Third-party cookies

What are cookies?

Cookie is a cute name for what is basically a text file. When you visit a web site, the web site may want to ask your web browser (such as Internet Explorer or Firefox) to create a text file to store some useful information. This information can only be read by the web site that created the information in the first place. This is the concept behind internet cookies.

When you visit a domain such as www.somedomain.com, the somedomain.com server may ask your browser to set a cookie. This is a first-party cookie, because it is set by the domain you have chosen to visit. First-party cookies are vital to many of the biggest websites. They are usually a good thing, allowing a site to remember that you've logged in, or to remember what items you've added to a shopping basket.

Third-party cookies

But when you visit a domain such as www.somedomain.com, the web pages on that domain may feature content from a third-party domain. For instance, there may be an advertisement run by www.anotherdomain.com showing graphic advert banners. When your web browser asks for the banner image from www.anotherdomain.com, that third-party domain is allowed to set a cookie. Each domain can only read the cookie it created, so there should be no way of www.anotherdomain.com reading the cookie created by www.somedomain.com. So what's the problem?

Some people don't like third-party cookies for the following reason: suppose that the majority of sites on the internet have banner adverts from www.anotherdomain.com. Now it's possible for the advertiser to use its third-party cookie to identify you as you move from one site with its adverts to another site with its adverts.

Even though the advertiser from www.anotherdomain.com may not know your name, it can use the random ID number in the cookie to build up an anonymous profile of the sites you visit. Then, when it spots the unique ID in the third-party cookie, it can say to itself: "visitor 3E7ETW278UT regularly visits a music site, so show him/her adverts about music and music products".

Some people don't like the idea of advertising companies building up profiles about their browsing habits, even if the profile is anonymous.

Blocking third-party cookies

A web browser such as Firefox, Opera or Internet Explorer will allow you to choose how you want it to respond to a request to set a cookie. You can tell your browser to block third-party cookies, tell it to ask you each time, or tell it to allow them every time.

Note that you can also tell your web browser to block first-party cookies (set by the site you chose to visit), but this may make it difficult to use web forums, shopping sites, and any site that relies on cookies to let you login.

Blocking third-party cookies should have no ill effect to you, however. If you want to deny third-party cookies and you're using one of the more popular web browsers, follow the instructions for your browser below.

Blocking third-party cookies in Internet Explorer

I actually hate Internet Explorer 6, and I'm not mad keen on Internet Explorer 7 or Internet Explorer 8 either, so I recommend that you switch to Firefox or Opera (both of which are free). But if you insist of sticking with Internet Explorer, you can block third-party cookies by doing the following:

  1. Open the Tools menu on the menu bar (which in Internet Explorer 9 appears as just a cog icon immediately below the window-close button) and then click Internet Options.
  2. Select the Privacy tab in the top row of the options dialogue.
  3. Click the Advanced button.
  4. A window about cookies will appear. Make sure the box labelled Override automatic cookie handling has a tick in it. You can now choose what the browser does when it is asked to set each type of cookie. To block third-party cookies, just select the Block option in the Third-party Cookies column on the right.
  5. If you wanted to be asked each time, select Prompt instead of block. This might quickly drive you mad, though.
  6. Once you've chosen your settings, click Okay at the bottom of the small dialogue, then Okay at the bottom of the main options dialogue.

Blocking third-party cookies in Firefox

  1. If you're using Firefox 4 or newer, click the Firefox button (in the top-left of the window) and then click on Options and then Options in the menus that appear. If you're using the older Firefox 3 then open the Tools menu on the menu bar and click Options. (If you're using Linux, the same thing is found in the Edit menu as Preferences.)
  2. In the window that appears, click on the tab labelled Privacy (near the top of the window).
  3. To block third-party cookies, make sure there's no tick in the checkbox (about halfway down the page) labelled Accept third-party cookies. Click on the checkbox to toggle it between ticked and unticked.
  4. Once you've chosen the setting you want, click Close near the bottom-right of the window.

Allowing only first-party session cookies in Firefox

If you're also worried about first-party cookies, then the following is even stricter:

  1. Follow the steps above to get to the Firefox Options/Preferences window;
  2. select the Privacy tab along the top of the options/preferences window;
  3. change the Keep until value (about halfway down the page) to I close Firefox;
  4. click the Exceptions button on the right;
  5. for each site that you do want to be allowed to store cookies even after you close Firefox, type in the domain or sub-domain name (such as yahoo.com or mybank.co.uk, etc) and then click the Allow button;
  6. click Close and then Close when you're finished.

This method is not automatic, because you have to tell Firefox which domains you want to allow to store cookies for longer than one session. For instance, if you use My Yahoo! as your home page, you will probably need to Allow "yahoo.com" and also "my.yahoo.com" in the Exceptions list, so that your login cookie is remembered even after you close Firefox. Otherwise you'll have to login with your username and password each time you open the browser. So this method is a little more work, but it does mean that any domain not in your allowed list will have its cookies cleared every time you close Firefox.

Blocking third-party cookies in Opera

Opera is an excellent choice for people who need more accessibility options. To block third-party cookies in Opera:

  1. Open the Tools menu on the menu bar and click Preferences...
  2. Select the Advanced tab in the top row of the options dialogue.
  3. Select Cookies in the column on the left.
  4. Make sure that the button labelled Accept only cookies from the site I visit is the one selected.
  5. If you want to be asked before each cookie is set, tick the box labelled Ask me before accepting cookies (but be warned that this will happen a lot).
  6. Once you've chosen your settings, click Okay at the bottom of the options dialogue.

Blocking third-party cookies in Chrome

To block third-party cookies in Chrome:

  1. Click on the spanner icon in the top-right of the window, and then click on Options in the menu that appears.
  2. In the options window, click on the Under the Bonnet tab, then click the Content settings button at the top of the page.
  3. Click on the Cookies tab.
  4. Put a tick in the box labelled Block all third-party cookies without exception.
  5. Click Okay repeatedly to exit the options windows.

If privacy is your concern, you should probably take a look at the Google Chrome Privacy Policy [en-GB version] too, which suggests that Chrome sends a lot of usage data to Google for various purposes.

Blocking third-party cookies in Safari

Third-party cookies appear to be blocked by default in Safari. But, should you want to check or change the setting, here's how to block third-party cookies in Safari:

  1. Click the gear icon at the top-right of the window, and then click on Preferences in the menu that appears.
  2. Click on the Security tab.
  3. Make sure that under Accept cookies the selected option is Only from sites I visit.
  4. On the same page, you might want to consider removing the tick from the box labelled Allow websites to ask for location information.
  5. Click Okay repeatedly to exit the options windows.

If privacy is your concern, you should probably take a look at the end user agreement for Safari, because it suggests that Safari sends a lot of usage data to Apple for various purposes. You may also want to disable the location feature, which readily sends your geographic location to websites you visit and online applications you use.