I use an anti-spyware program and on my weekly scans it shows me all the suspect cookies I have collected and asks me how I want
to treat them (delete, quarantine, etc.). Most of these cookies are unrecognizable as to what sites they are from. Where can I get
more information on cookies to know whether or not I want to keep them?
Cookies aren’t nearly as dangerous as some folks think. In my opinion many anti-spyware programs make much too big a deal about
cookies in general.
That being said, let’s look at cookies using your browser instead of your anti-spyware tool (since I don’t know exactly what
information it’s showing), and then I’ll make a few recommendations.
Become a Patron of Ask Leo! and go ad-free!
In Internet Explorer 7:
That should have you looking at your Temporary Internet Files, similar to this:
What you’re looking at is the cache of files that Internet Explorer has downloaded as part of the surfing you’ve done. IE tries
to download files only once so that if you revisit that page, or visit a page that uses the same image, it’s already on your
machine, in the cache known as “Temporary Internet Files”.
Much like what we’re looking at here, many of the items will be unclear and confusing. At a minimum you can see in the “Internet
Address” column what site URL the item pertains to.
Internet Explorer keeps cookies in the same cache.
Click on the Internet Address column header to sort by that value. Now, if you need to, scroll down until you
see “Internet Addresses” that begin with Cookie:
As you can see, the cookies are also identified by the URL with which they are associated.
So, what about URLs you don’t recognize?
You can certainly go to the “http:” version of the URL. For example you’ll see in the example above a cookie
“Cookie:firstname.lastname@example.org” – a visit to http://ads.sun.com quickly identifies is as an ad server owned by the Sun corporation. (I
know, the “ads.” plus “sun.com” as the domain was probably enough to make the same determination.)
Another approach is to look up the “whois” information for the domain. The cookie “Cookie:email@example.com”, besides being a strange
name, doesn’t actually work when you visit http://2o7.net. A quick visit to http://betterwhois.com shows that 2o7.net is owned by a
company called Omniture – and a visit to omniture.com shows it to be an internet marketing company.
You can repeat that process for any or all of the cookies that you don’t recognize. In the end I think you’ll give up and get
tired as one thing becomes painfully clear: most of the cookies you don’t recognize are simply advertising related.
Advertisers use what we’ve come to call “tracking cookies”, and as I’ve said in a previous article:
Tracking cookies generate a tremendous volume of information that is processed in aggregate … meaning that advertisers using
them can determine things like “this many people who visit site A also go to site B, so we should beef up our advertising purchase
for site B.” They’re not saying “Oh, look, Leo just visited site A again. And there he goes to site B.”. You and I as individuals
just aren’t that interesting. Analyzed as a group, however, the information can provide interesting trends and information.
So… what should you do?
Well, there’s certainly no harm in deleting all cookies every so often. At worst you’ll find you have to login to some
sites where your password had been previously remembered.
If you’re particularly concerned about tracking, you might consider configuring your browser to disable what are called “third
party” cookies. That means when you (the first party) visit a web site like ask-leo.com (the second party) ads shown on that site
which come from some other URL like ads.google.com (the third party) are not allowed to leave cookies. Personally, I’m not
concerned about this type of tracking, so I leave them enabled.
And, ultimately, I actually see very little risk by doing absolutely nothing. Cookies don’t present a true security
risk – you can’t, for example, catch a virus from a cookie. At worst cookies present a privacy risk, but as I stated
above, most of us just aren’t that interesting to be individually targeted.
I say let the cookies fall where they may.