IE 6 Cookie Control

Discussion in 'privacy general' started by zarzenz, May 18, 2003.

Thread Status:
Not open for further replies.
  1. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    449
    Location:
    UK
    I recently installed IE 6.

    Before that I was running IE 5.5 and had installed CookieWall to take care of unwanted cookies and found it to work perfectly and do everything I needed. I only really need a handful of cookies for automatic log on to forums like this one and CookieWall does this great.

    Ok... my question.

    As IE 6 has a built in cookie filter that is defaulted to run on the medium/high setting... should I leave this as it is, or should I simply set it to allow all cookies and then just let CookieWall take care of them all, just like it used to before with no interference from the IE 6 filter.

    I have had no problems as such... but this idea of having 2 cookie managers makes me wonder if the allow by one program only approach would be better for system stability or maybe something else I haven't thought about.

    Any comments would be most welcome.
     
  2. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    You don't need CookieWall any longer.

    Go to Confidentiality>Settings\Advanced and refuse all cookies.

    You just need to add the few websites you need cookies for in the website list "always allow"

    Rgds,
     
  3. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    449
    Location:
    UK
    Hello Jack,

    Now I'm actually running WINME and the way I get to the IE 6 cookie settings is via the internet options in the control panel. If I then click on the privacy tab, I get the cookie slider.

    So is this what I should do... move the slider to the high position rather than the block all position and then do I have to enter the websites I want via the edit box to what I want to allow.

    I just looked in there and saw loads of websites listed as always block. I then realised where they came from. I am using SpyWareBlaster and they seem to match the cookies that are listed in there.

    Hmmm... I'm learning quite a bit here now about all this.

    Also if it means I can take CookieWall off my system (even though I have been very pleased with it) then that's one less program to have running... great stuff.

    Many thanks Jack for your quick reply there.
     
  4. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    I have to agree with Jack. CookieWall is a great product, I use to use it, but with IE6 you no longer need it. The built in cookie control features of IE6 are the best I've ever seen (MicroSoft actually did something right!). Just do as Jack advises and go into the Advanced features or whatever they are called and kill ALL cookies. Then go into Edit or whatever it is called and allow the ones that you want.

    Good luck,Acadia.
     
  5. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    449
    Location:
    UK
    Thanks Acadia,

    I think I get it. I just went into the settings and did some stuff. What it seems I got to do is go into the advanced settings to overide the slider settings completly and the I clicked to overide and block all first and third party cookies.

    Only one thing I don't quite understand is this.

    Even after doing that... if I then go to this website... I am still able to log on automatically even though I just set to block all cookies. Unless it only takes effect after a reboot or something. But then I set them to prompt... and this works... I get asked if I want to allow them or not... so this has confused the issue a bit... but I'm sure I'll work it out after a bit of playing about and experimenting.

    The prompt thing will actually be quite handy for me to set the ones I want anyway so I'll probably do some more of that later with all the sites I want to keep.

    Then I'll stop CookieWall and see how the new set up works. I also use CookieView which helps a lot when checking what cookies have actually been planted on the computer.

    The website you linked goes to a can't be found page... but that don't matter... I'll soon crack this ok.

    Thanks for your help.
     
  6. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    What you have done with the new settings is DENY new cookies. Cookies on you HDD are still there that's why you may log on the already visited sites if they already have a cookie on your machine ;)

    Rgds,
     
  7. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    449
    Location:
    UK
    Hmmm... this is really interesting.

    I did a reboot and even then, if the cookie is actually already written in the cookie folder, then it seems to allow those sites to auto log on... which is great.

    So the blocks only seem to work for new cookies... which is equally great even though the prompt works if they are new or old.

    I love playing around and learning stuff like this... and now I feel happy to remove CookieWall... a good half hours work there... thanks guys. :)
     
  8. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
  9. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    449
    Location:
    UK
    Thanks Acadia,

    That link works fine and has some interesting reading there. It also confirms what I thought about existing cookies being readable by their sites regardless of any blocks being set up. Excellent... cheers.
     
  10. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    Even with IE6, I'd prefer to keep cookiewall. There are plenty of sites that will arrogantly refuse access if your browser refuses the cookie. With cookiewall, the browser accepts the cookie, which cookiewall nukes a few seconds later. No conflict, same result.

    Cookiewall uses hardly any resources or RAM so you lose nothing by losing it. I would set IE 6 to block all 3rd party cookies no matter which way you go.
     
  11. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    449
    Location:
    UK
    Thanks for that Mike,

    I'm experimenting with various settings right now.

    What about session cookies... should they be allowed or not. Not sure what they do.
     
  12. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Session cookies are no big risk. Better keep those.

    I too prefer cookiewall as a privacy protector. Most cookies are harmless. I like the fact that I'm remembered on the sites that I come to. Why would I not allow those cookies?
    And, as mentioned before, I prefer to be my own boss when it comes to privacy control. When visiting a site requires a cookie, that's okay with me, Cookiewall will clean up the mess later (just as I :D instructed). Let IE do what it's made for: showing html, security is my business ;)

    Did you ever study P3P? I wonder how this ever became an official standard.
     
  13. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    449
    Location:
    UK
    Thanks meneer,

    Ok on that... no I never did much study of the P3P stuff, but I'm learning everyday here now... cheers.
     
  14. Douglas

    Douglas Guest

    I recently dumped Mozilla and installed IE6. I looked at the cookie settings and just shook my head.
    But a search gave me this thread, and I have to say this is the clearest explanation of a software function I've ever seen. And it works great.
    Thanks JacK.

    Regards,
    Douglas
     
  15. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Set IE to block third party cookies, always allow session cookies and prompt for first party. You won't need cookiewall then..

    One less applicationl.
     
  16. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    You're right, but I rather use a dozen trustworthy applications to do a dozen functions right, than one application that (in my opinion ;) ) can not be trusted completely.
    And then, these days, why not run all the apps that you can, hardware is cheap :D
     
  17. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619

    A dozen? so i guess , you would use a seperare app for popup blocking,Banner replacement,browser referrer and user agent blocking,homepage guard, password manager for websites,HTTP proxy,cookie handling, anti-trojan,anti-virus, spyware/adware,firewall , some sort of sandbox for web surfing, registry monitor all running memory resident?

    Add that to your email client, and a dedicated spam filter and you tell me it doesnt matter?

    I have plenty of RAM here, but I just don't like so many stuff cluterring my computer. Besides, the more apps you run memory resident at the same time, it increases the chance of a conflict. And in the rare case your computer crashes, the more problems you get the more apps that were running at the time of the crash.

    IMHO cookies pose a relatively minor threat compared to other nasties, certainty isnt worth using yet another app when browsers like IE, or better yet Mozilla and opera handle it well.

    And so what if IE messes up in cookie handing ,it's not the end of the worlld.. It's not as if i'm asking you to trust Ms made santivirus.

    Besides if you trust MS enough to use their browser, relying on their cookie handling is not really sticking your head out much... :)

    PS Defence in depth doesnt mean running seperate apps for each security function!
     
  18. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    :D :D Seen my sig ?
     
  19. controler

    controler Guest

    I think what everyone is trying to say is this:

    While you have IE 6.0 loaded , click on the browers TOOLS
    Then click INTERNET OPTIONS
    Then Click the PRIVACY TAB
    Then Click ADVANCED
    Then TICK the OVERRIDE AUTOMATIC COOKIE HANDLING
    Then below that is a EDIT button where enter the websites you wish
    to ALLOW or DENEY

    hope this helps

    con
     
  20. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    449
    Location:
    UK
    Well, I've been using this new way of letting IE 6 take control of the cookies since starting this thread, without CookieWall, and I have to say it works like a dream.

    What I decided to do was delete all my cookies and then put IE 6 into prompt fot 1st party ones and block the 3rd party ones. Then I just logged into the 10 or so sites that I require a cookie for. This gave me the prompt to accept. Then I just set the 1st party to block also and that was it... so easy... and no more cookies from anyone else.

    I did try allowing session cookies, but to be honest it works fine with them blocked also, so I'll probably leave them blocked as well unless someone can give me a good reason to allow them.

    So, my experience is... IE 6 does the job perfectly so I too have now taken CookieWall off completly. It's another one less start up item and although it was one of my favourite applications... I now see no further use for it. Thanks to all for the advice. :)
     
  21. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi zarzenz

    If you feel like exploring cookie control further with IE6 check out this site under IE6 Tools > XML Menu.

    Regards,

    CrazyM
     
Loading...
Thread Status:
Not open for further replies.