Zombie Cookies: What They Are and How To Disable Them

Internet privacy and how to protect it is a growing concern for many users. In the past, these worries were focused on what we share intentionally: our identities, our personal details, the opinions we post in public forums. In recent years, however, the focus of concern has shifted. Web analytics have become more sophisticated and, as a result, targeted advertising has become incredibly specific. Yesterday you emailed a friend to tell them about how much the kids love the new swimming pool, and today every ad on Facebook is trying to sell you inflatable rafts. What’s going on here? How did they KNOW? If you’re a little creeped out about these eerily specific ads you’re not alone. Privacy advocates are worried about pervasive website tracking too, and they have their eye on the main culprit: cookies!

Cookies have been an essential part of how internet browsers work from the beginning. But what are they, and how do they work? Cookies go back to the early days of the World Wide Web. In 1994, developers at Netscape were trying to figure out how to make online shopping work. The website needed a way to “remember” who the customer was and what they wanted to buy. To do so, data would need to be stored temporarily. But where? Storing data for millions of shoppers on one server wasn’t a feasible solution, but storing one tiny file on each shopper’s computer would solve a lot of problems without burdening the user. Thus, the web cookie was born and went on to become an integral part of all web browsers.

So, cookies are just tiny text files that save basic data about an online session, such as shopping cart orders and users’ website preferences. Without cookies, the internet as we know it simply would not function. There is nothing good or evil (or yummy) about them; they are just tools. However, cookies have evolved to serve other purposes like online marketing. They have also been exploited to violate users’ privacy. Let’s explore some of the new “varieties” of cookies, what they are used for, and how to deal with the unwanted ones.

First-party cookies are “set” by the website you are visiting. It’s as simple as it sounds: you go to google.com, and google.com sets a cookie. That cookie will be used for basic functions, such as remembering your preferences, or keeping track of how many times you’ve visited the page. Once you leave the webpage, the first-party cookie has nothing left to do.

Third-party cookies, however, are the ones you never asked for. They are set by a different domain from the one you are visiting. The source of these third-party cookies are often advertisements or widgets that the website displays on their page. These third-party domains can set a cookie just as easily as a first-party. Third-party cookies are used to track you across multiple websites and monitor your views, clicks, and anything else that might be relevant for marketing analysis. The third-party cookie can spy on you from ANY website that displays an ad or widget from the same domain that set it in the first place. This information is collected by the advertiser to construct a picture about who you are and what you like. This is then used to predict the types of things you buy.

If you don’t like the idea of advertisers looking over your shoulder while you browse the web, you’ll be relieved to know that managing third-party cookies is a straightforward process.

Blocking Third-Party Cookies:

• Firefox: Tools > Options > Privacy. Uncheck "Accept third-party cookies.”
• Google Chrome: Settings>Advanced Settings>Privacy>Content Settings. Check “Block third-party cookies and site data.”
• Internet Explorer 11: Tools > Internet Options > Privacy > Advanced. Check “Override automatic cookie handling, and then choose “Block” under “Third-party Cookies.”

Removing Third-Party Cookies:
By far the easiest way to delete third-party cookies is to use a free piece of software called CCleaner. It is a well-known, reputable program with many other useful features tuning-up your PC. And best of all, it’s FREE!

Click here for CCleaner. Once you’ve installed the software, click “Cleaner” on the navigation bar and then check “Cookies” for each browser you use. Click “Analyze” and review the results. Then click “Run Cleaner”.

While the typical third-party tracking cookie is fairly easy to remove, there is a more persistent variety that is incredibly hard to find and remove, playfully termed the “zombie cookie.” This tracking cookie takes advantage of vulnerabilities in Adobe® Flash® Player. In addition to setting typical small file-size cookies which are stored in your browser’s file directory, it also sets a “Flash cookie.” This Flash cookie is much bulkier and is stored in the Adobe Flash directory rather than your browser folder. These two kinds of cookies work together, making it harder to identify and delete.

They work like this:

The third-party sets two standard cookies, plus one Flash cookie. Every time you visit a third-party domain, the Flash cookie checks to make sure the standard cookies are present. If it doesn’t find them (i.e. if you have deleted the cookies), it recreates them! The outcome of this is a cookie that can’t be deleted; it keeps returning from “the dead,” again and again. The solution? Identify and delete the Flash cookie as well.

To destroy this undead monster, we turn once again to CCleaner. This time, click Cleaner and select the Applications tab. Then check “Adobe Flash Player” under the Multimedia section. Click “Analyze” and “Run Cleaner” to remove the flash cookies.

You can also prevent Flash from setting these flash cookies in the first place. To do so, visit Adobe’s website.

The Global Storage Settings panel looks like an image at first, but it is interactive. Click on the second tab from the left. Then
1) Uncheck “Allow third-party Flash content…”
2) Move the slide-bar all the way to the left.

It is also worth noting that when browsing in Private or Incognito mode, any cookies set during your session will be automatically deleted when you close your browser.

• Domain (name): The web location that your browser is pointing to.
• Widget: Tiny apps embedded in a website that performs a simple function. Examples include Like, Subscribe, and social media Share buttons.
• Cookie: A tiny text file stored in your browser that remembers information related to your current and/or past visits.
• First-Party Cookie: A cookie set by the domain you are visiting.
• Third-Party Cookie: A cookie set by a different domain from the one you’re visiting.
• Zombie Cookie: A cookie that “comes back to life” after you’ve deleted it.
• Flash Cookie: A much larger cookie that is stored in your Flash folder. Technically, it’s a Locally Stored Object (LSO).