Raising the Shields – Part 7: Auto-Delete Cookies When The Browser Closes

Most users today are very happy that web services recognize them when they come back to use a service over many weeks or even months as they don't have to identify themselves each time they visit a site. While this is undoubtedly convenient it creates a number of severe privacy issues:

  • On sites like my favorite online shopping portal I like to browse for things anonymously. If I keep being recognized then the shopping portal can record all searches and results I have clicked on. To me that feels like I if I was observed by a dozen cameras in a store and the store then analyzes the recordings and keeps the results indefinitely. No thanks.
  • Except for Safari and perhaps Firefox in the future, browsers allow the use of third-party cookies on web pages. This way, advertisers can track a user's path through the Internet because each time a web site is visited that links to some content of the advertiser, the same cookie is sent back thus creating a trail of where the user went for the advertising company. 
  • The third-party cookie mechanism also allows popular social networking services to keep track of where their users go when they leave their website. 

All these things are totally unacceptable to me. Fortunately there's an easy fix for this. In the web browser a few simple settings protect users from such schemes:

  • Disallow 3rd party cookies ("Accept 3rd party cookies = never"). It's done by the Safari browser by default and I've used it for many months now without any bad side effects.
  • Configure the browser to delete all cookies when it is closed ("Keep until: I close Firefox"). This way, Amazon and other web services I use do not recognize me again once I restart the browser. The downside is of course that I have to log-in again for personalized services. But with the browser's autocomplete username and password feature it is only a minor inconvenience.
  • On a few websites such as my blogging service I would like to remain logged in despite browser restarts. For this, there's a cookie whitelist in Firefox (click on the "Exception" button in the Privacy Tab in Preferences). Only cookies on the whitelist survive browser restarts if the option "Keep Until" is set as described in the previous bullet point.

The images below show the settings I have made in Firefox to ensure as much privacy for myself as possible for normal web surfing. For advanced privacy needs I then use a TORified browser as described in a previous post.

Firefox privacy  
Firefox exceptions

This has already been part 7 of my "Raising the Shields" series and it will probably not be the last. In case you have missed some of them and are interested, here's a link that shows them all in sequential order.