About “cookies”: Cookies are local text files used to store “state” information. Web sessions are “stateless.” You connect, read, send information and so forth as discrete sessions when you interact with a web site. To establish and maintain continuity across sessions (to maintain “state”), information is stored on your local machine. That is, often you will need to allow a web site to store cookies for that web site to work as expected. Cookies may store information to be shared with other web sites. These are third-party cookies. Sometimes third-party cookies are required to use a web site the way it was designed. Third-party advertising cookies, however, are not required for a web site to work as expected; they do not maintain state.
Ghostery may be the best suggestion. Installed in each browser you use. When the detects a new tracker, your list of trackers is updated. You can automatically deny any new trackers it learns about.
You may need to permit some trackers. For example, if you want to subscribe to an InformationWeek Dark Reading webcast, you will learn that
Ghostery prevented a redirect from
app.reg.techweb.com to s2150.t.eloqua.com,
which is part of Eloqua.
In order to register for such a webcast, you need to enable the Eloqua tracker, at least temporarily.
Google+, Facebook, LinkedIn, Twitter buttons are also blocked, but can be temporarily enabled.
The other two approaches below have significant usability or maintenance drawbacks.
One approach: block all third-party cookies, not just third-party advertising cookies.
- Firefox: Disable third-party cookies in Firefox to stop some types of tracking by advertisers.
- Internet Explorer 9: Description of Cookies (In advanced privacy settings, override automatic cookie handling and block third-party cookies.)
This is a simple change with the unfortunate side-effect of making some web sites unusable. These web sites use third-party cookies which are not advertising network cookies.
The web browser setting approach is not compatible with the network opt-out approach that follows.
Network opt-out approach: TRUSTe Preference Manager would be a convenient tool, were it not for its time-consuming JavaScript. TRUSTe Preference Manager provides a generalized opt-out mechanism for 496 networks, which includes nearly all of the 93 National Advertising Initiative (NAI) member companies, as well as Adobe’s Omniture, Google and many more. Since a company may have more than one network (for example, Google has five and Admeld has two), numeric comparisons are a little difficult. The industry is volatile, and numbers were accurate when this was written. I suspect TRUSTe tries to keep its tool current. Collecting the results from all 496 networks before presenting them to the user results in a JavaScript that seems to be unresponsive.
The script on the TRUSTe Preference Manager page may appear to be unresponsive. I would attribute this to the large number of web sites it attempts to manage.
To introduce how this works, the National Advertising Initiative (NAI) …
… Opt-out Tool was developed in conjunction with our members for the express purpose of allowing consumers to “opt out” of the behavioral advertising delivered by our member companies.
“Behavioral advertising” refers to tracking your interests and offering ads which target those interests. This could be considered a service; this could be considered using information you did not wish to share.
The NAI opt-out tool provides a simple method of informing the member advertising networks that you do not wish to be tracked. Since you probably do not differentiate among advertising networks, you will probably want to use the “select all” feature at the bottom of the list.
The opt-out mechanism is to install a “cookie” that tells an advertising network that you do not want to be tracked. Each advertising network needs its own cookie.
Implementation notes (how you will probably wish to proceed):
- Use the TRUSTe Preference Manager tool and the “select all” feature at the top of the list.
- Use the NAI Opt-out Tool, “All NAI Companies” tab and the “select all” feature at the top of the list.
- Repeat for each browser you use.
- Repeat for each local account you use (that is, on a shared machine repeat for each login).
- Repeat for each machine you use (remember to consider any smartphones you use).
- If you clear your cookies, remember to use the opt-out tool to install the opt-out cookies.
- Repeat periodically. New member networks appear. You should visit the opt-out web sites periodically to opt out of additional networks.
- Not included: Gravity,
The NAI FAQs link provides information about protecting your privacy. It also clarifies how disabling third-party cookies can lead to unexpected behavior with the opt-out tool. For example:
Apple presets the Safari browser to block cookies from sites other than those you visit directly. As a result, the NAI opt out tool, which uses third-party cookies, will not work for browsers left in this default setting.
This NAI Opt-out tool addresses member third-party advertising networks. It does not address non-member third-party advertising networks. It does not address the web site you connect to (the second-party).
- Adobe’s Omniture (2o7.net and omtrdc.net) are not members of NAI and have their own opt-out mechanism.
Nielsen Measurement offers an opt-out cookie when digital media is accessed through a web browser. Your digital media usage may take many forms; see, for example, the Hulu Privacy Policy. You will need additional measures to protect your privacy.
Related: The Wall Street Journal Digital Network (WSJDN) Registry, powered by BlueKai (Giving You Control of Your Digital Footprint) is a member of NAI. Google is a member and the Google Adversity Privacy FAQ has an Ads Preference Manager.
Network opt-out approach for Internet Explorer: Add a Tracking Protection List.
Summary: You can allow third parties to track your Internet usage or you can use Ghostery to limit that information or you can configure the browser to not accept third-party cookies (which may be incompatible with applications you use), or you can install third-party cookies to say you opt-out of tracking (which requires maintenance). How well do these approaches work? Since there has been no agreement as to what well-behaved third-party cookies look like, the last two approaches have limitations. You do what you can.
Do Not Track: You may wish to inform the web sites you connect to that you do not wish to be tracked. Web sites are not required to comply. Twitter does. See the Twitter Supports “Do Not Track” page for browser-specific instructions.
Flash Cookies: Adobe has a “local shared object” (sometimes called a “Flash cookie”), which can be used to share information with third parties or store information for use with the web site you connect to. These “local shared objects” are managed through the Flash Player Settings Manager; see Flash Player Help / Manage, disable Local Shared Objects. Specifically, note that (under Global Storage Settings) “Allow third-party Flash content to store data on your computer” is enabled by default. A person who wished to opt-out of third party advertising cookies would probably want to disable third-party Flash local shared objects as well.
A well-written, useful explanation of a web site’s privacy policy and how it affects your usage of the web site can be found at locatetv.com. Other privacy concerns at the privacy policy of jackspetstore.com.
Two analytics companies to settle charges for online user tracking
Watch the Cookie Clearinghouse (from the Center for Internet and Society (CIS) at Stanford Law School) for block-lists and allow-lists as a mechanism for enforcing acceptable cookie behavior.
Aggressive Virus Defense 