BadPhorm - When good ISPs go bad!

We are being watched. The websites we visit, and the advertisers who promote products on those sites, are tracking our online activity, building a profile of where we go and in some cases what we do when we get there.The computer on which this article is being written has no fewer than 2,901 tracking files (known as cookies) monitoring its online activity, from sites including Google (121 cookies), Amazon (14), the UK government (46) and dozens upon dozens of advertising networks. These track different things: some monitor which sites are visited, some track which adverts are clicked, others store and report back on preferences and favourites on different sites.

http://www.guardian.co.uk/technology/2012/apr/13/new-law-cookies-affect-internet-browsing

There are on average 14 tracking tools per webpage on the UK's most popular sites, according to a study.

Privacy solutions provider Truste suggests that means a user typically encounters up to 140 cookies and other trackers while browsing a single site.

The research was published less than 40 days before strict rules come into effect governing cookie use.

The study was carried out in March and covered the UK's 50 most visited organisations.

The firm said that 68% of the trackers analysed belonged to third-parties, usually advertisers, rather than the site's owner.

Tracking the trackers: first progress report

The "Tracking the Trackers" project has since last Friday asked users of the site to submit anonymised information on the webpages they visit and the tracking files (usually known as "cookies") that those sites place.

Since then, more than 300 users have uploaded information on the relationships between more than 16,000 websites and cookies, building one of the most detailed databases ever available on the prevelance of web cookies.

The project is still accepting new data, but has published the current top 10 tracking files on the internet, in order to begin investigating what information each tracks, and which companies are behind them. It's given below, with the number of websites that attempted to place the cookie on users' computers:

1. doubleclick.net (863 sites)

2. quantserve.com (531 sites)

3. scorecardresearch.com (507 sites)

4. facebook.com (488 sites)

5. twitter.com (378 sites)

6. google.com (306 sites)

7. addthis.com (275 sites)

8. adnxs.com (233 sites)

9. yieldmanager.com (198 sites)

10. imrworldwide.com (188 sites)

Apologies for the delay in replying, Peter - it was very late in the day when I read your message, I remembered from a previous attempt at tinkering that it wasn't as straightforward as it seemed, so didn't want to tackle it right away, and I had a hospital visit next day which left me feeling pretty wrecked, so my brain is only now coming back to life!
 
My initial reaction was "I'm sure I tried that and it didn't work" - but I couldn't remember what the problem was. Before starting on this, you have to change your basic preference by ticking "Accept cookies from sites", of course, otherwise the whole thing is a non-starter!
 
On kicking my memory and Google in roughly equal quantities, having altered the basic setting, the problem with then setting "network.cookie.alwaysAcceptSessionCookies" to "true" is revealed in http://kb.mozillazine.org/Network.cookie.alwaysAcceptSessionCookies - which says "network.cookie.lifetimePolicy must be set to 1 for this preference to take effect".
 
Having done that, what happens is that every time you visit a site that uses cookies, you get an irritating pop-up box asking you what you want to do about cookies from that site, so on the umpteen sites that I don't want cookies from, and they would previously simply have been blocked automatically, because I didn't have "Accept cookies from sites" ticked, I now have to *do* something - unless I've overlooked something or screwed something up, it seems it doesn't actually act as a tool to make "Allow for Session" the default.
 
The possibility that I've got the wrong end of the stick somewhere is, of course, quite high, so further input (especially from anyone who's actually got it working!) would be welcomed!
 
Mind you, while a successful bit of tinkering in "about:config" by someone cleverer than me might make life easier for me personally, that's not really an ideal solution for the "ordinary" non-experimental "I'd better not touch this in case I break it" user, so I would still say "Why the devil isn't there an option to set "Allow for Session" as the *default* in Firefox?"

Right - I *think* I've cracked it.
 
It struck me that things might be skewed by the existing list of exceptions, so, never one to be afraid of using the old "If in doubt - wipe it out" principle, I deleted all these, restarted Firefox, and tootled around various sites to see what happened.
  
On every site that uses cookies, I got the pop-up box. e.g. -
"The site www.british-history.ac.uk wants to set a cookie"
...with a tick box:
"Use my choice for all cookies from this site"
...and options:
"Show details - Allow - Allow for Session - Deny"
 
In other words, I actually now have *no* default setting - it's not doing *anything* automatically, it's asking me what I want to do on every first visit to a site.
 
Well, I thought - it isn't the answer we were looking for - but, on reflection, it's not a bad option.  It seems tedious at first sight, but that is largely because I'm having to repeat what I'd already done. If I didn't already have things set up on a site by site basis (as is actually the case now that I've deleted all the exceptions, of course!), it's no different to something like installing No-Script for the first time and having to tell it what to do on every first site visit. Clicking the appropriate button is a lot easier than having to open the preferences bit and manually type in an exception, so if we ignore my natural irritation at having to do things again and pretend I'm a new user, I would say this is a better option.
 
Now... (and please don't ask me why this works, I have no idea!)
 
In order to ensure that other extensions didn't conflict with things and screw up the results, I had, of course, disabled a number of things that I thought might interfere with things.
 
On re-enabling CookieMonster, I find that it now seems to be doing exactly what I wanted! I no longer get the pop-up box, cookies are automatically allowed for the session (they appear in the Firefox list but then disappear on a restart), and if I want to either allow cookies permanently for that site or block everything, even session cookies (though I can't actually think of a site where I'd consider that necessary), I can just click the CookieMonster icon, click the appropriate button in the menu, and CookieMonster adds an exception to the Firefox list.

So - thank you, Peter!
It doesn't answer the "Why the devil isn't there an option to set "Allow for Session" as the *default* in Firefox?" question, of course, which I still think is an illogical omission, but from a personal viewpoint the result of being prodded into tinkering by your message is that life has been made much easier for me.
 :)