OS/2 eZine - The Best OS/2 Reading Anywhere!

16 June 2001

Relish Personal Information Manager - http://www.sundialsystems.com/relishhome

Cookie Management for the Paranoid

Most websites you visit today leave little bits of information on your computer each time you visit. These little bits of information, known as "cookies (http://www.netscape.com/newsref/std/cookie_spec.html )," sometimes perform useful tasks like remembering your login ID, but just as often they are used to track your activity so that some marketdroid somewhere can analyze what you've been doing in order to more effectively sell you whatever it is they're selling. This article provides a technique to allow you to reduce the flow of information to a level you can live with.

What are Cookies Used For?

On websites cookies are mostly used for four things:

They are used as unique user id's to track who is reading what on the website and when they come back.
Shopping sites use them to track your purchases in your shopping cart before you check out.
Some sites save user preferences for the appearance or operation of the website.
Banks and other services save login ID's and sometimes even passwords so you don't have to log in every time you go to that page (Yahoo Groups (http://www.groups.yahoo.com) does this.)

Of these activities, only the last two really need to get the cookie back the next time you go to their website. That some websites like to track their users' activity is pretty questionable in my opinion. Some people like the personalization and convenience, I think we should be able to make our own decisions. If possible, it would be nice to be able to delete the first two types of cookies after we are done with them.

What About Just Turning Cookies Off?

Netscape offers you a couple of options for turning cookies off in Edit, Preferences, Advanced which might make you think, why not just select Disable cookies and be done with it? The downside of turning off cookies altogether is that quite a few websites simply won't work if cookies are turned off entirely. Accept all cookies is the default, however cookies that provide useful functions are generally used only by the server you are talking to. Cookies that go to other servers are most often used by banner advertising companies to track your exposure to their ads. Setting Netscape to Accept only cookies that get sent back to the originating server is an adequate compromise.

Anatomy of the Cookie File

Cookies in Netscape 4.x are stored in the cookies.txt file. You should find your cookies.txt file in \Netscape\users\yourname\cookies.txt. Below is a cookies.txt file after a short browsing session. As you can see I have collected cookies from yahoo, zdnet, wired and ecomstation. If you have used Netscape for a long time, you may have hundreds of entries in your cookie file. So what do all those lines do? Who knows. The only thing we are interested in is the first part that says which domain the cookies belong to.

# Netscape HTTP Cookie File 
# http://www.netscape.com/newsref/std/cookie_spec.html 
# This is a generated file!  Do not edit.
.yahoo.com TRUE / FALSE 1271350778 B 3o1ebootc1vgn&b=2&f=e
.yahoo.com TRUE / FALSE 1271350779 Y v=1&n=a4cl9oka420bh&l=he10j0kheh0/o&p=m24vvca4000004&r=7j&lg=us&intl=ca
.yahoo.com TRUE / FALSE 1271350779 T z=j4Pw6Aj.kw6AlIvxLDgfcSc&a=AAE&sk=DAA.a8B/V9SIfM&d=YQFBQUUBenoBajRQdzZBZ1dB
.zdnet.com TRUE / FALSE 1041299924 cgversion 4
.zdnet.com TRUE / FALSE 1041299925 browser D0B5C6F03B22977E
.zdnet.com TRUE / FALSE 992113679 chkpt zdsubs.inc.ibmp.pcmag_embed
.wired.com TRUE / FALSE 2145905923 p_uniqid 7ICl209Kw0w1/HT6mC
.ecomstation.com TRUE / FALSE 1023893922 template DarkStyle

On sites that give you more than one cookie you might want to look at the rest of the line for a clue as to what the cookie does so that you can delete one cookie and not another. Most of the time they aren't too difficult to figure out.

Editing (gasp!) the Cookie File

Out of all of those cookies, only one of them does something that I want to happen. That is the last one. On the eComStation (http://www.ecomstation.com) website you can select the look of the website and your choice is stored in a cookie on your computer so that next time you go back it will give you the appearance you want.

Right at the top of this file it warns you not to edit this file. I did it anyway. Just make sure you do it when Netscape isn't running and you should be fine. I've been using this technique for months and haven't had a single problem. So, I'll edit the file and the result will look like:

# Netscape HTTP Cookie File 
# http://www.netscape.com/newsref/std/cookie_spec.html 
# This is a generated file!  Do not edit.
.ecomstation.com TRUE / FALSE 1023893922 template DarkStyle

Much better.

Automatic Cookie Deletion

So now that you have a leaner, meaner cookie file, you need to put it into use. Of course if you just leave it where it is, the next time you go back to those sites, they'll put the cookies back and you'll be no further ahead. So the solution is to copy the cookie file to another directory, then add a line to your startup.cmd file to copy it back each time your system is started. This way, nosy marketeers can only track you until your next reboot. If like me you reboot daily, this is an acceptable solution.

startup.cmd

startup.cmd is a file that is run each time your OS/2 system starts. If you don't have one already, you can create one using the OS/2 System Editor (E) or the Enhanced Editor (EPM) or any other plain text editor. Don't accidentally save the file in a word processor format, that would really confuse OS/2. To implement this cookie copy, assuming you have saved your edited cookies.txt file in \DATA\MYCOOKIES.TXT, you just need two lines in your startup.cmd file:

COPY \DATA\MYCOOKIES.TXT \Netscape\Users\rob\cookies.txt
@EXIT

Don't forget the @EXIT command or the startup command window will stay open after boot. The next time you boot you will see the startup.cmd window open as OS/2 boots, then close after it has copied the file. This shouldn't take very long.

What About New Cookies?

If you go to another website that gives you cookies that you want to keep, you need to make sure that after you close Netscape, that you transfer the new cookies from the Netscape cookies.txt file to your own cookies.txt file. If you forget, the cookies will be lost the next time you reboot and you'll have to log in manually or reselect your preferences the next time you go to that site.

Isn't this a Bunch of Extra Work?

I visit around a hundred sites regularly, many more as I browse, and my cookie file only has about 15 entries. I haven't found any sites where my cookie technique causes problems. When I sign up for a new service I have to update the cookie file, but that doesn't happen too often.

Does This Work In All Browsers?

This technique should also work with Mozilla's cookies.txt file, but I haven't tried it myself. Mozilla has a new Cookie Manager which allows much greater control than Netscape 4 offers, you might want to give it a try.

Wrapup

That's it. If you're a little paranoid, you can rest a little easier knowing that you've struck a small blow against big brother.

Robert Basler (mailto:editor@aurora-systems.com) is the president of Aurora Systems, Inc. (http://www.aurora-systems.com) and a dedicated OS/2 user since he tired of rebooting Windows 3.1 twenty times a day.

This article is courtesy of www.os2ezine.com. You can view it online at http://www.os2ezine.com/20010616/page_10.html.