Web browser cookies always struck me as a minor issue. Although anti-malware programs often flag them as something to be removed, this always struck me as a scare tactic.

However, when Google started the rollout of a new cookie-based tracking system last month, it seemed time to take a new look at cookies with the goal of protecting privacy.

Let's start by defining both cookies and how they are used to track your online behavior.

Cookies are small, plain-text files that reside on your computer and are managed by a web browser. If you have multiple web browsers installed on a single computer, each one maintains its own independent cache of cookies.

As web pages are downloaded to a computer, cookies typically come along for the ride. Likewise, as you make requests for new web pages, your web browser may upload a cookie as part of the web page request.

Cookies that come from the web page you are viewing (the one whose address is displayed by your web browser) are referred to as “first party” cookies. Those that come from other sources, be they ads on the web page or small independent pages (IFRAMES) included in what appears to you to be a single page, are “third party” cookies.

(For more on this see my blog What are Cookies. The terms commonly applied to undesirable cookies are "tracking" cookies or, more technically, "third party persistent" cookies.)

Cookies are used as the foundation of interest-based advertising (a.k.a behavioral targeting). This type of advertising recognizes things you care about and shows you ads that relate to your interests, even when you are viewing an unrelated web site.

For example, someone interested in dogs, will be shown dog related ads, even while reading news stories about financial topics.

Personally, this is where I draw the line.

Google is merely the latest company using cookies for interest-based advertising. Yahoo and Microsoft were already doing it. Each company offers a web page where you can opt-out. Google also offers an explanation of their system, see "Advertising and Privacy"

Yahoo's opt out page sets a cookie for ad.yieldmanager.com when you ask to opt out.

Just viewing Microsoft's opt-out page sets cookies for live.com and msn.com. Checking the first box, to opt out of web browser targeting, causes it to create a new cookie for atdmt.com. With Firefox, it also resulted in a security error "You have requested an encrypted page that contains some unencrypted information..."

I first viewed the Google ads preferences page after removing all cookies and restarting Firefox. Simply viewing the page created two cookies, one for google.com and one for doubleclick.net.

Interestingly, the page asked me to opt in so that I could tell Google the topics I wanted to see ads about. Most likely, you'll be presented with an opt-out option instead. After visiting a couple web sites that created doubleclick.net cookies, I returned to the Google ads preferences page and was then given the option to opt out.

To be clear, all three companies opt you in by default.

As these examples make clear, opting out just sets more cookies. The problem with this is trust. A cookie is just a plain-text file. The actions that happen based on the data in the cookie today could be different form the actions taken next week.

In each case, we are trusting the company that a cookie with certain values in it will be treated a certain way. Even if you trust Google, Microsoft and Yahoo, there are many other advertising networks that also set tracking cookies.

Dealing with Firefox Cookies: Options

Most people, I assume, would like to prevent the creation of tracking cookies, while still enabling good cookies. There is more than one way to accomplish this, plus there are other different approaches.

I recently wrote about Defending IE7 from Google interest-based advertising cookies and now I'll take a look at the options Firefox offers for dealing with cookies.

Testing was done with Firefox 3.0.9 on Windows XP with no extensions enabled. I would have tested with no extensions installed but the Java Quick Starter and Microsoft .NET Framework Assistant Add-ons can't be removed, at least not in the usual manner.

Show Me the Cookies

Firefox does a great job, compared to Internet Explorer 7, of displaying the installed cookies. Click Tools -> Options -> Privacy tab -> Show Cookies button. As shown below, many cookies come from advertising networks.

remove firefox cookies, cookies display

Cookies from individual websites can be removed by highlighting them, then clicking on the Remove Cookie button.

Next Page: Remove all Firefox Cookies