dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
34352

OzarkMan$
join:2000-12-22
Ozark Mtns.

OzarkMan$ to R2

Member

to R2
quote:
"3" generally means 'disabled'. I THINK that OzarkMan's entry (1A10) might be to "Override Privacy Settings for Cookies"
Yes it has to do with "Override Privacy Settings for Cookies". How I determined that was I unchecked Override cookie handling and started at Accept all Cookies with the slider and looked at any registry changes for the Internet zone, paying special attention to any of the Dwords you mentioned above....1001--->1E05....the only one that changed was 1A10. From a 0(zero) for when I selected Accept all Cookies to a 3 for the 4 remaining settings low,med,med hi,block all cookies.

Also R2....As you alluded to earlier
quote:
The first section is in the {AEBA21FA...} key and the second is in the {A8A88C49...} key. You will note above, the second section is SUPPOSED to only control third-party cookies. Yet, moving the slider from Medium to High should have NO effect on third-party cookies. I do NOT understand why this section has any changes...
Those did grow larger as I changed the slider from accept thru the steps to the last choice of block. That's something I might get back to at another time. Things are kind of cloudy right now. Way to much with Real Life going on.
quote:
I just feel washed out...
To some degree I will second that. We were locked down pretty tight at our Control Tower. It was a very errie feeling watching the big 20" Monitor showing 100's of aircraft in the air across our Great Nation to None in a matter of minutes. Sad day indeed. I have no clue what wasted\worn out means, compared to what the family\victims are feeling right now. This is a release for me right at this moment. I have seen enough for awhile Will see more tommorrow and am Thankful I have a chance to see tomorrow.
OzarkMan$

OzarkMan$ to R2

Member

to R2

.

Click for full size
quote:
The "3" entry is used to Block ALL cookies
Hmmm....Restrict OR Block

R2
R Not
MVM
join:2000-09-18
Long Beach, CA

R2

MVM

Although Microsoft has not always been completely consistent, in general that following are synonymous:

block = = deny = disable   (1A10 = "3" will BLOCK cookies)
restrict = "downgrade" = change to "session" cookie
accept = allow = enable
  (this can also mean 'leash' to first party context)

explicit = opt-in (you must choice to have your information shared)
implicit = opt-out (you must choice to NOT have your information shared)

[text was edited by author 2001-09-12 09:24:45]

CNZ
Schnook's Kiwi
Premium Member
join:2001-07-07
Kakanui, NZ

CNZ to R2

Premium Member

to R2

Re: Custom Zones and cookies

This is weird.

My custom zone - which I have named "Microsoft" contains amongst other things *.hotmail.passport.com and *.hotmail.msn.com.

Hotmail needs cookies to login. As a test I deleted all the msn, passport, hotmail cookies from the Cookie Folder, and emptied the TIF. I also removed these sites from the "Privacy settings -Per site" tab (where I previously had them set to "allow")

Given that the cookie settings in the registry for this zone are all set at (3) as I mentioned earlier, I would have expected all cookies to be blocked and NOT to be able to login to Hotmail. Either my testing was flawed OR that theory is wrong. I logged into Hotmail with no trouble - therefore cookies MUST have been accepted. Sure enough, when I look in the Cookies folder there they are again!

Is my thinking wrong about this? Would *you* have expected cookies to be blocked? I realise that there is no official info re custom zones and cookies, but surely the (3) in the registry entries for cookies should mean the same as it does in other zones?

I apologise for continually distracting you from your continuing research!

R2
R Not
MVM
join:2000-09-18
Long Beach, CA

R2

MVM

Quite the contrary! I truly appreciate and encourage your questions. Believe me, we (or at least I) do NOT have all the answers -- and more importantly -- we have not even thought of all the questions!

Clearly 1A02, 1A03, 1A05, and 1A06 are NOT functioning as I would have guessed. So, setting these to "3" is not working. This makes little sense to me, because 1A05 and 1A06 were NOT present in IE5.5 -- so they were added on by IE6. To add them on, but make them non-functional is illogical; I don't see why they were put in there if they do NOTHING.

On the other hand, I BELIEVE that setting 1A10 to "3" should convert any new zone into a "Restricted-type" zone. However, my analysis is likely still very incomplete. Definitely setting this to "0" should convert a new zone in to a "Trusted-type" zone. BUT, there is still one difference between a NEW zone and the Restricted sites -- and that is the Privacy GUID's.

What might be necessary to fully 'Restrict' a NEW zone is to COPY the two Privacy GUID's to this zone in the Registry. Backup your Registry first. Then, the simplest way to do this is to export this key:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4

...to your Desktop. Open it in Notepad (Edit). Change the zone number to the one you want to adjust (assumably "5"). Delete ALL of the lines that you do NOT want to modify (e.g., Display Name, Description, etc.) but leave the two Privacy GUID's. Save this altered file. Double-click this file and Merge it into your Registry. Open Regedit and verify that the Zones\5 key look appropriate (i.e., the new Privacy GUID's are there and everything else is still correct). Then give it a try... THANKS.

CNZ
Schnook's Kiwi
Premium Member
join:2001-07-07
Kakanui, NZ

CNZ

Premium Member

I am not sure that I am brave enough to try that! I have done the first bit, but actually merging it into the registry is the scary bit!

As an aside, I see that the IA10 setting does not even exist in the registry settings for my "Custom Zone 5". Would I need to copy that into the settings as well?

I will think about it over night and if I pluck up the courage, will give it a go. Thanks again!

R2
R Not
MVM
join:2000-09-18
Long Beach, CA

R2

MVM

I understand. I will try to do this later.

The 1A10 value did not exist before IE6, so the IE Zone Editor program did not add it to your new zone. It also did not add 1A05 and 1A06.

To add the 1A10 value to a given zone, right-click on the folder (key) that you want to add the value in -- in this case, the "5" folder. Select NEW > DWORD Value. You will find "NewValue#1" highlighted. Simply type 1A10 over this and hit Enter. Double-click this and add in the "data" you want -- in this case, 3.

As long as you backup the registry, you can always go back to where you were. In this case, all you REALLY need to backup is the Zones key -- and even that is overkill. Select the Zones folder (key), then select Registry | Export Registry File... Save this somewhere that you can find it (i.e., the Desktop) and call it "Zones.reg".

If something gets screwed up, Delete as much of the Zones key as you feel is necessary, and then double-click on the Zones.reg file to restore this section of the Registry back to how it was before. It is that easy.:)

CNZ
Schnook's Kiwi
Premium Member
join:2001-07-07
Kakanui, NZ

CNZ

Premium Member

But 1A05 and 1A06 *are* there....it has added them to my Custom Zone. They are both set at, 3.

Thanks for the detailed instructions. I think curiosity will get the better of me....might give it a go later in the day.

Have a good day!

R2
R Not
MVM
join:2000-09-18
Long Beach, CA

R2

MVM

That is weird -- IE Zone Editor came out before those entries were created by Microsoft. And, since it does not create the 1A10 entry, I am surprised it created those. Did you have IE5.5 Security Privacy Beta installed before IE6? That was the original source of those entries.

I made a few mistakes.
said by R2:
The "Description" should be the text that is displayed next to the "Sites" button on the Security tab when you select a given zone. I believe this still works.
This is wrong. The Text that shows up is the EXACT same as the name of the Zone in the little window. So IE6 breaks BOTH of these functions. This should NOT be this way!!:(

Then, the handling of Non-Private cookies are not exactly as how I initially thought. This is because Microsoft actually separates out the Opt-in and Opt-out choices in a confusing manner. I will post a new image next.
R2

R2

MVM

Click for full size
This is as best as I can tell. Sorry for the LONG length...

Key:

1st-Party = the site (URL) you are visiting
3rd-Party = NOT the site you are visiting
Legacy Cookies = cookies present before IE6 was installed
Per Site Settings = Web sites specifically entered on the Privacy tab

Compact Policy = the P3P policy that a Web site transmits specifying how they will use your personal information

None = No Compact Policy exists on the Web site
Not Private = Personally identifiable information IS used without your explicit consent
Private = NO personal information is used without your consent

opt-out = you must tell the site you DON'T want information shared
opt-in = you must tell the site you DO want information shared
no opt = you have no choice

B = Cookies are Blocked
A = Cookies are Allowed (accepted) and stored on your computer
L = "Leashed" - Cookies are restricted so they can only be read in the first-party context
D = "Downgraded" - Cookies are deleted when IE is closed (essentially turning them into Session cookies)

P = Session cookies are treated just as Persistent Cookies are treated.
I = Ignored (Per site setting on the Privacy tab are NOT followed)
O = Overrides (Per site settings override the Privacy settings)



The reason I looked into this was because I was surprised to see that there were changes in the third-party Privacy GUID when I moved the Privacy Slider from Medium to High. I now see why. On the "Medium" (default) setting, cookies are "Downgraded" from sites with a "Not Private" Compact Policy that are "opt-out". However, on the "High" setting, these cookies are Blocked.

SO... all the changes I see in the third-party Privacy GUID is simple due to THIS SMALL change!! Unfortunately, there is no other clear difference in third-party cookie handling between the Medium and High settings. I see this is a MAJOR deficiency in the Privacy Slider...
[text was edited by author 2001-09-13 18:06:34]

CNZ
Schnook's Kiwi
Premium Member
join:2001-07-07
Kakanui, NZ

CNZ

Premium Member

Click for full size
don't know if this will work, but here is a screenshot of the relevant settings for my custom zone. I have no idea how to fit the whole thing in, so it's just the bottom half!

And, no, I didn't have the beta installed.

R2
R Not
MVM
join:2000-09-18
Long Beach, CA

R2

MVM

There is a lot of Black there.;)

I am taken aback that IE Zone Editor added in the 1A05 and 1A06 entries. Even IE5.5sp2 did not use them. I wonder if it would do the same thing if you created another zone?

Yes, all of the specific cookie entries are set at "3", but I think you need a 1A10 value set at "3" to block cookies. I don't think those other values really work any more.

I tried using my new zone and it appears that IE6 recognizes it and it is still functional -- except I have not messed with the cookies yet. I am busy with something else...

CNZ
Schnook's Kiwi
Premium Member
join:2001-07-07
Kakanui, NZ

CNZ

Premium Member

Click for full size
Created a second custom zone - Zone 6. While Zone Editor created it OK - it does NOT appear in IE Security Zones with the others. It DOES appear in the registry but this is all there is!

Sorry about the black! I need to spend less time here and more time learning how to use my photo editor!

OzarkMan$
join:2000-12-22
Ozark Mtns.

OzarkMan$

Member

CNZ....just a suggestion....paint brush works real well for posting things like registry pictures.

R2
R Not
MVM
join:2000-09-18
Long Beach, CA

R2 to Lex Luthor

MVM

to Lex Luthor

Re: IE6 and Cookies

XML Privacy ···licy.zip
3,932 bytes
(XML Privacy Policy.htm)
I have reworked the pages that describes the XML Elements for creating an Import Privacy file. I have posted on MANY different bulletin boards and so far I have found NO ONE who can state that they had ACTUALLY imported an XML file.

I am begining to believe this is BROKEN!! I have attached the completely reorganized page. SOMEONE please read it and see it is just me!!

Please note, I have corrected the error that Microsoft makes on this page. This says the parent element of flushCookies is MSIESiteRules. This is incorrect. The correct parent appears to be MSIEPrivacySettings.
R2

R2

MVM

OK, OK -- I knew I was doing SOMETHING wrong. I finally got the Import file to work and I am FINALLY starting to see how it handles cookies. So far, there has been some weird findings....

Here is a copy of my Import file:

<MSIEPrivacy>
<MSIEPrivacySettings formatVersion="6">
<p3pCookiePolicy zone="internet">
<firstParty noPolicyDefault="forceSession" noRuleDefault="forceSession" alwaysAllowSession="no">
</firstParty>
<thirdParty noPolicyDefault="reject" noRuleDefault="reject" alwaysAllowSession="no">
</thirdParty>
</p3pCookiePolicy>
<p3pCookiePolicy zone="trustedSites">
<firstParty noPolicyDefault="forceSession" noRuleDefault="forceFirstParty" alwaysAllowSession="no">
</firstParty>
<thirdParty noPolicyDefault="reject" noRuleDefault="reject" alwaysAllowSession="no">
</thirdParty>
</p3pCookiePolicy>
</MSIEPrivacySettings>
</MSIEPrivacy>

Briefly, this will:

Internet Zone:
First Party: Force Session
Third Party: Reject (Block)

Trusted sites Zone:
First Party: Leash (Force Session if NO Compact Policy)
Third Party: Reject (Block)

I will probably NOT be able to finish testing this until next week. But even on the first site (whatis.techtarget.com) I found some interesting things. I need to verify that I did this correctly...
_______________________

Of note, I have DSLR in my TrustedSite zone. Since this site has NO Compact Policy, the Cookie was "Restricted" -- meaning it was forced into Session status. This was the FIRST time I had seen the word "Restricted" in the "Privacy Report" box.
[text was edited by author 2001-09-14 20:20:51]

OzarkMan$
join:2000-12-22
Ozark Mtns.

OzarkMan$

Member

Dang it....no wonder I kept getting the error message that it could not import. I left out the beginning part ---MSIEPrivacy---....grrrrr !
The more and more I dig into this version, the more I feel for what little surfing the wife and I do, IE 5.5 was just fine

Thanks R2 ....now I have my first xml file I created finally merged !

R2
R Not
MVM
join:2000-09-18
Long Beach, CA

R2

MVM

.

I took me REREADING and REORGANIZING the XML Privacy Policy Page before I figured out what I was doing wrong. I knew it had to be something, but I just could not see it. I think my version of this page is much more convenient -- and I like my Parent-Child Relationship outline. It makes it easier to see what to do. Cheers.
R2

R2 to Lex Luthor

MVM

to Lex Luthor

Re: IE6 and Cookies

Cookie Trials.zip
5,752 bytes
(Cookie Trials.xls)
Well, I finished Eric's list as quick as I could. The Import file works GREAT. All third party cookies were BLOCKED -- and even first party cookies were Forced into being Session cookies!!

I think this is likely the MOST complete way to control Cookies -- and the good news is that it seems to work, eh, finally!:)

Attached is my data for Eric.
eburger68
Premium Member
join:2001-04-28

eburger68

Premium Member

R2:

Thanks for the updated set of your results with your import file. I probably won't get the time to check it out for a few days, so please bear with me. I do want to try your import file myself and see how it works.

Great work!

Eric L. Howes
eburger68

eburger68 to R2

Premium Member

to R2
R2:

I've completed a trial using your Import file. The results are posted on my "Findings" page:

»www.staff.uiuc.edu/~ehow ··· -p3p.htm

Look for the "Import" column in the table of results.

What I saw roughly follows what you got, though MSNBC refused to try to push any cookies on me for some reason (I'm still deciding whether to be disappointed or ecstatic at that behavior).

I've revised many of the sections of that page to reflect these new results, including the "Recommendations" section.

It would be nice, at this point, to put together a menu of different Import files that IE6 users could download and try out. Different users could very well desire different mixes of Privacy settings for their Trusted and Internet zones.

In any case, thank you for your labors over MS's documentation on custom XML Import files. That they are now a viable option for IE6 users is a testament to your doggedness and patience.

All the best,

Eric L. Howes
[text was edited by author 2001-09-16 20:37:28]

YBoris
join:2001-06-01
Old Bridge, NJ

YBoris to Lex Luthor

Member

to Lex Luthor
IE 6 is the best thing in the world (in browsers) ...
I see no problem with the automatic cookie handling ...
and more over ... I LOVE the way you can handle them manually
:):) - sorry about the late reply