mmm.. cookies



All timestamps are based on your local time of:

Posted by: stak
Posted on: 2006-10-14 12:05:37

take a minute now to check out the cookies that your browser has. for mozilla-based browsers, opera, and safari, you can do this by going in the preferences somewhere; for IE you'll have to head over to your Cookies directory in your Documents and Settings folder. take a look at how many cookies are labelled __utma, __utmb, or __utmz (possibly others that start with __ut as well). IE users will probably have to do a grep or find-in-files for this.

these are all google analytics (formerly urchin) cookies. i don't know about you, but i've got a LOT of these cookies, and all they do is track me as go from one site to another. every time you go to any page on one of those sites, google knows about it. they log your time of access, referer URL if available, and (presumably) any other information they can get their hands on, almost certainly including your IP address. given that information, so they can certainly correlate page views from a single person during a browsing session by looking for page views from the same IP within minutes of each other, and use the referer URLs to further consolidate the information. with the cookies, they can link different browsing sessions together to the same user. overall, i'd guess that google could probably replicate a significant chunk (> 50% in my case, but depends on the types of sites you visit) of your browser's history - and as more sites use google analytics, they'll be able to do even more of it. (note: i doubt they actually do this right now, but the data's there, just waiting to be hacked into/obtained by court order/whatever.) that data is a prime target for targetted phishing attacks, identity theft, and who knows what else.

as a webmaster, it's nice to be able to generate accurate statistics of the people visiting your site so that you can better customize the experience. as a consumer of web sites, i don't think the customization is really worth the ever-increasing risk of identity theft. as a programmer, i'm tempted to try and write a browser that explicitly doesn't store tracking cookies like the __ut* ones, and provides random referer URLs and user-agent strings to the pages it visits. and possibly uses a set of proxies to randomize the IP address, too.

Posted by gdbaer at 2006-10-14 16:55:53
I go through my browser cookies and clear them out every so often. The really bad offenders go on the Firefox perma-block list, but unfortunately that doesn't help with the google analytics cookies, as you point out.

I'd really like a way in Firefox to programmatically say "no cookies with expiry dates > 1 year", and "delete from cookies where name like '__ut%';", to name a few. Don't suppose anyone's seen a decent extension...?
[ Reply to this ]
Posted by stak at 2006-10-14 23:36:32
Well, the cookies are stored in a cookies.txt file that is pretty easy to parse, so you could write a program to delete any unwanted cookies pretty trivially. Although I think you'd still have to restart Firefox after the change since it probably stores the cookies in memory until you close the browser.
[ Reply to this ]

[ Add a new comment ]

 
 
(c) Kartikaya Gupta, 2004-2022. User comments owned by their respective posters. All rights reserved.
You are accessing this website via IPv4. Consider upgrading to IPv6!