Beware the Super Cookies!
Hey, this isn’t chocolate chip! This is more like PIE in you face. (We’ll explain that later.)
Really it is all our fault! At least according to a company named United Virtualities. You see, it turns out that far too many of us are deleting cookies from our computers. Yes, how dare us delete cookies that web sites install without permission. But hey, who’s computer and who’s privacy is is anyway?
-
OK, OK, lets be rational here. For the most part cookies are a minimal security and privacy risk. Many if not most cookies are quite benign, and should be of little cause for concern. Many are downright helpful for the computer user, when they visit trusted sites. So we do not recommend deleting them all willy-nilly. But frankly, some are not friendly and useful to the computer user. They are only useful to parties that have their own best interests in mind, not yours. And usually that is their own best financial interest. Not yours. Anyway, it’s your computer. Do what you want.
There is lots of malware floating around the Internet that is ten times as much of a risk! So lets not get too worked up about cookies. But, we suggest you pick your own flavor when it comes to web site cookies. We recommend that you weed them out with good piece of anti-spyware like Ad-Aware or Spybot. And once and a while you might even want to look at them yourself. Most cookies are readily identifiable because the web site address is there to see. Some are more cryptic.
To view, decode and manage cookies, we highly recommend Karen Kenworthy’s Cookie Viewer. It can be found HERE.
The first line of defense is to configure your browsers cookie control features. In IE this is found under the Internet Options, Privacy Tab. Many software firewalls also provide cookie control options. Zone Alarm Pro has then under the Privacy, Main Tab. But these defensive options are kind of a broad stroke. They don’t allow you to fine tune your control, although the slider in IE does help some. We tend to recommend the following configuration: Set IE and/or your firewall to always accept session cookies and first-party cookies. We suggest that you always block third party cookies, and use anti-spyware programs to weed out the undesirable first-party cookies.
- Session cookies, for instance are probably no threat at all, they self-delete soon after you leave a site. Session cookies can actually enhance security and usability of web sites. It may help them identify and manage interaction with you, the user. They may be required by some web sites, such as those where you log in as a registered user.
- First-party persistent cookies could be in a bit of a gray area, but from trusted sites, should be of little concern. But there probably are lots of first-party cookies that you might like to delete.
- But when it comes to third-party cookies, we don’t think it’s so gray anymore. These cookies are primarily from tracking services. They do things like track your movements across a wide variety of web sites. Their goal usually is to target and track advertising and the like.
- OK, what happened to the second-party cookies? Evidently there is no such thing. Why? That’s because you (your computer) is the second party in this transaction.
OK, back to PIE in your face: It seems that Macromedia Flash Player can also store cookies. And a company named United Virtualities has developed a way to move cookie data from the Flash memory cache to your cookie folder(s). It checks to see if certain cookies have been deleted and if they have, it restores them. Frankly we don’t blame Macromedia for this, although it would be nice if the options and security were a little easier to configure. And evidently there are few customers for United Virtualities product, so we don’t think this is a big deal, yet. But to us the main issue is the principle involved here, the technique used and the computer owners right to be informed.
Flash is an optional bit of software that enables your browser to view Flash content on web pages. Flash is found on the vast majority of computers. It can be uninstall ed through the Windows Control Panel, Add/Remove Programs. But we aren’t recommending that road. There is a way to keep Flash and disable PIE cookies.
PIE stands for Persistent Identification Element. A PIE cookie is a kind of Super-Cookie, which is able to leap tall buildings and evade deletion. They hide in an out of the way corner of your computer. And they even recreate themselves after they are deleted! Not cool!
Here is how to disable PIE cookies replication:
-
Consult this support page by Macromedia:
How to disable Local Shared Objects
Follow the directions. This will effectively disable PIE Super-Cookies!
Hey, we kind of prefer oatmeal with lots of raisins, now thats our idea of a super-cookie!
May 17th, 2005 at 11:24 AM
Here is an update to this post:
We have noticed that when attempting to change the security settings for Flash, via the Macromedia web site, it often reports that Flash is not installed. Well, we know that is is installed, because we are able to view Flash content on other sites, and Macromedia Flash Player is displayed in the Microsoft Add/Remove Programs utility.
This behavior has also been reported to us by other computer users.
It is possible that this may be caused by changes in firewall or browser settings, but we have not yet been able to determine the why this is happening. We hope it is not some kind of blocking behavior by the super-cookies, or resistance by Macromedia to users who wish to secure their Flash installation.
Gee, it sure would be a lot easier if this could be done locally. We don’t see why users of Flash have to log onto Macromedia’s servers in order to change Flash settings.