Cookies, scripts and your privacy

Our readers occasionally ask about the cookies and external scripts that we include in Naked Security’s pages.

By using our site you accept the terms of our Privacy Policy and you are agreeing to our use of cookies. If you do not wish to allow cookies, please disable cookies before continuing to use this website.

We use them because they each do something that we think is valuable. Of course, you don’t have to agree that they are useful, and you can block the scripts and cookies that you don’t want.

Below we’ve tried to explain what services we’re running, why we use them and what they do for us. We’ve also provided information so that you can block scripts or cookies that you aren’t comfortable with.

Exactly which cookies you’ll get when you visit varies a lot, and the various permutations are too intricate to list in full. A lot depends on which social networking websites you use and which ones you are logged in to when you visit the site.

A quick primer: cookies and scripts

If you know what cookies and scripts are you can skip this bit.

A cookie is a small data file that a website can store on your computer and which your computer then shares with that website each time you view a page. Cookies can be useful for things like recording if a user has logged into a website or not. To find out more about cookies, visit

Scripts are small computer programs embedded within web pages that give those pages extra functionality.

Tools for managing your privacy

Your first line of defence is your web browser privacy settings. Different browsers have different features but most will allow private browsing and/or various degrees of control over which kind of cookies you will accept. For specific instructions about how to enable or disable cookies on your computer, please refer to the documentation for your browser software.

You can also increase your control over scripts and cookies with a multitude of browser plug-ins such as NoScript, Ghostery, Lightbeam and Do Not Track Plus.

If you do not wish to allow cookies, please disable cookies before continuing to use the Naked Security pages. If you choose to disable cookies, some of the Naked Security pages may be functionally limited.

The cookies and scripts we use

Naked Security / WordPress

Script domains,,

Naked Security Cookies

Name Domain

We use these cookies to remember if you have told us you don’t want to be bothered with prompts to sign up for our newsletter or our various social media channels.

WordPress cookies

Name Domain

Naked Security is hosted on VIP so if you’re logged in to WordPress when you visit then you’ll get all of the WordPress cookies.

More information about WordPress cookies is available in the Automattic Privacy Policy.


Script domains


Name Domain

Quantcast is a marketing and advertising organisation and its tracking features are used, somewhat controversially, as part of the WordPress stats facility. Automattic (the folks behind say it’s not used for ad tracking and they don’t sell user data.

Read the Quantcast Privacy Policy to find out more about how they use cookies and if you’re not convinced you can visit their opt out page.

Google Analytics

Script domains


Name Domain

We use Google Analytics to see how many people are visiting our site and what’s popular.

We have 2 Google Analytics profiles, and consequently two sets of cookies. One is for all of Sophos and one just Naked Security. We know we could have set that up better but we didn’t and now we’re basically stuck with it. Don’t ask.

You can read more information on Google’s use of cookies in their privacy policy and specific information on how Google Analytics uses cookies is available from Google Code. Google also provides a Google Analytics Opt-out Browser Add-on if you want to avoid being tracked.



Name Domain

When we add a video to one of our articles we embed the video using YouTube. More information about YouTube and Google cookies is available in Google’s privacy policy.


Script domains

We use Polldaddy for the “How likely are you to recommend Naked Security” widget at the bottom of each article, for the “Rate This” widget on each comment and for occasional polls.


Script domains



We use SoundCloud for embedding podcasts into our articles. More information is available on their Cookies Policy page.

Facebook, Twitter, Google Plus, Reddit, LinkedIn and Pocket

Script domains,,,

We use embeddable social media buttons from Facebook, Twitter, Google, Reddit, LinkedIn and Pocket to make it easy for our readers to share our articles.

To find out more about how these organisations use cookies please consult the Facebook data use policy, the Twitter privacy policy, the Google privacy policy, the Reddit privacy policy, the LinkedIn privacy policy, or the Pocket privacy policy.

Any corrections?

The information on this page was compiled in January 2016, and to the best of our knowledge, it’s up to date and correct. If you think you have spotted an error on this page, or if you think we’ve missed something, please let us know by emailing

9 comments on “Cookies, scripts and your privacy

  1. Thanks Paul and team for an exemplary transparent set of cookie and tracker info. I hope others will follow your lead. (I see the sky as not fallen.)

    As someone who, as a result of the out of control excesses of the tracking industry, does not want to be tracked other than for essential purposes, and mostly browses on mobile, the advice to use the Do Not Track options is however typically not viable for me: these tools are desktop centric, and do not work on iOS browser, or any system that is trying to decline third party trackers.

    It is bizarre, an indicator of the tacking industry’s apparent contempt for the intelligence or interests of its subjects, to be told by them: “if you do not want third party cookies our solution is you have to accept third party cookies!”


  2. I don’t mind cookies being used what I do mind is that the private policy terms and conditions apply and are verified by users consistent. I am having trouble, my information is being breached and would like to more about finding out who it is not only stopping it.

  3. It is ironic that your Naked Security site, which deals so much with privacy issues, is placing so many tracking cookies. In just opening one article on this site, I found that there were 13 cookies placed, and of them, 6 were flagged by Privacy Badger as actively tracking me.

    I read your cookies policy webpages carefully and still find a basic conflict here with your basic mission.

  4. I wish Sophos to know that I read your news on a gmail account. But today, I found an email from Sophos to another of my email accounts advising me that as an early subscriber I am being given a 30 day free trial of Sophos Home Premium and that if I wish to not pay for the premium plan, or didn’t want the 30 days free service I could opt out. So my question is, did I make a mistake when I clicked on the email at the bottom to opt out? Was that a fake email and not from Sophos at all?

    • If you’ve opted out of our emails, you won’t receive any more…but that won’t affect your use of Sophos Home. Sophos Home is still 100% free and you may use it for as long as you like.

      By the way, opting out of our emails doesn’t lose you anything – you can still activate a 30-day trial of Sophos Home Premium by visiting this web page:


  5. While I appreciate the transparency, I do mind cookies and I have no chance to opt-out of the unnecessary ones. Will you use my email address to contact me? Don’t, you haven’t got my consent.

    • No, we won’t use your email address to contact you. You are under no obligation to provide one, (you can comment anonymously), but I have deleted the email address you supplied in any case.

  6. This probably the best ‘policy’ I have seen. Well done on that. However, I do find it frustrating that it can take an hour or more to start looking at any website as, to be safe, you should first read all this ‘stuff’ to understand what you’re letting yourself in-for – only to find that you cannot then pick and choose what to accept and what to reject, quickly: if at all. In short, the rules are flawed.

What do you think?