What do cookies have to do with online privacy?
Data about users’ web activity is valuable to companies and other organizations that use the Internet to drive their businesses. Knowing about your interests, particularly past purchases, enables vendors to show you advertisements for products that you are likely to be interested in.
All cookies aren’t created equal
There are numerous types of cookies, and some are more of a privacy concern than others. For example, authentication cookies tell websites with logins whether or not you are currently logged in. This is actually good for privacy because your personal information can only be accessed if you are logged in on that particular computer.
Similarly, session cookies, which are sometimes also called in-memory cookies or transient cookies, are only active while you are on a particular site. Generally speaking, your Web browser will delete a session cookie when you close the browser window. The data from session cookies is not generally a privacy concern since it is not stored long term.
However, there are other types of cookies that may pose a privacy concern, including Flash cookies, permacookies, and zombie cookies. As a result, you may want to delete instances of these cookies from your computer to prevent your online activity from being tracked. Additionally, you may want to change your browser or other computer settings so as to restrict the installation of these types of cookies without your knowledge. Here’s how.
About Flash cookies
Flash is an old Web technology developed by Adobe that is slowly being phased out. However, most browsers still support Flash, and the technology can be used to create a type of cookie. According to Adobe:
A local shared object, sometimes called a “Flash cookie,” is a data file that can be created on your computer by the sites you visit. Shared objects are most often used to enhance your web-browsing experience. For example, by allowing you to personalize the look of a website that you frequently visit. Shared objects, by themselves, can’t do anything to or with the data on your computer. More important, shared objects can never access or remember your e-mail address or other personal information unless you willingly provide such information.
How to delete Flash cookies
Unlike regular Web cookies, which can be disabled via your browser preferences, Flash cookies can only be accessed through the Adobe Flash Player Settings Manager.
From the Flash Player Settings Manager, you can change the storage limit of individual websites by selecting the website from the list and moving the slider bar to the left or right. By default, the storage limit is 100KB.
If you want to delete stored data for an individual website, highlight the website and click Delete. To delete all the data at once, choose Delete All Sites.
YouTube video on locally shared objects and Flash cookies:
How to prevent further Flash cookie tracking
To prevent or restrict flash cookie installation, visit the Global Storage Settings tab of the Adobe Flash Player Settings Manager. From there, you can control how much storage space websites can use to keep information by adjusting the slider to the left or right. To prohibit websites from storing any information at all, deselect the box that says “Allow third-party Flash content to store data on your computer.”
Be advised that if you uncheck this box, some websites that use Flash may not function correctly. That said, since Flash usage is increasingly rare in legitimate websites, most people will not notice a significant change in their Web browsing experience.
How to delete Flash cookies from your hard drive
If this is the first time you’ve adjusted your Flash Player storage settings, you probably already have Flash cookie information sitting on your hard drive somewhere. It’s a good idea to delete it entirely. Here is the file path for accessing the information:
- Windows: C:\Documents and Settings\[username]\Application Data\Macromedia\Flash Player
- Mac: /Users/[username]/Library/Preferences/Macromedia/Flash Player
Once you have found the files, you can delete them as you would any other file.
Unfortunately, marketers are forever inventing new ways to track your personal information. One instance that went too far in abusing user privacy came to light in 2014. AT&T and Verizon implemented a Relevant Advertising program that inserted unique identifier headers (UIDH), or “permacookies,” into customers’ Internet requests. Anyone using the AT&T or Verizon networks to access the Internet on their cell phones could have their activity tracked by anyone who was aware of the permacookies’ existence.
Despite the fact that customers could opt out of the Relevant Advertising program, the permacookies were still inserted into HTTP requests by customers using the cellular network to access the Internet. As a result of public outcry, however, AT&T stopped using the Relevant Advertising program.
Verizon did not, attempting to address the problem by means of an opt-out program that prevented the installation of permacookies. The FCC found these steps inadequate, however, and fined the company $1.35 million. Subsequently, Verizon was required to obtain customer permission prior to sharing any data. Additionally, the company had to provide its customers with information about its ad targeting practices.
Although the AT&T and Verizon permacookies issue has been resolved, it is important to remember that companies are forever trying to find new ways to track your personal information. You cannot count on companies to have your best interest in mind. This means staying abreast of technological developments that may put your privacy at risk.
About zombie cookies
Most third-party browser tracking cookies are fairly simple to remove; we’ll address the basics of persistent cookie removal later in this article. However, sometimes you may notice that cookies you have already deleted have been reinstalled despite setting your preferences to block cookies in the future. What’s going on?
Zombie cookies, that’s what! Named for their ability to “rise from the dead,” Zombie cookies occur when third-party cookies are placed outside of your web browser’s designated cookie storage.
For example, third-party cookies and Flash cookies may work together to create zombie cookies. Because most users do not manage their Flash cookies, some websites install Flash cookies as well as regular third-party cookies. The Flash cookie will periodically check to make sure that the third-party cookie is installed. If the third-party cookie has been deleted, the Flash cookie will re-create it. Zombie cookies can also be created using alternative technologies, such as your browser’s local storage cache.
Unfortunately for your privacy, since cookie re-creation is not considered a fresh install, zombie cookies often bypass any restrictions you have placed on the installation of third-party cookies. Not only that, when zombie cookies are controlled by Flash player, they can track your activity across multiple browsers.
What this means is that even if you delete third-party cookies from your computer and change your settings to prevent their installation in the future, you may still have zombie cookies on your computer unless you take some precautions.
How to delete zombie cookies
In order to prevent zombie cookies, you need to first delete the cookie that is reinstalling the third-party cookies. In the case of Flash cookies, you can do this by following the instructions above.
There is also a free piece of software called CCleaner that can be used to delete unwanted files on Windows, Mac, or Android systems. Although this software is well reviewed, it is a third-party installation. If you decide to go this route, read the instructions carefully and make sure that you are installing and using the latest version, as this type of software is often updated to address security issues.
If you are using CCleaner, click Cleaner and select the Applications tab. Make sure you check “Adobe Flash Player” in the multimedia section before clicking “Analyze” and “Run Cleaner” to remove any Flash cookies. Once you have removed the Flash cookies, you can set your Flash player to decline the installation of third-party Flash cookies in the future.
Because Flash cookies can create zombie cookies in multiple browsers, once you have removed the offending Flash cookie you may want to remove any third-party cookies in all the browsers on your computer, even those you do not use frequently. You can also use CCleaner to remove other third-party cookies on your computer responsible for respawning zombie cookies.
About Persistent Cookies
Whereas session cookies expire when you close your web browser, persistent cookies have a set expiration date or are set to expire after a certain amount of time has elapsed. Sometimes persistent cookies are useful; for example, they may keep you logged in to your email account so that you do not have to enter your username and password every time you restart your computer.
Other times, however, persistent cookies are used to track your behavior online in ways you may not appreciate. For example, a company may use persistent cookies in order to track how many times you view their advertisement across multiple websites, or to ensure that you see their advertisement on multiple websites.
This is because persistent cookies transmit your information to a server every time you access either the company’s website directly or indirectly (i.e., on the company’s website itself, or an advertisement on another website that links back to the company’s website). For this reason, they are sometimes referred to as tracking cookies or third-party cookies.
How to Block Persistent Cookies
If you decide you want to block third-party cookies from being installed on your computer, you have to change the settings in the browser you use to access the Internet. Here are the basics for four common browsers:
- Firefox: Tools > Options > Privacy. Uncheck “Accept third-party cookies.”
- Google Chrome: Settings > Advanced Settings > Privacy > Content Settings. Check “Block third-party cookies and site data.”
- Internet Explorer 11: Tools > Internet Options > Privacy > Advanced. Check “Override automatic cookie handling, and then choose “Block” under “Third-party Cookies.”
- Safari: Safari > Preferences > Privacy. Check “Block all cookies.”
Browsers also have other options available that enable you to customize your privacy settings. For example, browsing in private or incognito mode means that any cookies will be deleted when you close your browser.
It is important to note, however, that blocking all cookies and/or browsing in private or incognito mode may prevent some sites from working properly. Additionally, you may have to log in manually to some websites every time you access them, as opposed to having your username and password stored.
A final word on cookies
Remember, cookies are merely tools websites use and are not always nefarious. While there are privacy concerns with certain types of cookies, without them, the Internet as we know it would not exist. That being said, knowing how to find and delete cookies gives you more control over the information you share online.
If you are concerned about issues of online privacy, ReputationDefender can help. We’re happy to give you personalized advice, no strings attached.