mysterious new cookie conspiracy?
November 20, 2005 9:51 AM Subscribe
What are these __utma/b/z cookies that are suddenly spewing from all sorts of websites?
For many years now I've monitored the cookies that are offered to my browser and denied most of them. Prior to 2001 (Mozilla 0.8) I was using CookiePal with Netscape 4.x, then I switched to Mozilla and eventually their cookie filtering/prompting capability rose to the same level.
So I see the cookies that come in, at least until I tell Moz to not prompt me anymore and just ban all cookies from a server. About a week ago I started seeing cookies with the names "__utma", "__utmb" and "__utmz" being sent from the server. MANY servers. Servers from all over the world were setting them (here's one).
Now, long ago I learned to recognize certain cookie patterns; for example, if I see a pair of cookies named "CFID" and "CFTOKEN" coming from a server, I know it's running Cold Fusion. Not that I really care, but it's an explanation.
So I'm guessing that these "UTM" cookies are all tied to some software package that a LOT of servers use, perhaps Apache or PHP, and that software package recently released an upgrade that has these cookies turn on by default. Or, more insidiously, my ISP has inserted a not-so-transparent proxy into the chain. Anybody know?
For many years now I've monitored the cookies that are offered to my browser and denied most of them. Prior to 2001 (Mozilla 0.8) I was using CookiePal with Netscape 4.x, then I switched to Mozilla and eventually their cookie filtering/prompting capability rose to the same level.
So I see the cookies that come in, at least until I tell Moz to not prompt me anymore and just ban all cookies from a server. About a week ago I started seeing cookies with the names "__utma", "__utmb" and "__utmz" being sent from the server. MANY servers. Servers from all over the world were setting them (here's one).
Now, long ago I learned to recognize certain cookie patterns; for example, if I see a pair of cookies named "CFID" and "CFTOKEN" coming from a server, I know it's running Cold Fusion. Not that I really care, but it's an explanation.
So I'm guessing that these "UTM" cookies are all tied to some software package that a LOT of servers use, perhaps Apache or PHP, and that software package recently released an upgrade that has these cookies turn on by default. Or, more insidiously, my ISP has inserted a not-so-transparent proxy into the chain. Anybody know?
And checking the source of the referenced page, I can see that it does indeed use Google Analytics/Urchin.
posted by grouse at 10:01 AM on November 20, 2005
posted by grouse at 10:01 AM on November 20, 2005
The Google Analytics javascript (which does set these cookies).
posted by smackfu at 10:07 AM on November 20, 2005
posted by smackfu at 10:07 AM on November 20, 2005
Response by poster: You guys are awesome.
So perhaps this is happening on all sites that have Google Ads in them? Which would be many, many sites. Too bad I can only block cookies by server name, not by cookie name. It's suddenly very annoying to find nearly every site I go to trying to set three cookies, thus forcing me to decide on a rule for them (deny all vs allow all) or forever have to do a brain context switch to decide about each and every cookie.
Hmmmm ... I have zero experience with Google Ads, but wouldn't those be served by Google, not by the site? Thus I would expect the cookies to come from Google.
Any further light shed on this would be greatly appreciated! My browsing speed has slowed way down as a result ...
posted by intermod at 11:38 AM on November 20, 2005
So perhaps this is happening on all sites that have Google Ads in them? Which would be many, many sites. Too bad I can only block cookies by server name, not by cookie name. It's suddenly very annoying to find nearly every site I go to trying to set three cookies, thus forcing me to decide on a rule for them (deny all vs allow all) or forever have to do a brain context switch to decide about each and every cookie.
Hmmmm ... I have zero experience with Google Ads, but wouldn't those be served by Google, not by the site? Thus I would expect the cookies to come from Google.
Any further light shed on this would be greatly appreciated! My browsing speed has slowed way down as a result ...
posted by intermod at 11:38 AM on November 20, 2005
So is there a way to stop it? Any ideas for the simple minded...
posted by orlin at 11:39 AM on November 20, 2005
posted by orlin at 11:39 AM on November 20, 2005
It's an independent service from Google ads. You have to sign up for each separately. If you block these cookies, that site will just not know you visited, which is presumably why you would think about blocking cookies in the first place.
posted by smackfu at 12:17 PM on November 20, 2005
posted by smackfu at 12:17 PM on November 20, 2005
Like smackfu said, Google Analytics isn't related to Google Ads -- it's a free stats engine for people that want to find out information about their visitors (ie, number of vistors, where they're from, what time they're coming, what search terms they use to arrive to the site, etc).
But I'm curious, if you're so selective about cookies and reject most of them, why not just block them all? What cookies are you comfortable accepting?
posted by mattwatson at 1:40 PM on November 20, 2005
But I'm curious, if you're so selective about cookies and reject most of them, why not just block them all? What cookies are you comfortable accepting?
posted by mattwatson at 1:40 PM on November 20, 2005
(he wouldn't be able to post here if he didn't accept cookies from this site)
posted by andrew cooke at 2:04 PM on November 20, 2005
posted by andrew cooke at 2:04 PM on November 20, 2005
Response by poster: Oh, I accept lots of cookies. The problem is that up until now, many sites weren't firing cookies at me and I would surf to those sites without any delays. Now suddenly I find that with huge numbers of sites I'm having to deal with the cookie prompt. It's as if I lost my allow/block cookie history -- suddenly I'm getting cookie prompts on sites that I've been going to for years that had no cookies. It's no big deal when a site decide to change their web engine and start using cookies, but suddenly this week I'm see tons of them. I guess it's kind of hard to explain if you don't use a selective cookie blocker (i.e. you just allow all or deny all). I just now need to accumulate more blocking rules .. it's a pain, that's all.
And, of course, back to the original issue, I just thought it was strange that this was happening across many sites, and was wondering what was going on. Glad to rule out ISP shenanigans. Thanks everyone for the information.
posted by intermod at 2:56 PM on November 20, 2005
And, of course, back to the original issue, I just thought it was strange that this was happening across many sites, and was wondering what was going on. Glad to rule out ISP shenanigans. Thanks everyone for the information.
posted by intermod at 2:56 PM on November 20, 2005
This thread is closed to new comments.
posted by Bezbozhnik at 9:58 AM on November 20, 2005