Sunday, October 01, 2006

StatCounter on its tracking cookies; setting Norton to automatically remove low-risk threats

I recently asked StatCounter about their tracking cookies. Here is their reply:

"The cookie that is set on the visitor's computer simply stores the date and time of the last visit to a website using the particular StatCounter project number through the StatCounter code, and how many times this has been logged so far.
You don't have to tell people what the cookie contains, they can see that themselves if they want to look.
If you want to tell people what information is being collected by the tracking code that you use on your website, then refer to the log (Recent Pageloads):It's basically: time of hit, page url that was hit, referrer url, IP address of visitor, OS, browser, screen resolution. These are collected through normal means, it's all information available to all websites either from the server side detection tools, or from javascript. The cookie information used is the timestamp of the previous visit from that same visitor's computer if the cookie is available, the number of times prior hits were logged, and the cookie is updated with the new timestamp and hit count is increments. Standard cookie usage.
The IP address logged is further used to look up the ISP and the geo information (city, region, country). Again all publicly available information on the internet.
The StatCounter cookie is a low-risk threat cookie. The only thing preventing it from being a no-risk cookie is that it's a third-party cookie. This means it's a cookie that is set by the StatCounter site (considered third-party site) through a script used on a different site (i.e. your site, which is the first-party site, what the visitor actually visits). Had your site been the one to set this very same cookie, then it would be a no-risk first-party cookie."

I reset my browser to not accept third-party cookies last week. This resulted in a reduction of tracking cookies from six in the previous week to two tracking cookies last week.

I also noticed on Norton Internet Security 2007 that you can set it so all low-risks threats can be automatically removed (including tracking cookies, hopefully). This was done by the following steps: settings – autoprotect (under "basic settings") – automatically remove low-risk items (under "how to respond when a low security risk is found")

Norton's recommended setting and the default setting for this category was "always ignore low-risk items."

CORRECTION: I'm not sure if Norton's automatic removal of tracking cookies happens at the time they are attached to your computer or when you do a scan of your computer for viruses. When I did a scan after this posting, Norton showed that 4 tracking cookies had been detected and "resolved," but I'm not sure exactly when they had been resolved. I contacted Norton by chat, but they weren't that helpful. They referred me to an old Norton information page that said cookies (not specifically tracking cookies) could be automatically deleted or you could be alerted when a website wanted to attach a cookie to your computer. But the information was for an earlier version of Norton Internet Security and the feature they were referring to was not on the version of Norton that I had.

related postings
[1] Norton may or may not automatically delete tracking cookies. October 13, 2006.
[2] My hit counter uses tracking cookies. September 24, 2006.

posted: sunday, october 1, 2006, 4:17 AM ET
update: saturday, october 14, 2006, 5:41 PM ET


Post a Comment

<< Home

View My Stats