Cookies...yummy or deadly?

Discussion in 'privacy general' started by ssj100, Jul 10, 2009.

Thread Status:
Not open for further replies.
  1. ssj100

    ssj100 Guest

    To start of, I don't know much about cookies to be honest. How bad are cookies? Can bad cookies really invade your privacy? I've heard of tracking cookies - what do they do exactly and are they really that harmful?

    Also, what do you use to prevent bad cookies from interfering with your browsing? I've heard of add-ons for Firefox like CSlite etc. Are they really needed?

    Thanks for any helpful replies on this subject.
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    This is my understanding of how cookies work, and they can be for (how useful).

    Basically, cookies are files that, when you visit XYZ site, are placed on your computer, so that they remember you next time you pay them a visit.

    Now, what happens is that most web sites don't actually need to place cookies on your computer, so that you can browse them properly.

    Others, are way too abusive, by not allowing you to access their sites, if cookies are disabled. I know of a case such as those - www.fnac.pt. Try to visit it with cookies enabled, and then with cookies disabled, but first make sure you remove the previously allowed cookie(s).

    It's a safe site. That's just the online store. Fnac is actually a physical store, pretty much everywhere. At least, in Europe, I guess.

    Now, Fnac's site does allow users to create accounts, and cookies would be useful (maybe not actually needed) to remember those users. I'd understand if they didn't allow to access the user's page if cookies are disabled. Now, completely blocking access to the site, if cookies are disabled, even for those just wanting to visit the online store? I find that very abusive.

    Then, you have, as you mentioned the tracking cookies, which as the name says will track what other sites you visit (and I'm sure other information regarding those sites as well, including what ads you click, etc.). I've read sometime ago that different websites can share the same tracking cookies, which means they all have access to what visit.

    The best way to protect against this is a default block-cookie. Then, allow only for sites you trust, and that you know you will need, such as your bank account (Maybe this is a case where such would be actually needed, as a security measure?)
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    You will get many opinions on this, so here is one.

    The cookie keeps information about your visit to a site. You can configure the browser to store the cookie per site.

    Here is Opera's Configuration box when I open while on Wilders:

    cookies-wilders.gif

    You see that there are many options. My selection prevents any 3rd party cookes, aka "tracking" cookies from being stored.

    Configuring per site prevents other sites from storing a cookie without your permission.

    Some sites require a cookie in order to Log in.

    Cookies are also useful in other situations. I store a cookie for Amazon.com because upon connecting, it recognizes me and makes recommendations for books and music based on my past purchases, which is a nice feature.

    I do not consider this cookie to be an invasion of my privacy.

    ----
    rich
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    They can be classed as a form of privacy invasion, this is why I always have people block 3rd party cookies, it makes you 99.99% immune without needing things like spywareblaster/spybot's immunizer.

    For example a regular visit to websiteX will download some needed cookies so that the website itself is fully functional, but websiteX might me hosting advertisements from websiteY which also wants cookies on your system for marketing reasons, blocking 3rd party would make you immune to having these cookies downloaded.

    edit: wow 2 posts before I finished mine, oh well. :D
     
  5. Airflow

    Airflow Registered Member

    Joined:
    Jul 5, 2009
    Posts:
    39
    Great idea!
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    It's nothing like NoScript functionality and blocking 3rd party cookies will not hamper your browsing experience like the NoScript addon. They are pretty much useless.
     
  7. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    A better question would be what do you need third party cookies for? Cookies from the site you visit can also end up being tracking cookies, hence why I block global cookies and have a white list for the sites I log into. cslite is the best ff add on for this.
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Exactly. But, I believe Firefox allows you to do just that? Or, do you find that add-on easier to deal with?
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    So, the fact that some else can know every site you access, etc, doesn't make you see it as a privacy issue? And, who knows even sell those trackings to others, doesn't bother you?

    After all, they're building a profile on you.

    Isn't that the same as a piece of malware sending information out of your system? Why would you bother with that sort of malware? It's not evil, and it won't damage your system. It just was programmed to send information out to others. Just like what happens with cookies. They're not bad, but they do track you, while you browse the web.

    If you feel fine with that, is up to you.

    I don't think there's anyother way to describe cookies, besides what has already been said by everyone giving their feedback. They are what they are, and is up to you to accept them or not.

    Quite easy.
     
  10. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    hmm yes your right, when did FF add in these xtra features? no longer need cs now.

    and don't bother trying to tell ssj100 about the privacy issue with cookies we have already tried before in another thread, it is like talking to a Brick Wall when it comes to ssj100 and cookies. But he has provided useful information to people visiting this site by creating this thread.
     
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I think it is a good thread. Why? Remember the Norton thread today about free AVs. This is exactly what he was talking about. Take a harmless cookie and add a ticking time bomb of malware to it to avoid detection and you are screwed. Cookies may seem harmless on the scale of things but what better way to add malware to your PC. Yep, a good thread.
     
  12. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Cookies have nothing to do with malware nor can they affect malware being installed on your PC.

    ssj, why would you need to install anything additional? I repeat myself again: You can block 3rd party cookies (a default function in Firefox nothing needed to install) and have no loss of website functionality with an increased surfing privacy.
     
  13. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Cookies have chips in them. And chips can be programed. That is what this elf told me.:-*
     
  14. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    I think that elf was running low on battery...
     
  15. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    no that was a bunny. Do you not watch TV. You PC geeks are all alike.:cool:
     
  16. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    I found that kinda creepy and a bit worrisome whenever I would go to Amazon and they would greet me with my name on entering the site. I guess the cookie identification makes sense only to Amazon? I mean does it store any personal identifiable info in the cookie? Info that with the right scripting could be exposed

    I found quite an old problem that happened with Google cookies and their products. This is the kind of problem that I have with leaving cookies laying around in browser cache. (just an example)
    http://www.infopackets.com/news/business/google/2007/20070117_google_cookie_exploit_found_fixed.htm

    I seem to remember Yahoo used location identifiable information in the log-in process for Yahoo Messenger. This was some years ago, 6 or so, might have changed since, though. When you signed up for the messenger profile whatever postal code/zip you registered with was identifiable within the log in cookie. This info was then being used by script kiddies to expose personal info (zip code/postal code was used as secret question for Yahoo password retrieval and ownership of account/email), That is if you were stupid enough to give Yahoo your real info :shifty:

    Me, I clear cookie nearly every day. I do fall into the paranoid category.
     
    Last edited: Jul 10, 2009
  17. tsec

    tsec Registered Member

    Joined:
    Nov 18, 2008
    Posts:
    181
    Re: Cookies...yummy or deadly? - Flash Cookies

    On the subject of cookies, this abnormal example is worth noting as well. A couple of links to info:

    Flash Cookie 1

    Flash Cookie 2
     
  18. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
  19. tsec

    tsec Registered Member

    Joined:
    Nov 18, 2008
    Posts:
    181
    Re: Cookies...yummy or deadly? - Flash Cookies

    I use the BetterPrivacy add-on for Firefox to get rid of these things. R-Wipe&Clean also has an option for deleting them.

    Insidious little buggers :D
     
  20. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Re: Cookies...yummy or deadly? - Flash Cookies

    I've been using Spybot's tracks cleaning feature. It detects and removes flash cookies.
     
  21. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    I don't need to worry about ways to clean out flash cookies, because I use Malware Defender to block them from being created in the first place. hence my flash cookies always remain at 0. :D
     
  22. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    As I said at the very beginning, for what I understand of cookies, and I thought I had mentioned it, they will tag you with an identification. That's why, for example, Amazon remembers Rmus and his preferences.

    You shouldn't be concerned if a malware site "knows" you've been there. You should worry, though, if they know you've been at other websites, such as your on-line bank account, etc. The problem are not cookies (because some are useful, as you said), rather the called tracking cookies.

    Then, you've got third-party cookies. Say, you visit www.wilderssecurity.com, and there are plenty contents here, like images, etc and they all come from outside the domain, you'll, probably, end up allowing other folks cookies, as well, without any need or use. So, cookies aren't useful most of the time, and I actually consider most of them an abuse to our privacy.

    So, while www.wilderssecurity.com cookies would be useful for you to be remembered, cookies from domain B, C, D, E, F, etc aren't. They are of no use.

    You're here at www.wilderssecurity.com, and there's an advertisement, in the form of a banner, say. If no protection is set against third-party cookies, then a cookie will be stored. If you go to some other site, forum, etc, sharing banners from the same servers, considering that a cookie has been previously set, that server will know you've been here, at some other site, at some other forum, etc.

    Why should anyone else but www.wilderssecurity.com know you've here?

    Is like going to shopping, right? Who cares if the X shop knows you bought Y product? Makes sense, you bought it there, after all. But, does that mean that every other shop, sharing the same sponsor (the advertisement banner), would have to know that I've been at shop X, buying Y product?
    I don't think so.


    But, that's how I feel. ;)
     
  23. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Why the hell would I install an additional program that:

    1. Is supposed to block malware, cookies aren't malware
    2. Uses resources
    3. Isn't needed whatsoever.

    Flash settings, like firefox, have a default function to block flash cookies. So here I go.

    "I don't need to worry about ways to clean out flash cookies, because I've blocked them in the settings manager from being created in the first place. hence my flash cookies always remain at 0. :D"
     
  24. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
  25. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
Loading...
Thread Status:
Not open for further replies.