Ie-spyad

Updated version available.

 

Good link Brett. Do you use it?

Daizii

 

Yes.

 

brett--I do not know if you saw this on another forum, but it is reported that IE6 will not block cookies from certain sites, even when the sites are put into Restricted Sites.
I do not know if this applies to earlier versions of IE, or how many sites/cookie givers are involved. One cookie giver I do know is hitbox.com and one site is pcworld.com. You will be told by View|Privacy Report that the cookie was blocked, but if you highlight the blocked line and click Summary, IE6 finally 'fesses up that hitbox.com cookies are not blocked because of "legacy" reasons.

 

Jim - thanks for the information. I set IE to block all cookies, visited the HitBox site and, sure enough, picked up a brand new cookie.

Do you know whether this also affects the "blocking" properties of Opera and Nutscrape?

Whilst I'm not overly concerned about cookies (even this type of invasive, tracking cookie), I'd be quite interested to know how/why it appears that these are able to "slip through the net" ... got any links to those threads which you mentioned?

Cheers.

EDIT: I tried to dig up some information on this and (stupidly and unintentionally) typed "Nutscrape" and "cookies" into Google. Strangely enough, there were 215 hits

 

brett--Here are the threads on two forums
http://www.lavasoft.nu/cgi-bin/forums/ikonboard.cgi?s=3d457f4576fdffff;act=ST;f=2;t=624
http://www.lurkhere.com/forum/DCForumID17/95.html
Sorry, I do not know about Opera and Netscape. Unless they, also, have legacy problems, I would suspect they would block as instructed.
You can see that hitbox.com offers Opt-Out cookies , but you have to wonder if they are only accomplishing the same tasks. One of them has a lot of code.
And you can also see the suggestion to use Hosts to block Hitbox.

 

Jim - firstly, I erred; with IE set to "Block All" HitBox cookies do not "slip through the net ".

I have had a (brief) look at the issues invloved and, at first glance, things do not appear to be particularly sinister. A "legacy cookie" is, according to MS, one which was installed on a particular system prior to the installation of IE6 (which was the first MS offering to include p3p policies). MS, when developing IE6, had to decide how to handle "legacy cookies ": complete blocking would have been problematic (peoples' favourite sites would suddenly have stopped working upon upgrading IE) yet imposing no restriction would have been equally probematic (for obvious reasons). It would appear that MS decided upon a justifiable (but not entirely satisfactory compromise): "legacy cookies" being limited to first-party (the source of the cookie) sending. An exception was, however, made in the case of "opt-out" cookies which are not so limited as, in order for the "opt-out" to be effective (given the general policy), both first and third-party sending are necessary.

There is one (fairly significant) flaw within the above policy - are advertisers to be trusted not to abuse the opt-out cookie? Hmmm. In fairness, I must say that I have yet to encounter an opt-out cookie which has any function other than that which is claimed. But ...

Also somewhat concerning is the fact that sites such as HitBox place XML files onto a system (these are importable Privacy Preferences files). Could JS be used to cause the importation of an XML file (given that a system had no protection against scripting)? Dunno!

 

brett--Thanks for your detective work.
Re "legacy" cookies, are you saying this is a function of what cookies were on the individual PC when the upgrade (?) to IE6 was done? So that if I uninstall all hitbox.com cookies (and .js and Opt-Out files and delete anything to do with hitbox.com in the Registry) and then reinstall IE6, put hitbox.com in Restricted Sites, I will then be rid of any hitbox.com downloads of cookies, .js files, or anything else in the future?
I really doubt I had hitbox.com cookies on my PC when I installed IE6, but who knows?
P.S. Are you aware that the cats have got no tails in the Isle of Man?
All the other cats have tails--in England, Ireland, Scotland, Wales.
Seems a gross injustice!
To right it is our plan!!
Are you aware that the cats have got no tails in the Isle of Man?
(Too bad I cannot provide the music. I know how I sing it, but you would not want to hear that.)

 

"Legacy cookies" are those which were on a system prior to an upgrade to IE6.

If such cookies are deleted, no more should appear (assuming, that is, that IE’s Privacy settings are configured so as to block "˜em). It would not be necessary to uninstall/reinstall IE6.

Adding HitBox to the Restricted Sites List may or may not prevent you collecting the JS files (which, like HTM files, are routinely collected from any number of perfectly legitimate sites and form part of your browser’s History cache) but tinkering with your Hosts file would definitely do the trick.

IMO, however, the JS files in question are harmless. There are, obviously, hazards to viewing sites which make use of scripting (see Arie's post) but, having looked at your posts in the other forums, it would seem that you are perfectly well protected against potentially harmful scripts.

BTW - I have never heard that song before; nor do I think that I wish to hear it