. the_guv  January 25, 2009

    @gig – splendid, jolly good.

  8. gigi  January 24, 2009

    @gig – splendid, jolly good.

Add a Comment