I keep a close eye on cookies, removing unwanted ones on a regular basis. One cookie pops up periodically even though I don't go to the site. It is trumpgolfscotland.com

I did go to that site a few months back but haven't been there either before or since. Why would the cookie appear in the absence of a visit to the site?

If you are using Safari, go to Safari > Preferences > Cookies. Which option for Cookies and Website Data is selected?

I'm Mountain Lion, so getting to Cookies is Safari > Preferences > Privacy > Cookies and other website data, so I assume that's what you want me to view. In that window I have:

For: Block cookies and other website data I have selected From third parties and advertisers

For: Limit website access to location services I have selected Prompt for each website each day

Nothing is selected for the other two options "Website tracking" and "Smart Search Field"

I've read about "persistent cookies", which are extremely difficult, if not impossible, to get rid of, and it's totally likely that an anus like Trump would use them.

I remember the discussion about the golf course, but I've got no idea if I visited trumpgolfscotland.com, and although I'd love to experiment, I'm not the least bit inclined to take the risk.

Very often there's a related but not-at-all-obvious cookie in your cookie list. The simplest way to rule that out is to delete all cookies, but that might make other things untoward. I usually go through mine and remove anything that seems not to belong.
Another possibility is that your web cache has a beacon or some other nasty embedded. So you might wish to clear your web cache completely.
See if any of that helps.

flash seems to be the main culprit of super cookies. dig them out yourself:
~/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/

I tried that path but there doesn't appear to be anything Macromedia. I did a Spotlight search and it said there is a Macromedia folder in the Internet Plug-Ins folder.

But, when I looked there…no Macromedia folder.

I tried the same search after using Cocktail to Show Invisibles, but no luck.

Note: The Flash Plug-In is disabled.

Maybe in the main Library for all users?

/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/

(not the Library in your user folder)

I thought about that but can't find one. The only library under Users is one attached to a user who is a periodic user (a daughter when she visits).

I also opened CleanApp and it didn't list anything named Macromedia. Neither did an EasyFind search.

Maybe Trump is getting even for all the stuff I said in The Lounge.

There's got to be a second ~/Library...YOUR OWN.

For what it's worth, I've got the folder V1 referenced, /Users/artie/Library/Preferences/Macromedia

Nope. That's what I thought. In the Users folder, rather than a folder with my name, there's a picture of a house (Home?) with my name….along with Folders that have other Users' names. Clicking on the House reveals these folders:

Applications
Desktop
Documents
Downloads
Dropbox
Magazines
Microsoft User Data
Movies
Music
Pictures
Public
Sites

There is nothing named Macromedia in any of them.

The little house with your name is your User folder, but Mt. Lion is one of the versions of OS X in which ~/Library is hidden, so you may have to make it visible to find V1's referenced folder.

That did it, and I found the Macromedia folder….but nothing it it that would indicate trumpgolfscotland.

V1's referenced path was /Users/ryck/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/

In my installation, that folder contains a file named settings.sol, which stores your Flash prefs (as set in your pref pane in System Prefs).

If you've got anything else in that folder, delete it; if not take a look in settings.sol and see if anything looks off.

My recollection is that the type of cookies we're talking about can be stored in an assortment of different locations, so if you've actually got one it may not be where you're looking.

Have you tried searching for trumpgolfscotland, either as a separate file or as contents?

Going to the end of that search, I do find a Sys Folder with a document called settings.sol It is the only document in the folder, however I am unable to open it.


Yes, I searched using Spotlight but it didn't generate any results.

Note: In the Preferences folder there are some peculiarly-named folders, all of which are empty.

$¨w‰è“c
4ó‰èrb
ϧ‰èrb (3 of these)
îë‰èrb (2 of these)
ú¨‰èrb (3 of these)

I mention these in case they are a source of odd behaviour.

Mine opened in TextEdit.


I routinely delte stuff like that. An empty folder, in particular, with a name like that is most likely a meaningless artifact.

That is hard drive directory corruption. Run disk utility and verify the disk. There may be actual data damage that cannot be repaired without a reinstall.


That's kinda scary!

As did mine....thanks for the tip. However, it didn't yield anything that would indicate the trumpgolfscotland cookie…..at least to my untrained eye.


øÙTCSO
settingsautoUpdateInterval@crossdomainAllow
safefullscreenwindowlessDisablecrossdomainAlwaysautoUpdateDisableddisallowP2PUplink
defaultalwaysautoUpdateDefaultUpdatedsecureCrossDomainCacheSizeødefaultmicrophone
echosuppressionallowThirdPartyLSOAccess
domains
trustedPaths autoUpdateLastCheckBuį]€æ
defaultcameraauthorizedFeaturesExpiry
gain@I
defaultklimit@Y

I'll keep your comment in mind, but over the years I've found any number of oddly named items (I can't say whether they were files, folders, or some and some.) in ~/Library/Preferences after restarting, and I've trashed them with no repercussions.

Is there some particular aspect of ryck's items that flags them?

I ran two verifications, the Partition Map and the Volume but both came up with "appears to be OK".

Could those oddball folders be some frick and frack from a previously unadvisable installation that's since been removed?

Could the two "appears to be okay" results be because I did a DiskWarrior directory rebuild about a week ago?

Your contents are along the same lines as mine, and I think it's all stuff that belongs in there.

Good morning Moderators:

I appear to have hijacked my own thread at Post 42698. Maybe this past chunk should be moved with a new title "Frick and Frack Folders".

Or we could sell this thread as "Read this thread and get a bonus opinion"

So, it appears this may be more of a "Trump" thing than I thought. Today I had a cookie trumpmiami dot com. I visited that site Nov 12 and cleared the cookie from my machine immediately after. Now, it pops up again.

Or it may be something else….something nefarious that people such as Trump use to their advantage. I heard about a program called "Cookie" in another thread, so I went to a reviewer's site to learn about the software and, in their description of Cookie's functions, they mentioned:

"Then you’re asked if you’d like Cookie to clear the browser cache, in order to remove EverCookies.

These are the persistent cookies that have been designed to automatically respawn themselves from various secret caches, so that even when you do manually try to delete cookies from each browser, you’ll often see them reinstall themselves later."

So, I then went to Wikipedia and found:

"Samy Kamkar released v0.4 beta of the Evercookie on September 13, 2010, as open source.[9][10][11] According to the project's website: Evercookie is designed to make persistent data just that, persistent. By storing the same data in several locations that a client can access, if any of the data is ever lost (for example, by clearing cookies), the data can be recovered and then reset and reused.

Simply think of it as cookies that just won't go away.

Evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

Evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if Evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available."

….looks like I'll be buying "Cookie".

I've been running Cookie for years, and although I think I remember that, I can't find it now; where did you see it?

Let us know how you make out.

Ya, it was your mention of Cookie in another thread that got me to have a look.


My bad...I should have said in a review which is found here. found here. I'll correct the posting.

Thanks, ryck.

Yours is the only EverCookie issue I've ever run across, and I'm anxious to see how you make out.

Good luck (for both of us)!

Edit: Hmmm... Either that or I visited one of those websites and Cookie did its job as promised...sorry...can't say for sure.

After a week I can report that the software works great. I'm glad I bought it, as it saves me the trouble of going in and manually removing Cookies. Also, none of the persistent cookies have returned. I'll now get the software working in my wife's account too.

That's been my experience (*), but I'm going to hold my breath for a while on the EverCookie issue, because your past experience seems to suggest that more than a week needs to pass before you can consider them gone. But I've got my fingers crossed!

(*) At some point your liable to discover that cookies that Cookie says no longer exist still appear in your Safari pref pane (although they disappear when you quit Safari). I've discussed the issue with Russell, Cookie's developer, and the nature of cookies being what it is, kind of inscrutable, we've never quite figured out what's going on, but in Cookie's favor, I can tell you that on more than one occasion I've had shopping trips interrupted by my shopping cart's having disappeared mid-trip because a cookie that still appeared in my pref pane had presumably been deleted by Cookie via its timer.

Make what you will of it, but with that positive evidence and none to the contrary, I'm satisfied that Cookie is doing its job...but, all the same, still curious about the anomaly.

I wonder if they're the cookies described as "the persistent cookies that have been designed to automatically respawn themselves from various secret caches". That is, are they able to stow away in some caches other than the browser cache?

I don't think they're persistent cookies, because the only concrete indication of their nature I've ever gotten is from my disappearing shopping carts, i.e. they don't re-appear unexpectedly.

I think the persistent cookies are something different, i.e. your Trump cookies, and you're going to have to tell us if Cookie actually deals with them, because you seem to be the only poster who's got them.

After a week where I've checked the Cookie window (as in Cookie software) both at the start of using Safari and at the conclusion of a session (before Cookie has a chance to clear things out) and I have yet to see any of the persistent cookies.

That sounds promising...if not better.

Have you also looked in your Safari pref pane to see what's in there?

Yup….nada on any occasion.

Sounds like a thumbs-up for Russell.

I can update this observation. ProSoft Engineering has inserted a cookie a couple of times without my going to their site - and it wasn't a plain-Jane cookie, it was a tracking cookie.

Hmmm...

Maybe ask Russell about it? He's both responsive and helpful.

And, I can update the update. I've taken advantage of the Cookie Window, which allows real-time observation of cookies being installed and whether they are tracking cookies. The Prosoft Engineering cookie, which continues to pop up periodically, does not require Safari to be open. The Prosoft cookie will appear as soon as the computer is booted.

Now, that's persistent!


I haven't contacted the publisher yet.

I'm not running any Prosoft apps, so I can't experiment, but I'll hazard a guess that those cookies are placed when your app(s) check for updates, similarly to the way some of my Safari extensions place cookies when I do no more than open my Safari > Extensions pref pane.

Assuming that it's enabled, try disabling Prosoft auto-update-check and see what happens.

FWIW, I have Drive Genius installed with it's preferences to automatically check for updates, yet I do not have any Prosoft cookies.

Well, that leaves me out of ideas.

ryck's cookies are coming from somewhere, and your experience seems to eliminate all the obvious (to me, anyhow) sources.

I too have Drive Genius installed and I had (note the past tense) a Prosoft cookie. The Prosoft cookie on my system was a plain-jane cookie and NOT a tracking cookie — at least according to Cookie Stumbler (the paid subscription app, not the free Safari extension).

I deleted the Prosoft cookie then opened Drive Genius (which like Jon's is set to check for updates on launching), forced a check for updates, and browsed the Prosoft Engineering web site (although I did not fill in any forms or enter any data), checking for the cookie after each activity and the Prosoft cookie did not reappear. I have no idea when, or how the cookie was inserted, but I am comfortable that it was NOT a tracking cookie and I was unsuccessful in getting it inserted either through visiting the Prosoft Engineering website or running Prosoft Engineering applications.

Ryck, I wonder if your persistent Prosoft cookie is actually from Prosoft Engineering or perhaps it is a malware cookie masquerading as a Prosoft cookie?

Interesting thought. The next time it appears I'll try to get a bit of detail.

As an experiment, I visited Prosoft/Drive Genius to see what cookies would be bestowed upon me, with these results.

The top screenshot shows the 7 cookies that Prosoft placed, and the bottom one shows the 3 that reappeared 1 minute after the 7 were deleted and every minute thereafter when they were deleted (by my Cookie 1 minute timer).

I've now deleted all of my Prosoft cookies and set Cookie to preserve any that miraculously reappear.

Obviously there has to be some reason for our differing results.

On the premise that the cookie might have been blocked just double-checked to see what I might be running that might have made the difference. I am running Safari extensions Adguard and 1Blocker, using DNSCrypt, and have additional blocks set on OpenDNS. When I get time this afternoon, I will try disabling each of those to see if it makes a difference.

Are you using Safari? I forgot to check which of the four browsers I have installed had the Prosoft cookie. Cookie Stumbler checks all of them and I only loo0ed at the consolidated listing and not the individual browsers.

The cookie appeared this morning, as soon as the computer booted, and this is how "Cookie" described it:

Website: .prosofteng.com
Name: _cfluid
Path: /
Secure: NO
Expires: 2018-01-01 10:44 AM
Contents: dc5e44f10004d0ce4ca0d567c48cc19a11483296293
Browser: Safari


Notes:

• Cookie said there was 1 tracking cookie. It uses red type to indicated a tracking cookie.
• The information _cfluid is the only underlying information in red.
• The expiry date is exactly one year from the time I first booted this morning (10:44 AM)

My results seem to be consistent with the first result in artie's first screenshot.

The results I reported were returned by Safari.

With the exception that your cookie was _cfluid while mine was (and still is when I return to the website) _cfduid

Do you get the same cookie if you click on the Prosoft link I posted?

Edit: And is there a rule that dictates that your cookie must be similar to mine?

Yes…very similar. The cfluid and cfduid difference was there, along with different Expiry dates, et cetera, but otherwise it's the same cookie.

Interestingly, I used Safari Preferences to delete the Prosoft cookie (while at FineTunedMac, not at the ProSoft site) and it just popped in another Prosoft cookie. This one was shorter than the previous cookie (only the website entries) but it could not be removed using Safari preferences. I tried three times.

The shorter cookie was only eradicated with a Quit of Safari, and "Cookie" took it out.

When you tried to delete it via Safari prefs was the item with which you were left identified as "Cookie" or "Local Storage" (as has been my experience on numerous occasions)?

It was listed under the Cookies heading, not the Databases.

So you're saying that those cookies that you couldn't delete in Safari were actually listed as cookies in your Cookie.app pane?

Very frequently, cookies that I delete from Prefs > Privacy > Manage Website Data... reappear in the same pane...identified as "Local Storage", NOT "Cookie", but I don't recall ever running into that situation.

Yes. And, as I've been reading your post, another Prosoft cookie appeared except that it's like the one described in post # 43293. This time the name is _cfduid and the numbers under Content are different. It was deleted with Safari>Preferences>Privacy.

Well, I'm thoroughly confused, but I'm not about to buy Drive Genius to clear the fog away; maybe joemike can figure out from where your cookies are coming.

I dunno, I've seen many cookies that disappear when deleted via Safari > Preferences > Privacy only to reappear a short time afterwards, but I've never run across one that couldn't be deleted...period.

Cookie Stumbler mislead me 🤷‍♂️

Since my results were out of line with what others were reporting, I installed Cookie to double check my results. The results are significantly different between the two.

• Cookie Stumbler was not finding any Prosoft cookies and Cookie found several
• When I looked at the cookies by browser some of the Prosoft entries were reported as containing tracking cookies and others were not.
• __cfduid was reported as the tracking cookie and was found in Safari Technology Preview, but not in Safari.
• a subsequent visit to prosofteng.com in Safari netted three tracking cookies, the previously mentioned _cfduid plus Google Analytics' _ga and _gat
• __cfduid turned up in many entries other than Prosoft

As to __cfduid itself and whether or not it is truly a tracking cookie, according to Cookiepedia
In light of the Cookiepedia entry (and I have no reason to question it) together with the fact it appears Cookie declares any cookie beginning with "__c" or "_c" a tracking cookie, more like a blunderbuss than a shotgun approach, calling __cfduid a tracking cookie seems questionable.

I wish Cookie Stumbler were as good at ferreting out cookies as Cookie or Cookie were as discrete in identifying and reporting cookies as Cookie!

Stereotyping isn't politically correct, but it's probably why Cookie treats all "_c" and "__c" cookies as tracking cookies when such isn't necessarily the case.

I couldn't find out how many different cookies there are out there, but I suspect that there are so many that it's probably impossible to keep track of all of them, much less catalog each one correctly, so if "_c" and "__c" cookies are generally tracking cookies, some non-trackers are going to get swept up in the dragnet.

It seems like there ought to be a convention governing such things.

Thanks for the link to Cookiepedia; I note that it can't identify either ryck's "_fluid" or "girlscout".

this is informative:

http://www.strategyand.pwc.com/global/home/cookie-information


It doesn't appear to be a multipurpose or "common name to use" cookie, it just has one purpose, and is used heavily for that purpose. (and with a five year persistence)

the "cf" is CouldFlare, not sure on the "d", and "uid" in this case is Unique IDentifier, not "User ID". (I see "UID" used equally in both contexts around computers)

It's not as informative as what joemike posted in post #43312, and ryck and I at the least are seeing only 1 year persistence.

Still wondering what ryck's __cfluid might be.

Obviously Cookiepedia is a "work in process" brought about by the EU's recent regulatory changes regarding cookies and how the data collected by cookies can be used. At this point Cookiepedia is dependent on the cookie developers to define how data collected by cookies will be used and reported to the public at large. Be that as it may, both the EU regulation and Cookiepedia are a step in the right direction.

This thread prompted me to learn more about cookies in general and "tracking cookies" in particular. That in turn resulted in some serious rethinking of my assumptions. Even a cursory look into the subject reveals that not all "tracking cookies" are bad and in fact many are beneficial to the user. The __cfduid being a case in point. Another example is FineTunedMac, which uses ubbt_hash which is a special code that validates and logs you into the site and ubbt_myid that identifies your user name. Technically both are tracking cookies and are so identified by both Cookie and Cookie Stumbler. (You can disable these cookies by UNchecking the Remember Me box when you log in). Personally I find them a great convenience and have no intention of disabling them.

IMHO Cookie management apps need to become a lot smarter. My ideal would include a system for categorizing cookies including such things as...

• what information they send
• what is done with the information — which may be site specific
• is the information encrypted in transit or plain text
• etc.

Then the informed user would have the information necessary to make intelligent decisions and the uninformed user could simply select what level of risk they find acceptable.

The trick in all of this is obtaining and maintaining the database used by the app and would imply a database subscription. Cookie Stumbler already uses a database approach and there is an annual subscription to keep it current but what is lacking is the categorization and fine tuning of the level of trust. Perhaps the EU's efforts to regulate cookies and their use of data will make it far easier to obtain the data from the publishers of tracking cookies and make it possible for my idealized app to be developed. Windows users have paid for antivirus signature database subscription for years. It seems to me tracking cookies might present an equally serious threat to privacy and security.

PERSONAL CHOICE
The identification of tracking cookies used in Cookie is such a blunt instrument that I have chosen to disable it in favor of Cookie Stumbler's approach. Then end results may not be noticeably different, but it appears more precise to me.

Hmmmm....could be a mea culpa here. I'm now wondering, given all the excellent cookie information that's been presented in this thread, if just misread what I saw in the beginning. Perhaps I actually saw _cfduid but misread it as _cfluid as in: Old eyes + Tiny print = Reading Error.

Yup. I've now checked the Name of the Prosoft cookie at various times it's appeared (immediately after booting, when Safari is loaded, when visting the Prosoft site) and each time it's been _cfduid.

While cruising through my cookies I came across a couple I didn't recognize. Usually I merely delete them without examining what their content is. In these cases (inspectlet.com and onesignal.com — the provenance of which I haven't bothered to check, so I have no idea what websites I've visited might have set them) each had a single entry, namely _cfduid .

When I Googled that alone, the following comments showed up:

• The __cfduid cookie is used to override any security restrictions based on the IP address the visitor is coming from.

• The "__cfduid" cookie is set by the CloudFlare service to identify trusted web traffic. It does not correspond to any user id in the web ...

I'm not sure that such info clarifies the other comments and concerns in this thread, but from my perspective (and from the fact that such cookies are not 'persistent' for me on Firefox) they would appear to be simply trackers without other 'motivations'.

It sounds like you've never run across Cookiepedia's parent website, which tells that they've built a database of more than 11 million cookies, and invites participation, as well as anticipates app development.

In addition, it links to this chart, which tells an interesting tale.

My personal choice is to stick with Cookie, because, as can be seen in the linked chart, attempting to categorize cookies is nigh on to futile because of the 31% unknown factor (You've never mentioned how Cookie Stumbler treats __cfduid.), and because even if Cookie deletes the useful/beneficial 9% every minute as I've got it set to do, I've never noticed any ill effects other than losing my shopping cart on one or two websites.


Are you sure of that?

I've been with Cookie pretty much since day one, and I'm virtually certain that it has NEVER identified a single cookie placed by FTM as a tracking cookie.

And if Cookie Stumbler is identifying those cookies as trackers it leaves their database suspect.

I also note that Prosoft's version of __cfduid (if, in fact, there are different versions) recreates itself within a minute after my Cookie timer deletes it, and I wonder how many other cookies do the same?

(Writer's block overcome! )

"tracking cookies" is a term more often applied to cookies that are intended to be accessed by more than one site. A "remember my login on the next visit" really isn't a "tracking" type of cookie, it's just persistent data for that site only.

Advertisers use "tracking cookies" so when they display an ad on one web site and you click on it, they remember that you are interested in that and next time you visit some other site that uses that same advertiser, they can reload your cookie and see your interests and display more "targeted advertisement" based on your known preferences.

Simply visiting a site can count as a "preference". Do a web search for gold watches, and click on the top hits (which are tracked) and that gets you remembered. Or simply visiting a site or a landing page for gold watches, same thing, advertisers remember seeing you on that page even if you don't click anything. Then next time you visit eBay or some other site with the same advertiser on it, they think "well he was looking at gold watches earlier, lets advertise some here too" and so they do.

This is why you will sometimes notice a strange jump in advertisements for a specific kind or class of products from time to time, across a wide variety of web sites you visit - the tracking cookies have been used to decide you have a recent interest in that and are delivering targeted ads to you as a result. "Jeez my cousin was visiting last week and was on my computer looking for watches, and now all these sites I visit regularly won't stop displaying ads for watches!!" And this is why a lot of people don't like tracking cookies.

So, things have been going along quite well, using Cookie software, until recently when another persistent cookie has popped up. It started as from "ferrarimaserati" and subsequently became "ferrarimaseratiofvanc". It appears as soon as I open Safari.

With Cookie software, I just hit delete when it appears, and then once more about 15 seconds later when it reappears. Then it's done until the next time I open Safari. However, it is a pain in the patoot but I have decided on a good way to get my revenge. I've decided not to buy either a Ferrari or a Maserati. That'll show 'em!