Cookies and Internet Privacy

  • Thread starter Thread starter piclistguy
  • Start date Start date
P

piclistguy

I have a concern regarding cookies and internet privacy.
I have IE set to accept first party cookies & session cookies, but to
reject 3rd party cookies.
From what I understand if I reject all cookies, many websites won't
interact well.
Is it true that any website I visit can read ALL of my cookies? This
would mean that they could access my name, usernames and other
information I typed into other websites.
What is the best strategy to balance security with usability when it
comes to cookies?
 
I have a concern regarding cookies and internet privacy.
I have IE set to accept first party cookies & session cookies, but to
reject 3rd party cookies.
From what I understand if I reject all cookies, many websites won't
interact well.
Click to expand...

Most sites will work just fine. Some sites won't work and will tell you
so. Some features may or may not work. Any "shopping cart" sites for
example, probably won't work.
Is it true that any website I visit can read ALL of my cookies? This
Click to expand...

It's true that if a site knows the name/ID of a cookie they can read
it. It's not true that any arbitrary site can read all your stored
cookies, or that even if a site does manage to read a cookie that it
will be useful to them.
would mean that they could access my name, usernames and other
information I typed into other websites.
Click to expand...

No. That sort of information is almost never stored in a cookie. What
happens typically is that your user name and such are transmitted
encrypted, and the site sends you a cookie with some sort of "key" or
"serial number" that's generally just random garbage as far as anyone
else is concerned.

Note that that's generally how things are done, and there are
undoubtedly exceptions. A cookie CAN contian any piece of information
the site you're visiting knows. Also note that things like dates and
times visited are usually stored on your end, as well as the lists of
items you're looking at when you visit those shopping cart enabled
sites. So yse, there can be sensitive information there.
What is the best strategy to balance security with usability when it
comes to cookies?
Click to expand...

Ideally you should reject all cookies unless they're absolutely, 100%
necessary for you to use a site of feature you must use.

You're already rejecting third party cookies and that's a good thing.
Most of those will be "tracking" cookies from marketing "researchers"
and such.

If you accept any cookies at all automatically, clear them out
frequently. After every visit to a site that needs them, close all
windows, and dump the entire cache before moving on.

Install some add on or plug in that allows you to have finer grained
control over cookies. Set it to only accept cookies from sites you know
you want them from. Your bank, Amazon, whatever. And reject everything
else.
 
I have a concern regarding cookies and internet privacy.
I have IE set to accept first party cookies & session cookies, but to
reject 3rd party cookies.
From what I understand if I reject all cookies, many websites won't
interact well.
Is it true that any website I visit can read ALL of my cookies? This
would mean that they could access my name, usernames and other
information I typed into other websites.
What is the best strategy to balance security with usability when it
comes to cookies?
Click to expand...

'Anonymous' has covered your other questions well, as for a strategy,
try firefox or one of the other mozilla browsers. Apart from having
better security built in, it has a lot of plug-ins. Maybe just spend a
few days to familiarize yourself with it first, before installing the
plug ins though.

For cookies there are more than one, I use CookieSafe, it lets you allow
cookies on a site-by-site basis, either permanently, as session cookies
only, or temporarily, just for this browsing session. A lot of sites
will require cookies for a form to work (e.g airline bookings) or for
webmail to work. These often have ads and the ad server might also set
cookies. With CookieSafe you can allow just the domain or subdomain of
the server you want, and none of the others. It might take a bit to get
used to, but it's well worth it.

(just checked and it doesn't work with latest versions of mozilla, now
it is CS Lite which is less complicated but still does what I outlined
above, https://addons.mozilla.org/en-US/firefox/addon/5207 )

Another useful plug-in is noscript which does the same for all scripts,
flash and so on. Similar in that you can allow only what domains you
want, permanently or temporarily. Pages load a lot faster, waste less
bandwidth, look a lot better!

http://noscript.net/

Andy
 
Back
Top