Howto: Thwart Internet Browser Third Party Cookies

According to Wikipedia,

“HTTP cookies, sometimes known as web cookies or just cookies, are parcels of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. HTTP cookies are used for authenticating, tracking, and maintaining specific information about users, such as site preferences or the contents of their electronic shopping carts.”

and

“Images or other objects contained in a Web page may reside in servers different from the one holding the page. In order to show such a page, the browser downloads all these objects, possibly receiving cookies. These cookies are called third-party cookies if the server sending them is located outside the domain of the Web page. Third-party cookies are used to create an anonymous profile of the user. This allows the advertising company to select the banner to show to a user based on the user’s profile. The advertising industry has denied any other use of these profiles.”

The problem with third party cookies is they are set on your computer by web servers you likely had no intention of visiting, and are used to track your web surfing habits. Steve Gibson’s Security Now! podcast episode #119 has a very detailed discussion about why third party cookies are bad. He also describes how PayPal and DoubleClick have a relationship that allows DoubleClick to place third party cookies when you are logged into PayPal’s secure web site, and why that’s probably not a good thing for privacy.

When I setup a new computer or image I generally block all third party cookies. It’s easy to do in Internet Explorer 7:

Tools – Internet Options – Privacy – Advanced – Override Automatic Cookie Handling – Block Third Party Cookies

It’s not quite as easy to block third party cookies with Firefox 2.x. You’ll have to follow these steps:

1) In the Firefox address bar (where you type the web site address), type about:config

2) In the filter box type network.cookie.cookieBehavior

3) Right click network.cookie.cookieBehavior and select Modify

4) Change the value from 0 to 1

Some web sites may not work properly without the ability to accept third party cookies, so instead of totally disabling third party cookies you can use a hosts file to specify which web sites you never want your browser to access. According to mvps.org,

“The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.

You can use a Hosts file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. This is accomplished by blocking the connection(s) that supplies these little gems.”

You can manually edit your hosts file to add entries for web sites you don’t want to ever visit. Or, you can use a freeware hosts file mangement application such as HostsMan or HostsXpert.

To manually edit your hosts file in Windows XP,

1) Click startrunnotepad c:\windows\system32\drivers\etc\hosts

2) add the IP address and name of the offensive web site

3) Click filesaveexit

If you have Windows Vista’s UAC enabled you’ll have to follow these directions in order to edit your hosts file.

If you don’t want to update your own hosts file and would rather use one pre-populated with offensive web sites, you can download one from MVPS. You’ll probably need to restart your computer to ensure the hosts file is reloaded.

If you experience poor performance when using a large hosts file, try disabling the DNS Client service. To do this:

1) Click startrun – and type services.msc

2) Right click DNS Client and select stop

3) Once the service stops, right click on DNS Client again and select Properties

4) Change the startup type from Automatic to Manual and click OK

Comments [3]

  1. You can opt out of Double Click’s tracking 3rd Party Cookies.

    http://www.doubleclick.com/privacy/opting_out.aspx

    Opting Out of DoubleClick

    DoubleClick believes in consumer choice. To enable consumers to exercise choice, we provide opt outs for each of our products that use cookies. In addition to our Internet technologies, we provide choice in our other products as well.

    When you choose to opt out from one of our Internet technology products, you replace the unique identifier in the cookie used by that product with a generic value. This means that the product or service that uses that cookie will not be able to recognize your browser as unique. The product still works – for example, you will still see Internet advertisements if you get an opt out ad cookie – but the technology will not be able to distinguish between your opt-out cookie and another user’s opt-out cookie. The opt-out cookie is persistent. Its presence avoids the setting of another unique cookie for that product.

    There are many programs that allow you to manually delete your cookies. Please note that clearing out your cookie file may also delete the opt-out cookie. For more information about accepting or declining cookies generally, please

  2. Thanks Jason.

    Too bad the link to DoubleClick’s privacy policy results in a 404 error, meaning it doesn’t exist.

  3. Here are few that allow you to add to them…….
    The MVPS HOSTS file was recently updated [FEB-09-2008]
    http://www.mvps.org/winhelp2002/hosts.htm
    hpHOSTS – UPDATED Febuary 11th, 2008

    The hpHOSTS Hosts file has been updated. There is now a total of 53,063 listed hostsnames.

    If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! smile.gif

    * Latest Updated: 11/02/2008 12:45
    * Last Verified: 11/02/2008 11:00

    Download hpHosts now!
    http://www.hosts-file.net/?s=Download

    hpHOSTS is a community managed hosts file. What that means to you is that you have a key role to play in improving hpHOSTS by submitting undesirable sites you think should be listed or by requesting removal of sites you think may have been added in error. This process is performed in our public forums and all decisions to add or remove sites are subject to public criticism and ongoing re-evaluation. If you would like to get involved, please register* at the hpHOSTS Hosts File Support Forum.

    * Registration is free and is not required to download the hpHOSTS hosts file.

    —————————————————-
    Alternative hosts file providers:

    * MVPS – http://mvps.org/winhelp2002/hosts.htm
    * McRae – http://pgl.yoyo.org/as/
    * Mike Skallas – http://everythingisnt.com/hosts.html

Leave a Reply

Your email address will not be published. Required fields are marked *