Cookies, Scripts and your Privacy

cookies in jar

Our readers occasionally ask about the external scripts that we include in Naked Security's pages.

We use them because they each do something that we think is valuable. Of course, you don't have to agree that they are useful, and you can block the scripts and cookies that you don't want.

Below we've tried to explain what services we're running, why we use them and what they do for us. We've also provided information so that you can block scripts or cookies that you aren't comfortable with.

Exactly which cookies you'll get when you visit varies a lot, and the various permutations are too intricate to list in full. A lot depends on which social networking websites you use and which ones you are logged in to when you visit the site.

A quick primer: Cookies and Scripts

If you know what cookies and scripts are you can skip this bit.

A cookie is a small data file that a website can store on your computer and which your computer then shares with that website each time you view a page. Cookies can be useful for things like recording if a user has logged into a website or not. To find out more about cookies, visit www.allaboutcookies.org.

Scripts are small computer programs embedded within web pages that give those pages extra functionality.

Tools for managing your privacy

Your first line of defence is your web browser privacy settings. Different browsers have different features but most will allow private browsing and/or various degrees of control over which kind of cookies you will accept. For specific instructions about how to enable or disable cookies on your computer, please refer to the documentation for your browser software.

You can also increase your control over scripts and cookies with a multitude of browser plug-ins such as NoScript, Ghostery, Lightbeam and Do Not Track Plus.

And finally, since we used it to create this page and dig out all the cookies that are exchanged on Naked Security, we should mention the Firecookie plugin which is a very useful tool for viewing and controlling cookies.

If you do not wish to allow cookies, please disable cookies before continuing to use the Naked Security pages. If you choose to disable cookies, some of the Naked Security pages may be functionally limited.

The Cookies and Scripts We Use

Naked Security / WordPress

Script domains

nakedsecurity.sophos.com,
s0.wp.coms1.wp.coms2.wp.com,
ssl-stats.wordpress.comr-login.wordpress.com

Naked Security Cookies

Name Domain
newsletter nakedsecurity.sophos.com
sophos_greeting nakedsecurity.sophos.com

We use these cookies to remember if you have told us you don't want to be bothered with prompts to sign up for our newsletter or our various social media channels.

WordPress Cookies

Name Domain
_ga .wordpress.com
_wpndash .wordpress.com
km_lv .wordpress.com
km_ni .wordpress.com
km_uq .wordpress.com
kvcd .wordpress.com
optimizelyBuckets .wordpress.com
optimizelyEndUserId .wordpress.com
optimizelySegments .wordpress.com
twostep_auth .wordpress.com
wordpress .wordpress.com
wordpress_logged_in .wordpress.com
wordpress_test_cookie .wordpress.com

Naked Security is hosted on WordPress.com VIP so if you're logged in to WordPress when you visit then you'll get all of the WordPress cookies.

More information about WordPress cookies is available in the Automattic Privacy Policy.

Quantcast

Script domains

edge.quantserve.com

Cookies

Name Domain
d .quantserve.com
mc .quantserve.com
__qca .sophos.com
__qca .wordpress.com

Quantcast is a marketing and advertising organisation and its tracking features are used, somewhat controversially, as part of the WordPress stats facility. Automattic (the folks behind WordPress.com) say it's not used for ad tracking and they don't sell user data.

Read the Quantcast Privacy Policy to find out more about how they use cookies and if you're not convinced you can visit their opt out page.

Google Analytics

Script domains

google-analytics.com

Cookies

Name Domain
__utmx_k_* nakedsecurity.sophos.com
__utmx .nakedsecurity.sophos.com
__utmxx .nakedsecurity.sophos.com
__utma .sophos.com
__utmb .sophos.com
__utmc .sophos.com
__utmz .sophos.com
__utma .nakedsecurity.sophos.com
__utmb .nakedsecurity.sophos.com
__utmc .nakedsecurity.sophos.com
__utmz .nakedsecurity.sophos.com

We use Google Analytics to see how many people are visiting our site and what's popular.

We have 2 Google Analytics profiles, and consequently two sets of cookies. One is for all of Sophos and one just Naked Security. We know we could have set that up better but we didn't and now we're basically stuck with it. Don't ask.

You can read more information on Google's use of cookies in their privacy policy and specific information on how Google Analytics uses cookies is available from Google Code. Google also provides a Google Analytics Opt-out Browser Add-on if you want to avoid being tracked.

YouTube

Cookies

Name Domain
VISITOR_INFO1_LIVE .youtube.com
PREF .youtube.com

When we add a video to one of our articles we embed the video using YouTube. More information about YouTube and Google cookies is available in Google's privacy policy.

Polldaddy

Script domains

static.polldaddy.com

We use Polldaddy for the "How likely are you to recommend Naked Security" widget at the bottom of each article, for the "Rate This" widget on each comment and for occasional polls.

SoundCloud

Script domains

w.soundcloud.com
sb.scorecardresearch.com

Cookies

UID .scorecardresearch.com
UIDR .scorecardresearch.com
sc_anonymous_id .soundcloud.com
__utmz .w.soundcloud.com
__utmb .w.soundcloud.com
__utmc .w.soundcloud.com
__utma .w.soundcloud.com
tmst .xiti.com
idrxvr .xiti.com
xtant w.soundcloud.com
xtan w.soundcloud.com
xtvrn w.soundcloud.com

We use SoundCloud for embedding podcasts into our articles. More information is available on their Cookies Policy page.

Facebook, Twitter, Google Plus, Reddit, LinkedIn and Pocket

Script domains

api.facebook.com, static.ak.fbcdn.net
platform.twitter.com, cdn.api.twitter.com, r.twimg.com
apis.google.com
www.reddit.com
platform.linkedin.com

We use embeddable social media buttons from Facebook, Twitter, Google, Reddit, LinkedIn and Pocket to make it easy for our readers to share our articles.

To find out more about how these organisations use cookies please consult the Facebook data use policy, the Twitter privacy policy, the Google privacy policy, the Reddit privacy policy, the LinkedIn privacy policy, or the Pocket privacy policy.

Any Corrections?

The information on this page has been compiled in January 2014, and to the best of our knowledge, it's up to date and correct. If you think you have spotted an error on this page, or if you think we've missed something, please let us know.

cookies image from shutterstock