Explorer: Shut your cookie hole

Websites can install cookies, even if you prefer carrots

Recently we found out that there are many sites on the Web which have technical errors that cause Microsoft Internet Explorer to install cookies, even when the browser’s settings are supposed to block them.

Now, I’m sure we all know the incredible invasion of privacy that cookies represent. They reside on our computers and accumulate all sorts of data about our browsing habits, and in exchange they make our browsing life just a teensy bit easier, by remembering our preferential settings for certain sites. Most people have become wise to their game, and have set their browsers to disallow these pernicious information collectors from gathering their ill-gotten gains and reporting back to their masters. Only apparently that isn’t enough.

A technical paper released by CyLab at Carnegie Mellon University outlines the discovery of a glitch that exists on over 11,000 web sites, including 21 of the 100 most-visited ones. Apparently when a website’s compact policy is invalid in a certain way, IE doesn’t know what to do with it, and lets it on through, even though the user might have set the browser to reject certain types.

Now, sure, it is possible that every single one of these websites made a mistake. Perhaps they all mistyped or made other errors when creating the CP. Sure. But when you look at sites like Facebook, whose CP had only two of the requisite minimum five codes, chances are most of them decided to use the opportunity to push their cookies that would otherwise be rejected by IE.

My guess is in the next few weeks we are going to see a lot of, “Oh, sorry, we’re fixing that error now,” and, “We had no idea,” from those sites. Sure. As long as you fix it, I guess we’ll play along. And Microsoft could always fix the browser too, something I would bet they are working on as you are reading this.

About the Author

Greg Crowe is a former GCN staff writer who covered mobile technology.

Reader Comments

Fri, Dec 10, 2010 IR

Delete pernicious Flash Cookies

Fri, Sep 24, 2010 Shawn Hendricks

The link did not copy faithfully. Cut and paste piece-by-piece the following if it posts correctly. http://www.macromedia.com/support/ documentation/en/flashplayer/ help/settings_manager07.html

Fri, Sep 24, 2010 Shawn Hendricks

Adobe Flash player persistent objects are far more pernicious than browser cookies. They cannot be set for deletion when you close your browser. Visit the below site to see what they have stored on your PC. Of course, when we users begin to overwhelmingly delete Flash player persistent objects, usage tracking firms will just come up with another application where they can store information about your habits. Oh, and you have to connect to Adobe/Macromedia in order to delete their persistent objects. What's up with that? http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above