Our readers occasionally ask about the external scripts that we include in Naked Security's pages.
We use them because they each do something that we think is valuable. Of course, you don't have to agree that they are useful, and you can block the scripts and cookies that you don't want.
Below we've tried to explain what services we're running, why we use them and what they do for us. We've also provided information so that you can block scripts or cookies that you aren't comfortable with.
Exactly which cookies you'll get when you visit varies a lot, and the various permutations are too intricate to list in full. A lot depends on which social networking websites you use and which ones you are logged in to when you visit the site.
A quick primer: Cookies and Scripts
If you know what cookies and scripts are you can skip this bit.
A cookie is a small data file that a website can store on your computer and which your computer then shares with that website each time you view a page. Cookies can be useful for things like recording if a user has logged into a website or not. To find out more about cookies, visit www.allaboutcookies.org.
Scripts are small computer programs embedded within web pages to give those pages extra functionality.
Tools for managing your privacy
Your first line of defence is your web browser privacy settings. Different browsers have different features but most will allow private browsing and/or various degrees of control over which kind of cookies you will accept. For specific instructions about how to enable or disable cookies on your computer, please refer to the documentation for your browser software.
Here at Naked Security we're big fans of the NoScript plugin which allows Firefox users to accept or deny individual scripts on a webpage.
If you don't use Firefox - or you do but you're looking for a more hands-off privacy tool - you may want to check out Do Not Track Plus. We haven't used it extensively and so we're not endorsing it but it looks interesting.
And finally, since we used it to create this page and dig out all the cookies that are exchanged on Naked Security, we should mention the Firecookie plugin which is a very useful tool for viewing and controlling cookies.
If you do not wish to allow cookies, please disable cookies before continuing to use the Naked Security pages. If you choose to disable cookies, some of the Naked Security pages may be functionally limited.
The Cookies and Scripts We Use
Naked Security / WordPress
Script domains
nakedsecurity.sophos.com,
s0.wp.com, s1.wp.com, s2.wp.com,
ssl-stats.wordpress.com, r-login.wordpress.com
Naked Security Cookies
| Name | Domain |
|---|---|
| newsletter | nakedsecurity.sophos.com |
| sophos_greeting | nakedsecurity.sophos.com |
We use these cookies to remember if you have told us you don't want to be bothered with prompts to sign up for our newsletter or our various social media channels.
WordPress Cookies
| Name | Domain |
|---|---|
| TESTCOOKIE | wordpress.com |
| __qca | .wordpress.com |
| __utma | .wordpress.com |
| __utmb | .wordpress.com |
| __utmc | .wordpress.com |
| __utmz | .wordpress.com |
| kvcd | .wordpress.com |
| km_ai | .wordpress.com |
| km_uq | .wordpress.com |
| km_vs | .wordpress.com |
| km_lv | .wordpress.com |
| wordpress_test_cookie | .wordpress.com |
| wordpress | .wordpress.com |
| wordpress_logged_in | .wordpress.com |
| wordpress_sec | .wordpress.com |
| wordpress_eli | .wordpress.com |
| wpc_wpc | .wordpress.com |
| wp_api | .public-api.wordpress.com |
Naked Security is hosted on WordPress.com VIP so if you're logged in to WordPress when you visit then you'll get all of the WordPress cookies.
More information about WordPress cookies is available in the Automattic Privacy Policy.
Quantcast
Script domains
edge.quantserve.com
Cookies
| Name | Domain |
|---|---|
| qoo | .quantserve.com |
| mc | .quantserve.com |
| __qca | .sophos.com |
Quantcast is a marketing and advertising organisation and its tracking features are used, somewhat controversially, as part of the WordPress stats facility. Automattic (the folks behind WordPress.com) say it's not used for ad tracking and they don't sell user data.
Looking through the list of cookies below it appears that both IntenseDebate and LinkedIn also use Quantcast. If you're logged in to either service when you visit Naked Security you'll exchange Quantcast cookies with them too.
Read the Quantcast Privacy Policy to find out more about how they use cookies and if you're not convinced you can visit their opt out page.
IntenseDebate
Script domains
intensedebate.com
Cookies
| Name | Domain |
|---|---|
| id_anon_email | .intensedebate.com |
| id_anon_name | .intensedebate.com |
| idcomments_userid | .intensedebate.com |
| idcomments_token | .intensedebate.com |
| PREFERRED_LOGIN | .intensedebate.com |
| __utma | .intensedebate.com |
| __utmb | .intensedebate.com |
| __utmc | .intensedebate.com |
| __utmz | .intensedebate.com |
| __qca | .intensedebate.com |
IntenseDebate is a 3rd party comments system for WordPress which is owned and recommended by Automattic, the people behind WordPress.com.
We run this because comments and discussion are really important to us and we prefer the features of IntenseDebate. If you block scripts from intensedebate.com then you can still read and write comments because Naked Security will revert to the standard WordPress commenting system.
More information about IntenseDebate cookies is available in the Automattic Privacy Policy.
Google Analytics and Google Website Optimizer
Script domains
google-analytics.com
Cookies
| Name | Domain |
|---|---|
| __utmx_k_* | nakedsecurity.sophos.com |
| __utmx | .nakedsecurity.sophos.com |
| __utmxx | .nakedsecurity.sophos.com |
| __utma | .sophos.com |
| __utmb | .sophos.com |
| __utmc | .sophos.com |
| __utmz | .sophos.com |
| __utma | .nakedsecurity.sophos.com |
| __utmb | .nakedsecurity.sophos.com |
| __utmc | .nakedsecurity.sophos.com |
| __utmz | .nakedsecurity.sophos.com |
We use Google Analytics to see how many people are visiting our site and what's popular.
We have 2 Google Analytics profiles, and consequently two sets of cookies. One is for all of Sophos and one just Naked Security. We know we could have set that up better but we didn't and now we're basically stuck with it. Don't ask.
We use Google Website Optimizer to help test different designs for parts of the site. For example a GWO test showed us that Outbrain recommendations were much more popular than our standard recommendations which is why we use Outbrain.
You can read more information on Google's use of cookies in their privacy policy and specific information on how Google Analytics uses cookies is available from Google Code. Google also provides a Google Analytics Opt-out Browser Add-on if you want to avoid being tracked.
Script domains
api.facebook.com, static.ak.fbcdn.net
Cookies
| c_user | .facebook.com |
| datr | .facebook.com |
| lu | .facebook.com |
| s | .facebook.com |
| xs | .facebook.com |
| sub | .facebook.com |
| p | .facebook.com |
| presence | .facebook.com |
| act | .facebook.com |
We embed Facebook widgets in our pages to show you how many times a story has been liked.
You can read more about Facebook's use of cookies in the Facebook data use policy.
Script domains
platform.twitter.com, cdn.api.twitter.com, r.twimg.com
Cookies
| k | .twitter.com |
| guest_id | .twitter.com |
| original_referer | twitter.com |
| js | twitter.com |
| auth_token_session | .twitter.com |
| auth_token | .twitter.com |
| secure_session | .twitter.com |
| twll | .twitter.com |
| lang | twitter.com |
| twid | .twitter.com |
| h | twitter.com |
| original_referer | api.twitter.com |
| lang | api.twitter.com |
| __utma | .twitter.com |
| __utmb | .twitter.com |
| __utmc | .twitter.com |
| __utmz | .twitter.com |
| _twitter_sess | .twitter.com |
We embed Twitter widgets in our pages to show you how many times a story has been tweeted. You can also log in to comment using your Twitter ID.
You can read more about Twitter's use of cookies in the Twitter privacy policy.
Script Domains
platform.linkedin.com
Cookies
| Name | Domain |
|---|---|
| X-LI-IDC | www.linkedin.com |
| bcookie | .linkedin.com |
| JSESSIONID | www.linkedin.com |
| __utma | .linkedin.com |
| __utmb | .linkedin.com |
| __utmc | .linkedin.com |
| __utmz | .linkedin.com |
| __utmv | .linkedin.com |
| __qca | .linkedin.com |
| visit | www.linkedin.com |
| s_leo_auth_token | www.linkedin.com |
| leo_auth_token | www.linkedin.com |
| _lipt | .linkedin.com |
| lw | .linkedin.com |
| lang | www.linkedin.com |
| NSC_MC_WT_DTQ_IUUQ | www.linkedin.com |
We embed LinkedIn widgets in our pages to show you how many times a story has been shared.
Unlike the other social media widget providers LinkedIn sets a cookie even when you aren't logged in to their service or haven't previously visited linkedin.com.
You can read more about LinkedIn's use of cookies in the LinkedIn privacy policy.
Google Plus
Script domains
apis.google.com
Cookies
| PREF | .google.com |
| NID | .google.com |
| HSID | .google.com |
| SSID | .google.com |
| APISID | .google.com |
| SAPISID | .google.com |
| SID | .google.com |
| ULS | apis.google.com |
| BEAT | plusone.google.com |
| ULS | plusone.google.com |
We embed Google Plus widgets in our pages to show you how many times a story has been +1'd.
YouTube
Cookies
| Name | Domain |
|---|---|
| VISITOR_INFO1_LIVE | .youtube.com |
| PREF | .youtube.com |
When we add a video to one of our articles we embed the video using YouTube. More information about YouTube and Google cookies is available in Google's privacy policy.
Outbrain
Domains: widgets.outbrain.com, odb.outbrain.com
| Name | Domain |
|---|---|
| optout | .outbrain.com |
| obuid | .outbrain.com |
| tick | .outbrain.com |
| _lvs2 | .outbrain.com |
| _lvd2 | .outbrain.com |
| _rcc2 | .outbrain.com |
| _fcap_CAM3 | .outbrain.com |
| recs-* | .outbrain.com |
We use Outbrain to provide recommendations at the bottom of our articles. We use it because when we A/B tested it against our standard recommendations we discovered that Outbrain recommendations were more than twice as popular.
It is possible for users of Outbrain to make money by allowing it to recommend articles from other websites. We don't do that so we don't make any money from using Outbrain.
You can find out more about Outbrain cookies and opt out from receiving them at the Outbrain privacy policy.
Polldaddy
Script domains
static.polldaddy.com
We use Polldaddy for the "How likely are you to recommend Naked Security.." widget at the bottom of each article and for the occasional polls we run.
Gravatar
Script domains
s.gravatar.com
Gravatars are avatars that are shared across multiple websites. WordPress.com users get Gravatars by default. You can find our more about Gravatars on the Gravatar website and the WordPress.org Codex.
Any Corrections?
The information on this page has been compiled in June 2012, and to the best of our knowledge, it's up to date and correct. If you think you have spotted an error on this page, or if you think we've missed something, please let us know.
cookies image from shutterstock
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
