These people are worse than MS... I've noticed that (sometimes when) coming here, or last two times banking with a secured site, how do I end up seeing a freekin' cookie from Google? This sorely vexes me; how do I stop that from happening, if possible? Am using current ver. Firefox, have NoScript, etc. Cookies while roaming the open range of the net, are one thing, but not acceptable at a banking site IMO. Thanks, for any ideas on this.
Just a guess but are they from Google Analytics? http://www.google.com/analytics/ 3rd party cookies from there is very common. (Note that I'm NOT endorsing them!) To block them... What version of FF are you running? If 3.x, go into Tools | Options | Privacy and uncheck Accept 3rd party cookies. If version 2.x, you'll need something like Someone posted. FF 2.x does not have an option to block 3rd party cookies without an extension (or modifying the about:config section directly.)
also, i use customizegoogle. http://www.customizegoogle.com/ You can set it to anonymize your google cookie so they can't build up a history on you. Has a bunch of other options too.
_oogle's not the sole offender when addressing https. Pick it up post 74 - The dangers of HTTPS. Steve
http://www.customizegoogle.com/block-google-analytics-cookies.html more info on the site google knows more about you then you do! cos they will be able to tell you what you did on the net yesterday, two weeks ago, month ago, will you be able to remember. i did some digging and found that using search is relatively safe, but when you submit your details to google,(gmail, google account, etc) all your search's is linked to your google account, and to analytics, and other google products, and they will be able to customize the add for your search, and browsing habit. i can live without gmail and google account i just dont think i can live without google search
Google Analytics sets a first-party Cookie. See Cookies & Google Analytics http://code.google.com/apis/analytics/docs/gaConceptsCookies.html Before Google purchased Urchin, there were (and still are) numerous Web services that allow Web Masters to track traffic on their site. This is useful in helping them manage and design their site. I've never been bothered by this. The first time I became aware of Google Urchin was several years ago when a firewall alert popped up when I went to the CSMonitor site. Here is one this evening: ____________________________________________________ This had never happened before. Looking at the page code, I found: Code: <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"></script> <script type="text/javascript"> Note that it uses javascript. I communicated with the Webmaster, who explained what it was and how the CSMonitor site used the information for administering the site -- which links were navigated to the most, etc. Taking another site that uses this service: DSLR - a security forum no less! Is this bad? Here is the code in their page: Code: <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"> In the Google cookies site linked above, it mentions the four standard cookies that are set. Configuring the Browser to prompt, I can watch what happens. The first cookie set is _utma: Here, the Server Manager shows all four standard cookies after they have been set: When I leave the site and close Opera, the cookies are deleted. Note this from the Google Cookie explanation: Another security site that uses Google-Analytics is isc.sans.org. But not all sites use Google Analytics. Wilders, for instance. So, does Wilders track? Let's watch the cookies. When I log in, a number of cookies want to set, including: And here are the rest: Maybe an Administrator can explain more about these cookies. (Note that in practice, I'm not prompted for cookies, as my Preferences are configured to allow only cookies I've stored in the Server Manager, and automatically refuse the rest, including third-party cookies) I've always felt that cookies for web site analyzing services are different than the types of cookies that are stored permanently for sites like Google.com and Gmail, where the user opens an account which includes a cookie. However, all may not be unwanted -- for example, Amazon.com. My cookie lets the site recommend music and books based on what I've purchased on the site. I find that very useful. I suppose like most things in life, it's a matter of one's point of view. --
Correct. We don't use Google Analytics or any click or usage tracking services here. I never liked going to a website and having it live link me somewhere else, so, Wilders Security doesn't do that on any part of the website. (Not that I'm saying there is anything necessarily wrong with Google Analytics. As mentioned above, many websites use that or similar services. I guess they find the usage and click pattern information useful. Personally, I don't have any need for that information.) When you visit Wilders Security, you only connect to our webserver no matter what forum page you access. The only way you'll access another webserver from a Wilders page is if you click on a URL link that someone included in their post. The desire to prevent any forced linking of people to third-party websites is also the reason I set the forum to disallow IMG tag linking to third-party websites. See: Announcements: Third-party hosted image linking disabled. That prevents people from including a link in their post which has you automatically opening connections to some unexpected website. Those cookies are just what vanilla vBulletin comes with, for maintaining your context and configuration options when accessing the forum. They are basically what they sound like. bblastactivity and bblastvisit are unix time values that note the last click time and previous last session termination time. Those values are used to provide things like which threads are new since your last visit or since you last viewed a thread in the current session. The bblastvisit is what determines the "You last visited: date & time" in the upper right on every forum page. It's your last logout or last time you timed out from inactivity on the forum. bbuserid and bbpassword are values related to your member ID number and a password hash, and when combined with bbsessionhash (i.e. your current session id), they maintain your concept of current session and your access rights keeping you logged in when clicking from page to page. They will even keep you logged in when you pass the 15 minutes of inactivity and then click a to a new page. bbstyleid is the value from the drop-down menu shown at the bottom left of every page. (The value "4" I believe is our "FullScreen1024" width setting.) There are a couple more that are used when you are accessing as a guest, that hold values of all the threads you've read and forum sections you've marked as read. Again, those are for maintaining the unread versus already read thread markers so you can see which posts are new to you. You'll get pretty much the same cookies on any vBulletin forum. There are no third-party cookies linked from any Wilders Security forum pages.