Cookies and Privacy Settings
A cookie
is a message given to a web browser by a web server, and is typically
stored in a text file on the PC’s hard drive. The message is then sent
back to the server each time the browser requests a page from the
server. The main purpose of cookies is to identify users and possibly
prepare customized web pages for the user. When you enter a website
using cookies, you may be asked to fill out a form providing some
information as your name and interests. This information is packaged
into a cookie and sent to your web browser, which stores it for later
use. The next time you go the same website, your browser will send the
cookie to the web server. The server can use this information to present
you with custom web pages. So, for example, instead of seeing just a
generic welcome page, you might see a welcome page with your name on it.
Among other things,
cookies are used to keep track of what a person buys, personalize online
ordering, personalize a website, store a person’s profile, store IDs,
and provide support to older web browsers that do not support host
header names. A cookie cannot be used to get data from your hard drive,
get your e-mail addresses, or steal sensitive information about you.
From the General tab,
you can delete the cookies that are stored on your hard drive. By
clicking the Privacy tab, you can determine how much of your personal
information can be accessed by websites and whether a website can save
cookies on your computer by adjusting the tab slider on the privacy
scale.
To view privacy settings,
select the Privacy tab on the Internet Options dialog box. To adjust
your privacy settings, adjust the tab slider to a new position on the
privacy scale. A description of the privacy settings that you select
displays on the right side of the tab slider. The default level is
Medium; it is recommended to configure Medium or higher. You can also
override the default for cookies in each security zone. In addition, you
can override certain settings (automatic cookie
handling and session cookies) by clicking the Advanced button, or you
can allow or block cookies from individual websites by clicking the Edit
button.
Many websites
provide privacy statements that you can view. A site’s privacy policy
tells you what kind of information the site collects and stores and what
it does with the information. Information that you should be mostly
concerned with is how the websites uses personally identifiable
information such as your name, e-mail addresses, address, and telephone
number. Websites also might provide a Platform for Privacy Preferences
(P3P) privacy policy, which can be used by browsers to filter cookie
transactions on the basis of the cookie’s content and purpose. To view
the privacy report, open the View menu and click Privacy Report. To view
a site’s privacy statement, select the website and click the Summary
button.
Content Zones
To help manage IE security when visiting sites, IE divides the network connection into four content types:
Internet zone.
Anything that is not assigned to any other zone and anything that is
not on your computer, or your organization’s network (intranet). The
default security level of the Internet zone is Medium.
Local intranet zone.
Computers that are part of the organization’s network (intranet) that
do not require a proxy server, as defined by the system administrator.
These include sites specified on the Connections’ tab, network, paths
such as \\computername\foldername,
and local intranet sites such as http://internal. You can add sites to
this zone. The default security level for the local intranet zone is
Medium=Low, which means IE will allow all cookies from websites in this
zone to be saved on your computer and read by the website that created
them.
Trusted sites zone.
Contains trusted sites that you believe you can download or run files
from without damaging your computer or data or that you consider are not
a security risk. You can assign sites to this zone. The default
security level for the trusted sites zone is Low, which means IE will
allow all cookies from websites in this zone to be saved on your
computer and read by the website that created them.
Restricted sites zone.
Contains sites that you do not trust and from which downloading or
running files may damage your computer or data, or you just consider
them a security risk. You can assign sites to this zone. The default
security level for the restricted sites zone is High, which means IE
will block all cookies from websites in this zone.
For each of the web content zones, there is a default security level. The security levels available in IE are as follows:
High. Excludes any content that can damage your computer.
Medium. Warns you before running potentially damaging content.
Low. Does not warn you before running potentially damaging content.
Custom.
A security setting of your own design. Use this level to customize the
behavior and Active Data Object (ADO) and Remote Data Services (RDS)
objects in a specific zone.
Whenever you access a
website, IE checks the security settings for zone of the website. To
tell which zones the current web page falls into, you look at the right
side of the IE status bar. Besides adjusting the zones or assigning the
zones or assigning a website to a zone, you can also customize settings
for a zone by importing a privacy settings file from a certificate
authority.
To modify the security level for a web content zone, follow these steps:
1. | Click the Tools button, Internet Options.
|
2. | In the Internet Options dialog box, on the Security tab, click the zone on which you want to set the security level.
|
3. | Drag
the slider to set the security level to High, Medium, or Low. IE
describes each option to help you decide which level to choose. You are
prompted to confirm any reduction in security level. You can also choose
the Custom Level button for more detailed control (see Figure 1).
|
4. | Click OK to close the Internet Options dialog box.
|
Software publisher
certificates (third-party digital certificates) are used to validate
software code such as Java or ActiveX controls or plug-ins. Depending on
the security settings for a zone, when software code is accessed from a
website, you will automatically download the software code, disable the
software code, or prompt to download the software code via a security
warning. If you open the Tools menu and select Internet Options, select
the Security tab, and click the Custom Level button, you can select to
enable, disable, or prompt to download ActiveX controls (signed and
unsigned) and scripting of Java applets.
To view the certificates
for IE, open the Internet Options dialog box, click the Content tab, and
then click the Certificates button. To see list of certificates, click
the appropriate certificates. From here, you can also import and export
individual certificates.