IE 6 Privacy ‘Feature’ (IE 6 SP1)

Topic

New Reply

IE 6 added the new privacy tab in IE options that gives you control over cookies ONLY in the Internet security zone. Previous to IE6, I ran Yahoo in the restricted zone to stop it from running active-x controls. I have active-x controls in the internet zone set to prompt but even with my ad-blocking software, Yahoo apparently tries to run some sort of active-x control on every single page that you open. If I keep it in the internet zone, then I have to reply NO to all those prompts. So I put it in the restricted zone.

But IE 6 takes control of cookies away from me in the restricted zone (even though I have my own cookie program), With Yahoo in the restricted zone, I can’t log onto Yahoo because IE 6 keeps rejecting its cookies, which my cookie program is set to accept.

Also, on the Privacy tab is setting for accepting cookies in the Internet zone. I keep setting it to DEFAULT and accept all cookies (again since I have control over cookies with Cookie Pal software). But it seems like every time I reboot, this setting gets changed back to custom and medium security level.

This is really ANNOYING! Has anyone come up with any registry hack to disable this privacy “feature” in IE 6?

Reply | Quote

Replies

ibe98765, On the privacy setting the default is medium. You should set it to accept all cookies (do not click default) and OK your way out. Have you tried entering Yahoo in the Web site portion on the privacy tab? The help for that section does not specifically say that it is for the Internet Zone only.

Joe

--Joe

Reply | Quote

Yes, I have it set to accept all cookies. But if you look at the blurb at the top of the window, you’ll see “Move the slider to select a privacy setting for the internet zone “. I did experiment with the override control but again it is only for the internet zone, sigh…

Reply | Quote

How much time do you have? I can write for several hours straight on the IE6 Privacy tab…

If you have Cookie Pal, you should be able to set the “Slider” on Accept All and leave it there. IE6 *should not* reset that when it is closed. OK, but it does on your system — so, lets forget about that for a second. I hate the Slider and so should everyone. Perhaps your settings will stick if you choose to over-ride the Slider…

Instead, chose the Advanced settings and click the over-ride box. Select to accept all first party cookies BUT block all third party cookies. You don’t want them anyway. I don’t feel strongly about Session cookies — do whatever with that box. Close IE and see if that sticks.

Just doing that is ten millions times better than any setting on the Slider.

OK, that only solves one of your problems. Now, the Restricted sites. I would LOVE to convince you to get rid of the Prompt settings in the Internet zone and have you just DISABLE all Active Content in the Interent zone. This is much safer. Simply move all the sites that you desire to use Active Content on into your Trusted Sites zone.

OK, I am going to assume you will not be easily convinced of this. Do you REALLY want to accept all cookies in the Restricted sites — or just the cookies for Yahoo? You can likely add “www.yahoo.com” to the “per site” settings on the IE6 Privacy tab. You can add specific cookie rules for individual sites.

If you want more information about IE6 and security/privacy, I recommend reading this:
http://www.staff.uiuc.edu/~ehowes/btw/ie/ie-opts.htm%5B/url%5D

Reply | Quote

Re: IE 6 Privacy ‘Feature’ (IE 6 SP1)
Post: 192946 re: 192932 from ibe98765

How much time do you have? I can write for several hours straight on the IE6 Privacy tab…

[ibe98765] How about how to disable this MS travesty?

If you have Cookie Pal, you should be able to set the “Slider” on Accept All and leave it there. IE6 *should not* reset that when it is closed. OK, but it does on your system — so, lets forget about that for a second. I hate the Slider and so should everyone. Perhaps your settings will stick if you choose to over-ride the Slider…

Instead, chose the Advanced settings and click the over-ride box. Select to accept all first party cookies BUT block all third party cookies. You don’t want them anyway. I don’t feel strongly about Session cookies — do whatever with that box. Close IE and see if that sticks.

Just doing that is ten millions times better than any setting on the Slider.

[ibe98765] Just rebooted and when I reopened IE, I was set back to the custom setting and lost the accept all setting. So I have reset the custom settings to your recommendation. It really shouldn’t matter to me, since Cookie Pal intercepts the cookies anyway.

OK, that only solves one of your problems. Now, the Restricted sites. I would LOVE to convince you to get rid of the Prompt settings in the Internet zone and have you just DISABLE all Active Content in the Internet zone. This is much safer. Simply move all the sites that you desire to use Active Content on into your Trusted Sites zone.

[ibe98765] If you disable all active content then my experience is that many, many sites won’t work. For instance, you can’t use MS Update which uses active-x controls. Flash won’t run and so forth. I would have to add them to the trusted zone, even if I wanted to just try them out once. That’s a real pain. I don’t want to return to 1994 and text only web pages. Prompting does the job better, IMO.

OK, I am going to assume you will not be easily convinced of this. Do you REALLY want to accept all cookies in the Restricted sites — or just the cookies for Yahoo? You can likely add “www.yahoo.com” to the “per site” settings on the IE6 Privacy tab. You can add specific cookie rules for individual sites.

[ieb98765] Again, it doesn’t matter to me if I accept all cookies, because Cookie Pal seems to get them anyway and I can control cookies better with CP than anything MS/IE can come up with!

If you want more information about IE6 and security/privacy, I recommend reading this: http://www.staff.uiuc.edu/~ehowes/btw/ie/ie-opts.htm

[ibe98765] Thanks for the link! It will take some time to study all the content here.

Reply | Quote

Were you able to get the Web Sites override box to work for you?

Reply | Quote

The override function only seems to work for the internet zone.

Reply | Quote

The override function only seems to work for the internet zone.

Ouch. I guess that is correct. The point is that the Restricted sites placement overrides the “per site” Privacy settings. I was hoping that the “per site” entries would be processed first and therefore override the zone. Obviously, I was incorrect. :-[

OK, now you are left with a decision to make. Do you want the Restricted sites to function like your Internet zone — in regards to cookies? Microsoft will tell you it can’t be done. But, as always, there are ways around this. Because you are very comfortable with letting Cookie Pal control your cookies, I know the answer is “yes”.

There are a couple of important registry keys that you need to familiarize yourself with:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones

Look in here and get a idea of what is there. By default there are 5 subkeys number 0-4. They are:

0 = My Computer
1 = Local intranet
2 = Trusted sites
3 = Internet
4 = Restricted sites

The names of these “zones” appear under the “DisplayName” value.

There is one very important value within each of these keys that will control your cookies in each zone:

The ?Override Privacy Settings for Cookies? entry (1A10):

00000000 Accept cookies regardless of Privacy settings
00000001 Use Privacy Settings to control cookies
00000003 Block all cookies regardless of Privacy settings

So, I suspect if you set the 1A10 value in zone 4 (Restricted sites) to 00000000, it should accept all cookies regardless of any other settings.

I do not recommend this for the average user. For most of us, we want the Restricted sites to never be able to set or access cookies.

Reply | Quote

Thanks. I will try that.

But do you think it is possible to blow away the whole Privacy tab?

btw: I am comfortable mucking around in the registry. There is an excellent registry program here. Somewhere on this page is a link to the free version. I don’t have time to find it right now.
http://www.resplendence.com/docs/

Reply | Quote

I use Registrar Light all the time. It is my favorite registry Search tool, although I get a little annoyed at its overly cautious asking if I am SURE I want to make a given registry change…

You can easily ‘blow away’ the Tab — i.e., make it not appear under Internet Options — but I realize that is not what you actually mean.

Yes, you can disable the IE6 Privacy functions very easily. Set that registy value (1A10) to 00000000 in all zones. That overrides the Privacy settings and “Accepts all” cookies in all zones.

Personally, I would rather have ALL zones block third-party cookies — even my Trusted sites — and that is what I do. However, I recognize this is not your desire!

Reply | Quote

I tried changing the restrictive zone to accept all cookies in the registry but that doesn’t work. Apparently Cookie Pal has some tie-in’s to IE cookie processing and cookies don’t get passed to CP if this setting is chnaged to 0, sigh.

I am in contact with CP and they are coming out with something new which will function to trap cookies independent of IE. I am on the beta testing list.

As for Yahoo, I have removed it from the restricted zone because I can’t get cookies through there, even with CP. I wrote Yahoo a note yesterday about ActiveX and today, so far, I am not getting any ActiveX prompts, which is unusual. Maybe they are paying attention?

One of the big problems with ActiveX prompts is that you don’t have any information to work with. You don’t know what the ActiveX content is, what it is for or what part of the site is generating it. I’m suspecting that in Yahoo’s case, the ActiveX garbage is something coming from an advertisement. But I have a robust ad-blocker called FilterGate and rarely see any Yahoo ads. So maybe the ActiveX content isn’t coming form an ad? It would be nice if there were some freeware program that would tell me more about this stuff.

Reply | Quote

Most CookiePal users I know never want to give it up, but there are other alternatives. AnalogX makes a program called CookieWall, and Jason Levine makes a similar one called CookieJar. Both of these are free and are capable of catching cookies regardless of the zone the site is in.

I completely agree. IE really gives us inadequate “Prompt” data — all you are told is that the site wants to use ActiveX. You are not told WHAT ActiveX control, WHERE the ActiveX control is coming from, and HOW this control may affect your computer. That is one of the reasons I just kill ActiveX in the Internet zone altogether. I dislike Prompts and they don’t really tell me much anyway.

Reply | Quote

Your complaints about blocking Active Content sound vaguely similar to those voiced about seat belts, “They’re too confining”. Read Eric’s report and maybe he can convince you. ;-]

MS Update works well on my computer! Why? Because it is in my Trusted sites. Flash?? I consider most Flash ads to be an assault on my personal space! I would gladly kill Flash in a second.

A real pain to add sites to the Trusted zone?? NO! It is only a mouse click away. (See image).

Did you ever get your Home Page hijacked by some rogue website? Ever get Bonzi Buddy installed just by visiting a web site? Have you looked to see how much Spyware is already installed on your system — just because you have Active Content running on web sites you don’t trust?

OK, I can believe you have never had any problems. BUT, look around at other users. Check out what has happened to them. This problem is NOT going to get better.

As for relying 100% on Cookie Pal — I understand your desire. BUT, why have Cookie Pal do work if it does not have to? You really don’t want third-party cookies — so let IE6 block them and give Cookie Pal a break for awhile!

Reply | Quote

Ha! You’re obviously a person of strong opinions.

One solution is never good enough for everyone. The proper way to design anything is allow an exit for those who choose to take it. I don’t want to be constrained by a lowest-common denominated solution.

No, I have never had my home page hijacked, I don’t have any viruses or spyware, I have never been hit by a virus or trojan, etc. This is because I use a variety of tools including AV, trojan, ad-blocking, cookie control, pop-up control software, etc. I run Outlook in the restricted zone and I have modified the security zones to adjust to my needs. As you see, I don’t need MS to protect me. If others do, that is fine. Just give me an exit is all I am asking. If MS won’t do it, then that is why I am asking for a hack solution.

How did you add that button for the trusted zone? I’ve looked at the available buttons on my IE toolbar (custom setup) and I don’t have anything like that available.

Reply | Quote