Zombie Cookies: What They Are and How To Disable Them

Cookies have been an essential part of how internet browsers work from the beginning.

But what are they, where do cookies come from, and how do they work?

Internet Privacy and Website Tracking

Internet privacy and how to protect it is a growing concern for many users. In the past, these worries were focused on what we share intentionally: our identities, our personal details, the opinions we post in public forums. In recent years, however, the focus of concern has shifted. Web analytics have become more sophisticated and, as a result, targeted advertising has become incredibly specific. Yesterday you emailed a friend to tell them about how much the kids love the new swimming pool, and today every ad on Facebook is trying to sell you inflatable rafts. What’s going on here? How did they KNOW? If you’re a little creeped out about these eerily specific ads you’re not alone. Privacy advocates are worried about pervasive website tracking too, and they have their eye on the main culprit: cookies!

Internet Cookies: Delicious or Evil?

Cookies go back to the early days of the World Wide Web. In 1994, developers at Netscape were trying to figure out how to make online shopping work. The website needed a way to “remember” who the customer was and what they wanted to buy. To do so, data would need to be stored temporarily. But where? Storing data for millions of shoppers on one server wasn’t a feasible solution, but storing one tiny file on each shopper’s computer would solve a lot of problems without burdening the user. Thus, the web cookie was born and went on to become an integral part of all web browsers.

So, cookies are just tiny text files that save basic data about an online session, such as shopping cart orders and users’ website preferences. Without cookies, the internet as we know it simply would not function. There is nothing good or evil (or yummy) about them; they are just tools. However, cookies have evolved to serve other purposes like online marketing. They have also been exploited to violate users’ privacy. Let’s explore some of the new “varieties” of cookies, what they are used for, and how to deal with the unwanted ones.

First-Party vs Third-Party Cookies:

First-party cookies are “set” by the website you are visiting. It’s as simple as it sounds: you go to google.com, and google.com sets a cookie. That cookie will be used for basic functions, such as remembering your preferences, or keeping track of how many times you’ve visited the page. Once you leave the webpage, the first-party cookie has nothing left to do.

Third-party cookies, however, are the ones you never asked for. They are set by a different domain from the one you are visiting. The source of these third-party cookies are often advertisements or widgets that the website displays on their page. These third-party domains can set a cookie just as easily as a first-party. Third-party cookies are used to track you across multiple websites and monitor your views, clicks, and anything else that might be relevant for marketing analysis. The third-party cookie can spy on you from ANY website that displays an ad or widget from the same domain that set it in the first place. This information is collected by the advertiser to construct a picture about who you are and what you like. This is then used to predict the types of things you buy.

How to Block and Remove Third-Party Cookies

Blocking Third-Party Cookies:

1. Tools > Options > Privacy. Uncheck “Accept third-party cookies.”

1. Settings>Advanced Settings>Privacy>Content Settings. Check “Block third-party cookies and site data.”

1. Tools > Internet Options > Privacy > Advanced. Check “Override automatic cookie handling, and then choose “Block” under “Third-party Cookies.”

Removing Third-Party Cookies:

By far the easiest way to delete third-party cookies is to use a free piece of software called CCleaner. It is a well-known, reputable program with many other useful features tuning-up your PC. And best of all, it’s FREE!

Zombie Cookies From Beyond the Grave?

While the typical third-party browser tracking cookie is fairly easy to remove, there is a more persistent variety that is much harder to find and remove, playfully termed the “zombie cookie.” This tracking cookie takes advantage of vulnerabilities in Adobe® Flash® Player. In addition to setting typical small file-size cookies which are stored in your browser’s file directory, it also sets a “Flash cookie.” This Flash cookie is much bulkier and is stored in the Adobe Flash directory rather than your browser folder. These two kinds of cookies work together, making it harder to identify and delete.

They work like this:

How to Disable a Zombie Cookie

Unfortunately, zombie cookies are not rare. Recent data shows that 10 of the top 100 websites use them. To destroy this undead monster, you need to delete the Flash cookie as well as the browser cookies. We turn once again to CCleaner. This time, click Cleaner and select the Applications tab. Then check “Adobe Flash Player” under the Multimedia section. Click “Analyze” and “Run Cleaner” to remove the flash cookies.

You can also prevent Flash from setting these flash cookies in the first place. To do so, go to this page on Adobe’s website.

The Global Storage Settings panel looks like an image at first, but it is interactive. Click on the second tab from the left. Then:

1. Uncheck “Allow third-party Flash content…”
2. Move the slide-bar all the way to the left.

It is also worth noting that when browsing in Private or Incognito mode, any cookies set during your session will be automatically deleted when you close your browser.

Author: Aaron White, Date: 27th June 2016