15 September, 2009

New "Cookies" and your Privacy

On Monday this week (Sep 14, 2009), the Electronic Frontier Foundation (EFF) released the first article of a three part series on how we're being tracked on the web today. After a review of cookie technology as originally designed, the EFF article discusses new forms of cookies. The article is rich with links to more detailed sources.

What I would consider the most concerning of technologies is the use of Adobe Flash cookies. Unlike the traditional browser cookie, there is no easy way to delete cookies that are stored by websites using Flash as their storage mechanism (more on this below). I'll also add that all the new "Privacy Browsing" features in the current release of browsers apparently do not always clear all your tracks. If you found this feature helpful in your web browsing, its worth digging deeper into the limitations, and not take the vendors claim of privacy without investigating yourself.

I'm not anti-cookie. In fact I think it's extremely important to providing a good experience when I visit websites, not to mention in using on sites that I develop. What I don't like is third-parties using cookies to track me across multiple sites, and sites that wont allow me to manage cookies as I see appropriate.

There are a few defensive things we can do to help protect ourselves.
If you're a Firefox user:
  1. Go to the Options screen, Privacy tab.
  2. From this screen you definitely want to turn off third-party cookies. [These are cookies coming from www.ad_ad_ad.com when you're on www.content_content_content.com.]
  3. You can also choose any site that you do not want cookies save from at all. [Not a feature I use, but perhaps there are sites that you do not want saving any information, so your next visit you appear as a new visitor.]
  4. You can also tell Firefox to clear cookies whenever you close your browser or to ask everytime you close it.
  5. If you click the "Show Cookies..." button, you can view and clear individual cookies.
If you're a Chrome user:
  1. Go to the Options screen, Under the Hood tab.
  2. Change the Cookie settings to Restrict how third-party cookies can be used.
  3. If you click the "Show cookies" button, you can view and clear individual cookies.
As I mentioned prior, Adobe Flash seems to be the biggest problem here, as Adobe doesn't make it easy to view the Flash cookies or make changes. To get to the Flash Control Panel, you have to go to a website -- http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html. [The domain is Macromedia.com, because Adobe has not moved this since purchasing Macromedia several years back.]

There are six tabs (see all six screenshots at the end of this article). What we're most concerned about is Web Storage Settings (last tab on the right) and Global Storage Settings (2nd tab from the left). Here's my recommendations.

Web Storage Settings:
  1. Go to the Flash Control Panel and click on the last tab.
  2. The list will show you all the sites that currently have stored some sort of data about you and/or your prior visit(s).
  3. Click "Delete all sites" to clear all the Flash Cookies.
  4. I haven't tested the implications, but if you move the storage (slider) to None, it implies that nothing will be captured moving forward.
Global Storage Settings:
  1. Go to the Flash Control Panel and click on the 2nd tab (from the left).
  2. Uncheck Allow Third Party Flash Content to store data on your computer.
  3. Here we see the storage slider again, and if you already moved it to None, it will be at None here, too. What's not clear to me is if there are certain Flash sites that actually need first-party Flash cookies to work. If you've made this change to None, and you have Flash sites that are important to you that fail, you might try adding some storage space back.
I've really just scratched the surface on the current and upcoming issues. I encourage you at a minimum to turn off third-party cookies. If broser privacy is important to you, you probably want to read the EFF article as a launching point for more information.






No comments: