The Web's New Gold Mine: Your Secrets

[Cudni]

from
http://online.wsj.com/article/SB10001424052748703940904575395073512989404.html
"..
The Journal conducted a comprehensive study that assesses and analyzes the broad array of cookies and other surveillance technology that companies are deploying on Internet users.
.."

and what to do about it
http://online.wsj.com/article/SB10001424052748703467304575383203092034876.html

[1972vet]

...all the more reason why one should configure the browser to delete ALL cookies when it's closed. Keep temp files empty and cleanup often.

[PCBruiser]

And, set your browser not to accept any Third Party Cookies ... all the browsers these days have a setting for that.

[ky331]

"configure the browser to delete ALL cookies when it's closed".
While certainly the optimum in terms of protection against bad cookies, i think most people would be more bothered by the need to repeatedly log-in to all of their "favorite" websites [e.g, e-mail accounts, and the forums in which they regularly participate], that offer (safe, first-party) cookies to remember them and/or some of their preferences.   As another example, "shopping carts" use cookies to remember items that you place in the cart.   if you build/use a cart, the presumption is that you want to save it, to come back to it later [after you finally decide what you want to purchase].   Deleting all cookies would delete the cart/contents as well.

PREVENTING:  i find the alternative suggestion, to not accept (most) third-party cookies, to be much-more "workable".   in IE, my privacy setting is MEDIUM/HIGH, which blocks most third-party cookies, and even some first-party.  in Firefox, i don't accept third party cookies.  in Opera, I "accept cookies only from the site I visit" (= first-party cookies).

STATIC BLOCKING:   I use SpywareBlaster and Spybot's Immunization to block "bad" cookies in IE and FF.  

REMOVING:  I use SAS to remove any "bad" cookies it finds [except for a handful of vendors/sites that i'm willing to trust].

And I use CCleaner to remove "Flash-cookies" (.SOL = Shared Object, Local)

[1972vet]

... i think most people would be more bothered by the need to repeatedly log-in to all of their "favorite" websites

I have my browser configured to delete cookies when I close it and I never have to log back in to any of the web sites that require user ID and password. I should have mentioned it but I allow Windows to remember it and when I come back, I just need to click the log in button which already contains my user ID and password. I experimented with preventing the browser to accept third party cookies and found that I could not log into my banking web site. Whatever suites the user best is what I should have recommended.

[ky331]

Vet:   that's really weird, that you couldn't log into your banking site with [only] third-party cookies blocked... that almost sounds like they formed a "conspiracy" to share info with a third party!

just to mention some other options people could try/test for themselves, to suppress cookies/histories:
using only "session" cookies
using "in-private" browsing
using a sandboxed browser

i'm sure each technique is used successfully/happily by some people.   to each his/her own.

[1972vet]

Vet:   that's really weird, that you couldn't log into your banking site with [only] third-party cookies blocked... that almost sounds like they formed a "conspiracy" to share info with a third party!

Yep, that's all I blocked but I guess I should have offered more details Kev. I can log in ok but can't do anything there other than to check my balance. If I want to pay bills, no go...if I need to look at a check, forget it...if I want to do anything other than just look at my account it's just not possible. Logging in is fine but doing anything else is impossible. Maybe other banks are set up differently. Problem is though, the folks won't know until they try it after having disabled third party cookies...and the way I think about this sort of generalized advice is that some folks may just not remember that they disabled third party cookies at the time they go to do their banking or whatever else that won't work with third party cookies blocked.

What's more, many folks won't even know why they suddenly aren't able to pay bills online or view their checks etc. because they would only receive an error message that says nothing about cookies.

It is one of those "to each, his own" kinda things I suppose but I prefer to take the path of least resistance myself.

You've made some good points but thought I'd just give a heads up about blocking third party cookies entirely without a word about consequences. I personally find it much easier and less burdensome to configure the browser to delete cookies when it's closed...these separate views at least gives folks some opportunity to make their choice having been informed. 

[ky331]

Interesting.
I do online banking... I can see my balances, and have no problems viewing copies of checks that have cleared.
I also pay bills online:   credit card bills, phone/electric bills, oil/utility/water bills.   In all these cases, I have chosen to originate the request from the recipient (e.g., the credit card company to be paid) rather than from the payer (my bank).   Some of these recipients actually use a third-party service to execute the transaction on their behalf --- they advise me that they're switching to an approved site --- and I have no trouble doing so.   All with limitations on third-party cookies.
[My bank offers me the ability to initiate payments from their site... but i've never tried... i guess i've just gotten used to doing it from the recipient's site.]
So i'm wondering, if perhaps you had/have something else interfering with your banking --- a popup blocker, disabled javascript, NoScript in FF, etc.?   (I'm sure you're well-aware of all of these... just suggesting you might have inadvertently overlooked one of them???)

(By the way, it appears you referred to me as 'Kev"... like you, I am David.)

[1972vet]

Sorry Dave. When I typed that up I had just looked at a log that Kev had started working. I get email responses for all those new postings in the mw forum lol...anyway pal, nothing else blocked but third party cookies. I should also point out though that I use FF exclusively. In FF third party cookies are blocked entirely with no slider for gauging low, medium high.

With regard to the other security software you mentioned, I have no script for FF and of course FF does have a pop up blocker but they make accommodation for my bank web site (due to user interaction). Those items by the way (for those unaware) will ask for permission or advise the user in some way that there is something being blocked.

However, in FireFox, with the third party cookies blocked, there is no such warning or other indication that it's a cookie issue when trying to navigate around my bank web site in an attempt to take advantage of the other features that I mentioned. I just assumed my bank couldn't possibly be the only one set up this way (and neither could my security settings be so unique so as to affect only me).

I might add, since this became an issue, that it could be the https protocol and this may be only related to those type web sites. Dunno, as I never really was so interested so as to tinker around trying to find out.

[PCBruiser]

For a lot more control, and to easily see who drops what cookies on your system, use this excellent Firefox Extension - Cookie Monster:  https://addons.mozilla.org/en-US/firefox/addon/4703/