How do you stop unauthorized cookies from appearing in Safari?

Hi Carolyn,

Thanks for comments. Unfortunately, Safari 5.1.10 does not have an option in the privacy tab to select: Ask websites not to track me.

You can however select: " Block cookies fro third parties and advertizers" (which I have done), but as I mentioned in my initial message, 70 or so cookies appear spontaneously within a few minutes, after I've removed all the website data on the Privacy tab, EVEN though I have not yet visited any websites after removing the cookies. I consider these to be from third parties, since they appeared even though I did not visit their web sites.

Many of the cookies that appear spontaneously in the Safari browser are of "LocalStorage" type, which is a device that originated with HTML5, now used with most browsers. "LocalStorage" is data stored locally within the users browser and is thus similar to a cookie, however, unlike standard cookies, the localStorage object stores the data with no expiration date. The data will not be deleted when the browser is closed, and will be available the next day, week, or year. ( see http://www.w3schools.com/html/html5_webstorage.asp for more information). Most browsers limit each URL to 10 mB of local storage on the victims computer. Since this is non evaporative, some vendors design the local storage cookie to regenerate itself EVEN AFTER the browser-user has removed it using the privacy tab.

Hi Carolyne,

Sorry I submitted my response before I had finished.

Hi,

I've investigated this phenomena of UNauthorized Cookies a bit more in the past few days and found their cause and uses goes very deep down the internet rabbit hole. While most browsers allow the user to delete cookies, or to block cookies from third parties, third parties may place cookies or "cookie equivalents" on your computer through a large variety of back doors. The most pernicious type of such cookie is euphemistically called a "Zombie Cookie" or a "supercookie".

These may reside in a number of places either in your own computer or remotely on the web. Deleting zombie cookies or supercookies is generally ineffective, because they are reinstalled in your browser, or worse, just exchange information with your browser withouth leaving a trail of cookie crumbs, the next time you get online. Some of these zombie cookies are not browser specific, so they can be accessed through all browsers on your computer.

The reason that you may never have heard of supercookies, and the reason they are so hard to find and get rid of, is that their deployment is deliberately sneaky and designed to evade detection and deletion. This means that most people who think they have cleared their computers of tracking objects have likely not. The European Union has recently taken action to make illegal the emplacement of "non-essential" cookies on your computer, but the United States, being less concerned about your personal privacy, and more concerned about making it easy for companies (and the government) to eavesdrop, has not.

The following is a list ( probably incomplete) where zombie cookies may be hiding on your computer:

Standard HTTP cookies

• Storing cookies in and reading out web history
• Storing cookies in HTTP ETags
• Internet Explorer userData storage (starting IE9, userData is no longer supported)
• HTML5 Session Storage
• HTML5 Local Storage
• HTML5 Global Storage
• HTML5 Database Storage via SQLite
• Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
• Local Shared Objects
• Silverlight Isolated Storage
• Cookie syncing scripts that function as a cache cookie and respawn the MUID cookie[4]

If a user is not able to remove the cookie from every one of these data stores then the cookie will be recreated to all of these stores on the next visit to the site that uses that particular cookie, or in some cases, just the next visit to the internet, even though you may have barred 3rd party cookies from being emplaced in your browser. Every company has their own implementation of zombie cookies and most are kept proprietary, although an open-source implementation of zombie cookies, called Evercookie,[5] is available and commonly used.

One such common type of supercookie is called Local shared objects (LSOs), or more commonly Flash cookies (due to their similarities with HTTP cookies), are pieces of data that websites which use Adobe Flash may store on a user's computer. Local shared objects are used by all versions of Adobe Flash Player and version 6 and above of Macromedia's now-obsolete Flash Player.[1]

It is possible to see who is using Flash cookies on your computer, (and remove them) by going to the adobe website storage settings panel : (http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_man ager07.html). This takes you to a settings manager figure. This Settings Manager figure that you see on this page is not an image; it is the actual Settings Manager for your computer. Click the tabs to see different panels, and click the options in the panels to change your Adobe Flash Player settings.

So far, I have not been able to find a method of removing or inhibiting zombie cookies that use HTML5 local or global storage locations. Some browsers may provide such power, but Apple Safari apparently does not.

For more information on supercookies see:

https://www.bestvpn.com/blog/8177/super-cookies-flash-cookies/

There are some ways to reduce your load of unwanted cookies and local storage type cookies using extensions such as AdBlock or Disconnect, But I've tried some of these and it doesn't seem to stop very many of them, even though the Disconnect extension is said to block over 2000 of these types of cookies.

For those who are trying to ride under the radar by using some of these extensions or software blockers, be aware that use of these may actually make you more visible because of browser fingerprinting. Whenever you visit a website your browser sends data to the server hosting that site. This data includes basic information, including the browser name, operating system, and exact version number of the browser. This information is known as passive browser fingerprint because it happens automatically. However websites when blocked, can also easily install other types of scripts that ask for additional information, such as a list of all installed fonts and plugins, supported data types (so-called MIME types), screen resolution, system colors and much more. Because this information has to be solicited from your browser, it is known as active fingerprinting. Taken altogether, the various fingerprint attributes can be almost instantly (it takes just a few milliseconds to run algorithms that compare millions of fingerprints) combined to create a unique fingerprint that can be used to very accurately identify an individual user, no matter if cookies have been deleted or IP address changed between website visits.

For an article on browser fingerprinting, See : https://www.bestvpn.com/blog/8159/browsers-fingerprint-reduce/

The bottom line is that if you use the internet, your browser history is being tracked by a myriad of companies and government agents, and it is likely not possible to stop this. For those who work in science, industry or government and are working on sensitive topics or novel product development that another company or government may find interesting, there appears to be many ways to recreate what you are working on by studying your browser history, or installing worms to view exactly what you are writing or reading. It came as somewhat of a shock to me to see just how pervasive internet spying has become, and it's not just malicious or destrustive agents who are doing so. Google didn't become a $350 billion company by simply bringing nice toys to us to play with. The real value of the internet comes from the trade and sale of secretly obtained personal information from you and I and everyone else, and its sale to all who will pay for it.