Helping people with computers... one answer at a time.
Anti-spyware programs often list cookies as suspect without much explanation. We'll look at how to find out a little more, and what to do. Or not.
I use an anti-spyware program and on my weekly scans it shows me all the suspect cookies I have collected and asks me how I want to treat them (delete, quarantine, etc.). Most of these cookies are unrecognizable as to what sites they are from. Where can I get more information on cookies to know whether or not I want to keep them?
Cookies aren't nearly as dangerous as some folks think. In my opinion many anti-spyware programs make much too big a deal about cookies in general.
That being said, let's look at cookies using your browser instead of your anti-spyware tool (since I don't know exactly what information it's showing), and then I'll make a few recommendations.
In Internet Explorer 7:
That should have you looking at your Temporary Internet Files, similar to this:
What you're looking at is the cache of files that Internet Explorer has downloaded as part of the surfing you've done. IE tries to download files only once so that if you revisit that page, or visit a page that uses the same image, it's already on your machine, in the cache known as "Temporary Internet Files".
Much like what we're looking at here, many of the items will be unclear and confusing. At a minimum you can see in the "Internet Address" column what site URL the item pertains to.
Internet Explorer keeps cookies in the same cache.
Click on the Internet Address column header to sort by that value. Now, if you need to, scroll down until you see "Internet Addresses" that begin with Cookie:
As you can see, the cookies are also identified by the URL with which they are associated.
So, what about URLs you don't recognize?
You can certainly go to the "http:" version of the URL. For example you'll see in the example above a cookie "Cookie:firstname.lastname@example.org" - a visit to http://ads.sun.com quickly identifies is as an ad server owned by the Sun corporation. (I know, the "ads." plus "sun.com" as the domain was probably enough to make the same determination.)
Another approach is to look up the "whois" information for the domain. The cookie "Cookie:email@example.com", besides being a strange name, doesn't actually work when you visit http://2o7.net. A quick visit to http://betterwhois.com shows that 2o7.net is owned by a company called Omniture - and a visit to omniture.com shows it to be an internet marketing company.
You can repeat that process for any or all of the cookies that you don't recognize. In the end I think you'll give up and get tired as one thing becomes painfully clear: most of the cookies you don't recognize are simply advertising related.
Advertisers use what we've come to call "tracking cookies", and as I've said in a previous article:
Tracking cookies generate a tremendous volume of information that is processed in aggregate ... meaning that advertisers using them can determine things like "this many people who visit site A also go to site B, so we should beef up our advertising purchase for site B." They're not saying "Oh, look, Leo just visited site A again. And there he goes to site B.". You and I as individuals just aren't that interesting. Analyzed as a group, however, the information can provide interesting trends and information.
So... what should you do?
Well, there's certainly no harm in deleting all cookies every so often. At worst you'll find you have to login to some sites where your password had been previously remembered.
If you're particularly concerned about tracking, you might consider configuring your browser to disable what are called "third party" cookies. That means when you (the first party) visit a web site like ask-leo.com (the second party) ads shown on that site which come from some other URL like ads.google.com (the third party) are not allowed to leave cookies. Personally, I'm not concerned about this type of tracking, so I leave them enabled.
And, ultimately, I actually see very little risk by doing absolutely nothing. Cookies don't present a true security risk - you can't, for example, catch a virus from a cookie. At worst cookies present a privacy risk, but as I stated above, most of us just aren't that interesting to be individually targeted.
I say let the cookies fall where they may.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.