According to Wikipedia,
“HTTP cookies, sometimes known as web cookies or just cookies, are parcels of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. HTTP cookies are used for authenticating, tracking, and maintaining specific information about users, such as site preferences or the contents of their electronic shopping carts.”
and
“Images or other objects contained in a Web page may reside in servers different from the one holding the page. In order to show such a page, the browser downloads all these objects, possibly receiving cookies. These cookies are called third-party cookies if the server sending them is located outside the domain of the Web page. Third-party cookies are used to create an anonymous profile of the user. This allows the advertising company to select the banner to show to a user based on the user’s profile. The advertising industry has denied any other use of these profiles.”
The problem with third party cookies is they are set on your computer by web servers you likely had no intention of visiting, and are used to track your web surfing habits. Steve Gibson’s Security Now! podcast episode #119 has a very detailed discussion about why third party cookies are bad. He also describes how PayPal and DoubleClick have a relationship that allows DoubleClick to place third party cookies when you are logged into PayPal’s secure web site, and why that’s probably not a good thing for privacy.
When I setup a new computer or image I generally block all third party cookies. It’s easy to do in Internet Explorer 7:
Tools – Internet Options – Privacy – Advanced – Override Automatic Cookie Handling – Block Third Party Cookies
It’s not quite as easy to block third party cookies with Firefox 2.x. You’ll have to follow these steps:
1) In the Firefox address bar (where you type the web site address), type about:config
2) In the filter box type network.cookie.cookieBehavior
3) Right click network.cookie.cookieBehavior and select Modify
4) Change the value from 0 to 1
Some web sites may not work properly without the ability to accept third party cookies, so instead of totally disabling third party cookies you can use a hosts file to specify which web sites you never want your browser to access. According to mvps.org,
“The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.
You can use a Hosts file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. This is accomplished by blocking the connection(s) that supplies these little gems.”
You can manually edit your hosts file to add entries for web sites you don’t want to ever visit. Or, you can use a freeware hosts file mangement application such as HostsMan or HostsXpert.
To manually edit your hosts file in Windows XP,
1) Click start – run – notepad c:\windows\system32\drivers\etc\hosts
2) add the IP address and name of the offensive web site
3) Click file – save – exit
If you have Windows Vista’s UAC enabled you’ll have to follow these directions in order to edit your hosts file.
If you don’t want to update your own hosts file and would rather use one pre-populated with offensive web sites, you can download one from MVPS. You’ll probably need to restart your computer to ensure the hosts file is reloaded.
If you experience poor performance when using a large hosts file, try disabling the DNS Client service. To do this:
1) Click start – run - and type services.msc
2) Right click DNS Client and select stop
3) Once the service stops, right click on DNS Client again and select Properties
4) Change the startup type from Automatic to Manual and click OK
