Unless you are a Safari user, you can set your browser to delete any cookies set by websites during the current session (ie cookies set since you opened your browser)

Stamp on CookiesAccording to Wikipedia (source):

“An HTTP cookie (also called web cookie, Internet cookie, browser cookie or simply cookie) is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing.”

Some cookies are definitely useful. For instance, on a shopping site, the information about the stuff that the user has put into their “shopping basket” is kept in cookies. Other cookies, however, are simply there for the purposes of recording the user’s browsing history. We’re not just talking about which websites have been visited. We’re talking about what pages the user looked at, how long they looked, where they went next, and so on. A lot of people find this intrusive, and even creepy. If you go to a website and look at, say, pink elephants, and then go to a completely unrelated site a couple of days later and are presented with adverts for pink elephants, you can be sure that cookies have been tracking you around.

It is possible to set browsers so that cookies can not be set. This, however, is probably not a good idea as it could make the website difficult, if not impossible, to use. So another approach to improving your privacy online is to delete all cookies as soon as you close your browser. This means that those who would track you around cyberspace have to start all over again each time you open your browser.

The way that you set your browser is detailed below for the major browsers. Note that I’m assuming that you have the latest version of the browser. If you don’t have the latest version then it’s a good idea to get it. If your operating system is too old for the latest version of the browser (you XP users know who I’m talking about) then maybe it’s time to start thinking about a new computer.

Sweep cookies awayChrome

  • Click on the three vertical dots at the top right of the browser
  • Click on “settings”
  • Scroll down and click on “Show advanced settings”
  • Under “Privacy”, click on “Content settings”
  • Click on the button next to “Keep local data only until you quit your browser”
  • Click on “Done” at the bottom right of the screen and close the “Settings” tab (by clicking “x” on the the tab or by closing the browser)


  • Click on the three horizontal bars at the top right of the browser
  • Click on “Options”
  • Click on the “Privacy” option at the left of the window
  • Under “History”, next to “Firefox will:”, select “Use custom settings for history”
  • Next to “Keep until:”, select “I close Firefox”
  • Close the options tab (by clicking “x” on the the tab or by closing the browser)

Internet Explorer

  • Click on the gear icon at the top right of the browser
  • Click on “Internet Options”
  • Click on the “General” tab
  • Place a tick in the box next to “Delete browsing history on exit” (by clicking on the box)
  • Click on “OK”

Cookie MonsterEdge

  • Click on the three dots at the top right of the browser
  • Click on “Settings”
  • Beneath the text “Clear browsing data”, click on “Choose what to clear”
  • Place a tick against “Cookies and saved website data” (and any other items you would like to clear)
  • Slide the switch underneath “Always clear this when I close the browser” to the right (so that it says “on” next to it)
  • Close the “Settings” by clicking on the three dots again


You can’t – but you might want to have a look at this Apple Communities page on Safari and cookies

Tired of seeing the “cookie policy” over and over again?

If, like me, you delete and block cookies wherever and whenever possible, you may have found that there is a downside to this – you have to keep telling websites that you have understood their cookie policy. Sometimes it is possible to ignore the “cookie policy” message and just carry on reading the page, but it seems to me that a lot of websites have recently started to display these warnings in such a way that they get in the way of other items on the page.

Now, the irony is that they only show this message every time you go to the site because you have deleted the cookie they placed on your computer that tells them you know about their cookies and don’t want to see the notice every time you log in! If you are happy to have cookies and never delete them then you don’t see the message on second and subsequent visits to that site because the cookie (that stays on your computer) tells them you’ve already acknowledged their cookie policy.

Chrome Settings ButtonSo, wouldn’t it be nice to have a way to delete most cookies but keep cookies that (apparently, at least) do nothing more than record your acceptance of a websites cookie policy? In other words, we need to be able to over-ride our normal deletion of the cookies.

Let’s look at the Chrome Browser:

Deleting all cookies when closing the browser is achieved as follows:

  • Click on the Chrome Settings “menu” button at the top righthand corner of the Chrome browser.
  • Left-click on the “Settings” option.
  • Scroll down to the link that says “Show advanced settings” and click on it.
  • Click on the “Content settings” button.
  • Click on the circle next to the second option (“keep local data only until you quit your browser”).
  • Put a tick in the box next to “Block third party cookies and site data”.
  • Remember to click on the “Finished” button at the bottom of the screen.
Chrome Settings Dialog Box

Tick the second and fourth options to delete cookies

What you have now done is instruct Chrome to delete all cookies when you close the browser. This improves your privacy but it means – as explained above – that every time you visit a website for the first time in a session it will show you the “cookie policy” (if it has one).

So, in order to stop the “cookie policy” from displaying, we need to over-ride the blanket deletion of cookies that we set above:

  • Instead of clicking on the “Finished” button after ticking the option that says “Block third party cookies and site data”, click instead on the button that says “Manage exceptions”.
  • Click in the rectangle with the greyed text that refers to sample.co.uk and type in the name of the website whose cookies you wish to keep.
  • Add as many of these as you wish and then click on the “Finished” button.
CCleaner Chrome Options

Leaving this ticked would delete the cookies you chose to keep in the browser settings

The first time that you visit the sites whose cookies you are now keeping, you may see the “cookie policy” window once.You shouldn’t see it again. Note that if you use “cleaning” programs such as CCleaner and tick the option that removes cookies, then this will over-ride the exceptions that you set in the browser. You can either accept the fact that you’ll see the cookie policy one more time when you next visit the site, or you can de-select the option in CCleaner that deletes cookies (since you are taking care of cookie deletion in your browser settings).

Other browsers have similar capabilities for handling cookies.

Note also that you can be more sophisticated in choosing which cookies are to be treated as exceptions. In the example above, you may think we are using a sledgehammer to crack a walnut as we are choosing to keep ALL of the cookies placed by a particular website just in order to keep the cookie that relates to the display of the cookie policy. Click on this link if you’d like to learn more about this in Chrome.

Do you log out of web pages or just close the window?

Log out icon #4I notice that many of my computer support clients just close the window (or tab) when they have finished with web pages – even when the page is important and carries implications for security (such as banking sites, Amazon, PayPal, and so forth).

Is this a security risk?

It might be. If you have signed into the web page then there is definitely an implication that there’s something “private” going on, so it would probably be a good idea to get into the habit of at least considering “signing out” or “logging out” before closing the page. When you sign into a web page, that page places a cookie on your computer. When you sign out properly that cookie is invalidated. If you close the page without signing out then the cookie remains on your computer and it is just possible that it could be stolen so that someone else could log into your account.

Log out icon #1Is it a realistic security risk?

I don’t know. I’ve been looking for some evidence that login information is actually stolen this way but can’t find any. As far as I am concerned, though, that is largely beside the point. The way that I look at it is that the potential cost of having, say, my online bank account or PayPal, or Amazon compromised is huge. Apart from the financial loss, there’s also the massive inconvenience that be could caused in cleaning the mess up (cancelling credit/debit cards, getting replacements, seeking reimbursement for fraud losses etc). It’s never happened to me, but I expect that there would also be a horrible feeling of violation – like being burgled (and I do know how horrible that feels).

How do you sign out?

It seems to have become standard practice that the “sign out” (or “log off”) button or text link is located somewhere near the top righthand corner of all web pages of the site you are signed into. If you can’t find one then click the “Home” button and look there. It’s also just possible that it’s located at the bottom of the screen amongst a lot of other links that are likely to be found there.

Logout icon #3All of the above advice is given on the assumption that you are using your own computer or device. If you are on a public computer then it is even more important that you completely log off any sensitive site. Apart from session cookies being stolen, there is always the possibility that a public computer is infected with a “key logger” that records every single keystroke you make (including your usernames and passwords). Personally, I wouldn’t dream of logging onto my bank or even Amazon from a public computer. I can’t imagine anything being urgent enough that I would need to take the risk.

Finally, you might (rightly) think that most sensitive sites will log you out automatically if you do not use them for a period of time (ten minutes, say). Do you want to take the risk that this actually works and that no-one is going to sneak in during the ten minutes before you are logged out? Your call. As so often with computers, it’s a (largely subjective) cost/benefit analysis.


Log out icon #2Once the habit is established, it doesn’t really seem an inconvenience to log out of a website. It becomes the natural step to finish off whatever business you had with the site. I have always said that it is impossible to completely eliminate the risks of using the internet without staying away from it altogether. It’s a bit like getting run over by a bus. The only way to prevent getting run over by a bus is to stay indoors. You wouldn’t think it an “inconvenience” to look both ways before you cross a road – you just do it and, thereby, reduce the risk to an acceptable level. As far as I am concerned, the same applies to the basic, sensible steps we can take to remain reasonably safe on the internet. Signing out of websites is one of those steps.

Other pieces of advice that fall into the category of online security that I’ve mentioned before include –

Is that website genuine and safe?
Is it safe to download a file?
Reducing online shopping risks

Other links you may find interesting:

Do I really need to log out of webapps
Logging out of work computers

If you can’t find a text link that says “log out” or “sign out” or something similar, then look for an icon that is similar to the examples in this post.

The so-called “Cookie Law” came into effect on 26/05/2012.

EU stars inside a cookieSo, what are cookies? They are small text files placed on your computer by the website you are viewing. They are used by the owners of that website for various purposes:

  • Analysing their web visitors and what they do on the site.
  • Managing on-line shops (eg, remembering what’s in a visitor’s “shopping basket”).
  • Personalising the way the visitor sees the website (remembering preferences).
  • Tracking the online behaviour of the visitor to target advertising.

And what is the new law about?

It says that a website must seek “informed consent” before placing cookies on a visitor’s computer. This implies that the site must explain what cookies it sets and what their uses are (to ensure that the consent is “informed”), and that the user must agree to the cookies being placed (the “consent” part).

How will websites comply?

Aah, now it gets difficult. It’s been estimated that only about 5% of sites that need to comply have done anything about it. This is probably because no-one wants to use the most obvious solution. This is the introduction of a popup window explaining about consent and requiring the user to click on a button, thereby granting consent to place cookies. It would seem that everyone is watching everyone else to see who comes up with a better way of dealing with this.

And why is it stupid?

It will alienate web visitors rather than help them. They have to click to confirm acceptance of cookies EVERY TIME they visit a site. This, of course, could be repeated dozens of times a day as the visitor goes to different sites.

It’s about as blunt a tool as you can imagine. You won’t get to choose which type of cookies you accept or what the website can do with your cookies or anything like that. It’s simply a question of the website saying (in effect) “if you want to use this website you’ll have to agree to accept ALL the cookies I place on your computer”.

No-one’s going to take the slightest bit of notice of the information that websites will have to provide to ensure that consent is “informed”. Do you EVER read the “terms and conditions” that you have to agree to before you can install/update software? Of course not. It won’t be any different with information about cookies.

There are better ways of dealing with the privacy issues connected with cookies. Settings in the browser (Internet Explorer, Firefox etc) are better placed to deal with cookies in a way that suits the individual user (eg, by deleting all cookies when the browser is closed, denying acceptance of “third party” cookies, etc).

A cartoon of an ass (donkey)Even the authorities appear to think it’s stupid

The government has said that their own websites do not conform.

The ICO (Information Commissioners Office) is responsible for enforcing the new law, but even they appear to be saying “don’t blame us, it’s not our fault” when they say “The Information Commissioner is responsible for enforcing the law, and can’t change the legislation which was passed by the EU, and later implemented by the Department for Culture, Media and Sport (DCMS).”

There is evidence that the government is already trying to wriggle out of having to enforce this law by suggesting that all that websites need to do is rely on the idea of “implied consent” – ie, all the website owners have to do is – nothing. The ICO site says “Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.” The ICO guidance booklet states that “implied consent” can be inferred from the mere act of visiting a website and moving from page to page! Honestly. I kid you not. Page 7 says “For implied consent to work there has to be some action taken by the consenting individual from which their consent can be inferred. This might for example be visiting a website, moving from one page to another or clicking on a particular button. The key point, however, is that when taking this action the individual has to have a reasonable understanding that by doing so they are agreeing to cookies being set. “ Duh!

See this Guardian article for further information on implied consent.

Conclusion: Like almost everyone else, I am not rushing into ruining my website by forcing visitors to respond to popup messages. I am recommending to my own computer clients that they don’t spend time and money making their own websites compliant at the moment as the ICO have made it clear that they are not going to be fining anyone in the forseeable future.

If you get annoyed by such popups on other sites, please have some sympathy for the site owner: they’re just trying to conform to a stupid law introduced by the same government that brought us Pastygate!

And just in case you’re inclined to defend this law by saying it’s only the UK enactment of an EU Directive, then I suggest reading the Guardian article referred to above: it appears that the rest of Europe is not taking this Directive seriously.

Here’s an online petition calling for the scrapping of the cookie law.

Large eye through a magnifying glassWe may be fighting a losing battle with online privacy. As mentioned in last week’s blog on Internet Privacy, companies like Google, Facebook, and Amazon hoover up every crumb of information they can glean about us and use it to target us with ads and content that they think will appeal to us. As far as I know there’s isn’t any perfect strategy for maintaining online privacy, but there are lots of small things we can do that will certainly help.

I’m not concerned here with security on the internet as it relates to the safety of children, or trying to hide our identity so that we may be completely untraceable. I’m just trying to keep down the amount of un-necessary information we give to the likes of Google. These tips are equally valid in a home computer or business computer environment.

So, here are some tips. They’re not listed in any particular order. Some are easier to put into practice than others:

  • Create another email account that you never intend to use for “real” email. Don’t include your own real name in the account name and don’t give real data when completing the compulsory items of information in the account profile. Quote this email address on any websites that demand you supply one and where you don’t expect a normal, ongoing, email exchange (since you don’t want to have to keep checking this account for incoming emails). Having an “anonymous” account like this also helps in keeping spam out of your main email account.
  • If a website demands that you give personal information that is not connected with a financial transaction nor has other legal implications, then LIE. I will NOT give my real address or date of birth online when there is no legitimate NEED for it (and there are few legitimate needs except the protection of the other party in financial transactions). If I am entering a compulsory date of birth on a website where this is “relevant” (but not essential for financial reasons) then I enter a date that is close to my own (so that it makes no difference for the legitimate purposes of the website) but from which I can not be traced.
  • When filling in online forms, exercise judgement in completing any item that is not marked as compulsory (usually indicated by an asterisk or written in red). If they don’t require you to give a date of birth then why would you? If an item is compulsory but impertinent then LIE.
  • Don’t click on any “like” buttons in Facebook or anything similar (eg in Google).
  • Don’t take part in online quizzes or polls.
  • Preferably, don’t use Facebook at all.
  • Magnifying glass over computer keyboard

  • If you’re still keen to use Facebook, go through all the settings and mark everything private except what you explicitly wish to share.
  • If you use LinkedIn, do not click on ads without first changing your privacy settings to exclude monitoring your activity re ads.
  • Do not use Gmail or any of its branded versions (I think Virgin’s webmail is one of those). Google reads your emails and bombards you with “appropriate” Google ads (sponsored links). See last week’s blog on Internet Privacy.
  • If you must use Gmail, at least ensure that you sign out when you are not actually using the email as Google records everything you do in your browser if you are logged in as a Gmail user. They then use this info to target you with Google ads. I also sign out of other sites, such as Microsoft Live, as soon as I’ve finished with them.
  • Disable or remove browser add-ons that place “toolbars” and/or “search boxes” at the top of your browser. These often have tracking software in them. Incidentally, your browser performance will also be improved by doing this and your browser screen will be less cluttered.
  • Be very careful about “linking” any social networking site to any other (by giving any of them permission to access others). You might add data to one program, believing it to be private, forgetting that you have linked it to another program that sucks in what you thought was private data and spits it out somewhere more public.
  • Set your browser so that all cookies are deleted as soon as you close the browser (but this has implications – read on).
  • Set your browser to delete your browsing history as soon as you close your browser.
  • Set your browser to disallow third party cookies.
  • Turn off Amazon browsing history.
  • If you use Firefox or Chrome as your browser then you can install AdBlock Plus. This will stop most ads from appearing while you are browsing.
  • Do not be misled into thinking that “private browsing” will give you any protection. It does suppress evidence on your own computer but it does not prevent sites you visit from recording your activity. Nevertheless, it may help to turn it on.
  • More technical ways of throwing websites off your scent include using proxy servers and using a dynamic IP address.
  • If you want to make an online purchase from a website that you don’t completely trust, you can use a prepaid Mastercard. This will limit your financial exposure to the value on the card and will also keep all your personal information from the website.

As if all this wasn’t already a nightmare worthy of a Kafka novel, some of these measures nullify others. You can turn off Amazon’s “browsing history” but the instructions to turn these off are held in cookies so if you delete cookies (as recommended above) you’re back to square one. Doh!

Some of the tips above are easy to carry out and others less so. I haven’t attempted to give specific instructions (eg for different versions of different browsers) as it would just take too long.

If you’d like some help in tightening up your online privacy, contact me to arrange either a computer support visit or some online remote support.

Remote Support may be suitable for this topic

© 2011-2019 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha