Cookienator: Maintain your privacy
Cookienator is a tool that will help you remain anonymous from search engines such as Google and other notorious web-usage trackers such as Doubleclick or Omniture.
Many websites install cookies in your browser, and these little bits of tracking data will be used to identify you for as long as you keep using your computer. In the past few years I have been alternating between religiously clearing my cookies from time to time, or neglecting to do so with hope that these corporations will live up to their vague promises of doing no evil.
Just very recently I have had enough, and spent a good chunk of a weekend creating Cookienator, a simple program that will leave most of your cookies alone but will remove the ones that put your privacy at risk. I will talk about the reasons behind creating this tool later - you probably came here to get the software so let's get that out of the way.
Cookienator
Cookienator is extremely lightweight; it's a single executable that you install on your computer. When run, it will tell you how many cookies it would like to remove. You can also view the cookies in question, like so:
Cookienator in action
(click to enlarge)
By clicking a single checkbox you can elect to have Cookienator briefly check your cookie status every time you log on to your computer. If it finds that evil cookies have been around for too long, it will automatically remove them:
Auto-Cookienator
The software will not remove all your cookies. Many of them are perfectly legitimate and, for example, allow sites like Slashdot.org to log you in automatically. Cookienator is configured to clean up crumbs left on your computer by a select few websites: Google, AOL, Yahoo, MSN, Webtrends, Omniture, Doubleclick, Intellitxt and Advertising.com. This is a very arbitrary list, and it can probably be extended to include many others. You're free to do so: Cookienator has a configuration screen where you can edit the filters used to identify potentially troublesome sites.
The software will not hang around in memory. If you set it to check for evil cookies periodically, it will very briefly run when you log in to your computer. If it finds that it's not yet time for a cleanup it will silently exit - if there's work to do it will perform the cleanup and let you know about it with a non-obtrusive balloon tip in the systray, then exit.
It is recommended that you exit your browser(s) before running Cookienator.
Download
Choose your download from here:
Cookienator-1.0.3.msi (290 KBytes)
Cookienator installer
Cookienator-1.0.3.zip (190 KBytes)
Cookienator standalone executable (no need to install)
Note that Cookienator is freely distributed by CodeFromThe70s.org but all rights are reserved. It is free to use and does not contain spyware, adware, or anything of the sort. No warranties are implied or expressly granted: you use the software at your own risk.
So, Why Cookienator?
Recently there has been much hoopla in the news about search-related privacy, or rather the lack thereof. The whole thing started about a year ago when AOL released three months worth of searches made by 650,000 of its users. The resulting uproar led to the firing of the responsible researcher, his boss, and AOL's CTO. The real problem, the problem that really irks privacy advocates, is not that the data was made public - the problem is that it's being gathered in the first place. It's being gathered and used in some way.
Just what exactly can such a profile tell about you? (Yes, call it what it is, it's a profile.) Put your tinfoil hat on for a moment. Your search history: what interests you, what problems and what fantasies you have. Your IP address: which countries you take your laptop to, which hotels you like to stay at, which companies you visit. With more and more sites using online analytics services, for example Google Analytics, the data will also include which sites you visit and what exactly you do there. Throw in the tracking capabilities that Google gained with the recent Doubleclick acquisition, and what they already had with Adwords, and things start to look really scary.
Put all this together and they pretty much have all your life in their computers. Governments are often accused of being invasive to your privacy, but in most advanced democracies you can at least petition to find out what exactly your country retains about you. On the other hand, the laws governing the gathering and use of personal data by corporations are spotty at best, especially when it's about supposedly anonymous information.
If you don't think this profiling can be invasive just read this article by the New York Times. The journalists easily tracked down one of the 650,000 AOL users based on the supposedly anonymous published data, and found out quite a bit of very personal information about her.
Google was recently criticized about the 30-year expiration of their tracking cookie. This was a storm in a teacup on a slow news day: the cookie expiration date is always extended every time it's used, so even with a one-month expiration date they'd keep identifying you, provided you don't take a break from using that particular web browser for longer than a month. Google knows this (as does any computer engineer) so in order to put an end to this new PR issue they announced that they're changing the lifetime of the cookie to two years. Which still means that they will keep tracking you indefinitely, provided you don't take a two-year break from using your browser.
For me, this was the straw that broke the camel's back. I would dearly love to believe Google's claims to doing no evil, but when they start addressing concerns with unadulterated PR handwaving then it's all over. I want their cookies off my computer, and I want all similar tracking bugs dealt with.
Cookies *are* useful though, for example with Google I can choose to receive 100 results for my searches instead of the default 10. I'd prefer a hundred - but if I set my browser to reject all cookies from Google.com I won't be able to make it work this way. Also, setting up a per-browser cookie policy on all my computers in both IE and Firefox is a tall order. With Google I should also remember to block Google.co.uk as well as Google.com.hk - and the list goes on.
I've come to the conclusion that periodically getting rid of offending cookies is the best way to go about things. Let them track me for a couple of weeks or months - but after that my computer should automatically give me a new identity. I've come up with a list of domains I would like to prevent from spying on my browsing habits, put together a tool that processes my cookies against this list, and gave it a cheesy name. Cookienator was born.
Caveats
If you have a Google account that you sign into regularly, then this will compromise the anonymity provided by Cookienator. If you sign in to your Gmail or Google Reader account with Tracking Cookie A today, then sign in to the same account with Tracking Cookie B the next week, it does not take much to put two and two together and assume that the two cookies describe the same person. You do have some plausible deniability; you could argue that the second sign-in event was done by you on a PC that you used only just once, and the search info gathered by Tracking Cookie B does not belong to you. Of course, if you like signing in to Google then chances are you don't care too much about this "privacy nonsense" anyway.
If you would like to separate your search history from your Google Apps usage (I have to admit I am quite fond of Google Reader myself) then you might want to consider using a separate browser installation (hey, I guess Safari for Windows *is* good for something) or a VM just for this purpose.
Deleting cookies will also mean deleting preferences stored in those cookies. This is not a big loss; no website would ever rely on storing valuable information in a brittle cookie anyway.