Third-party cookies

What are cookies?

Cookie is a cute name for what is basically a text file. When you visit a web site, the web site may want to ask your web browser (such as Internet Explorer or Firefox) to create a text file to store some useful information. This information can only be read by the web site that created the information in the first place. This is the concept behind internet cookies.

When you visit a domain such as www.somedomain.com, the somedomain.com server may ask your browser to set a cookie. This is a first-party cookie, because it is set by the domain you have chosen to visit. First-party cookies are vital to many of the biggest websites. They are usually a good thing, allowing a site to remember that you've logged in, or to remember what items you've added to a shopping basket.

Third-party cookies

But when you visit a domain such as www.somedomain.com, the web pages on that domain may feature content from a third-party domain. For instance, there may be an advertisement run by www.anotherdomain.com showing graphic advert banners. When your web browser asks for the banner image from www.anotherdomain.com, that third-party domain is allowed to set a cookie. Each domain can only read the cookie it created, so there should be no way of www.anotherdomain.com reading the cookie created by www.somedomain.com. So what's the problem?

Some people don't like third-party cookies for the following reason: suppose that the majority of sites on the internet have banner adverts from www.anotherdomain.com. Now it's possible for the advertiser to use its third-party cookie to identify you as you move from one site with its adverts to another site with its adverts.

Even though the advertiser from www.anotherdomain.com may not know your name, it can use the random ID number in the cookie to build up an anonymous profile of the sites you visit. Then, when it spots the unique ID in the third-party cookie, it can say to itself: "visitor 3E7ETW278UT regularly visits a music site, so show him/her adverts about music and music products".

Some people don't like the idea of advertising companies building up profiles about their browsing habits, even if the profile is anonymous.

Blocking third-party cookies

A web browser such as Firefox, Opera or Internet Explorer will allow you to choose how you want it to respond to a request to set a cookie. You can tell your browser to block third-party cookies, tell it to ask you each time, or tell it to allow them every time.

Note that you can also tell your web browser to block first-party cookies (set by the site you chose to visit), but this may make it difficult to use web forums, shopping sites, and any site that relies on cookies to let you login.

Blocking third-party cookies should have no ill effect to you, however. If you want to deny third-party cookies in one of the three most popular web browsers, follow the matching instructions below.

Blocking third-party cookies in Internet Explorer

I actually hate Internet Explorer 6, and I'm not mad keen on Internet Explorer 7 either, so I recommend that you switch to Firefox or Opera (both of which are free). But if you insist of sticking with Internet Explorer, you can block third-party cookies by doing the following:

1. Open the Tools menu on the menu bar and click Internet Options.
2. Select the Privacy tab in the top row of the options dialogue.
3. Click the Advanced button.
4. A window about cookies will appear. Make sure the box labelled Override automatic cookie handling has a tick in it. You can now choose what the browser does when it is asked to set each type of cookie. To block third-party cookies, just select the Block option in the Third-party Cookies column on the right.
5. If you wanted to be asked each time, select Prompt instead of block. This might quickly drive you mad, though.
6. Once you've chosen your settings, click Okay at the bottom of the small dialogue, then Okay at the bottom of the main options dialogue.

Blocking third-party cookies in Firefox 3

Firefox 3 restored restored the easy method for blocking third-party cookies that was removed in Firefox 2 (see below). So blocking third-party cookies is easy in Firefox 3.

1. Open the Tools menu on the menu bar and click Options. (If you're using Linux, the same thing is found in the Edit menu as Preferences.)
2. In the window that appears, click on the big button labeled Privacy (near the top of the window).
3. On the privacy page there is a section labeled Cookies.
4. To block third-party cookies, make sure there's no tick in the checkbox labeled Accept third-party cookies. Click on the checkbox to change it from ticked to unticked.
5. Once you've chosen the setting you want, click Close near the bottom-right of the window.

Blocking third-party cookies in Firfeox 2

For some reason, Firefox 2.0 makes it much harder to block third-party cookies than it used to be in Firefox 1.5. I've no idea why this decision was made. But it's still possible to block cookies that don't come from the "originating server" (the domain you're visiting).

According to a page on mozillazine.org, you need to edit a hidden configuration setting by hand. To do this, enter about:config in the address bar and hit Enter. This will bring up a list of settings that you can edit yourself. To make it easier to find the relevant setting, type cookie in the box labeled Filter and then only entries with a name that contains "cookie" will be listed.

The setting we want is named network.cookie.cookieBehaviour. Once you've spotted it, double-click it and a dialogue will appear with a text field. Change the value in this field to 1 (that's numeric one) and click Okay. Then carry on using the browser as normal.

However, I've found that setting this option still leads to many third-party cookies being accepted and saved. In fact, I'm not sure if this setting even tries to block third-party cookies any more.

Instead, I find that the following works better:

1. in Windows, go to the Firefox Tools menu then Options; or in Linux, go to the Edit menu, then Preferences;
2. select the Privacy tab along the top of the options/preferences window;
3. in the Cookies options section, change the Keep until value to I close Firefox;
4. click the Exceptions button on the right;
5. for each site that you do want to be allowed to store cookies even after you close Firefox, type in the domain (or sub-domain) name and then click the Allow button;
6. click Close and then Close to get back to Firefox.

This method is not automatic, because you have to tell Firefox which domains you want to allow to store cookies for longer than one session. For instance, if you use My Yahoo! as your home page, you will probably need to Allow "yahoo.com" and also "my.yahoo.com" in the Exceptions list, so that your login cookie is remembered. Otherwise you'll have to login with your username and password each time you open the browser. So this method is a little more work, but it does mean that any domain not in your allowed list will have its cookies cleared every time you close Firefox, which is better than nothing.

Blocking third-party cookies in Opera

Opera is an excellent choice for people who need more accessibility options. To block third-party cookies in Opera:

1. Open the Tools menu on the menu bar and click Preferences...
2. Select the Advanced tab in the top row of the options dialogue.
3. Select Cookies in the column on the left.
4. Make sure that the button labelled Accept only cookies from the site I visit is the one selected.
5. If you want to be asked before each cookie is set, tick the box labelled Ask me before accepting cookies (but be warned that this will happen a lot).
6. Once you've chosen your settings, click Okay at the bottom of the options dialogue.