· · · What is CookieCooker? · How it works · Download CookieCooker · · ·

Screenshot CookieCooker is a tool that enables you to protect your behavior and your interests from being spied on on the internet. CookieCooker changes the cookies set by web servers on the own home computer to falsify the user profiles collected by the web servers. Especially CookieCooker contains an identity management module that facilitates the generating and using of web accounts. Thereby it realizes a high degree of pseudonymity and limits the amount of data transmitted to the minimum possible. E.g. the surrender of authentic personal data in web forms is avoided unless they are needed for the expected service.

CookieCooker is available free of charge for Microsoft Windows operating systems. We recommend to use both CookieCooker and our Anonymizer JAP to get an optimal protection against spying on your behavior on the internet.


Security problem with all CC versions up to and including version 0.00.015 Please install the new version 016. The downloaded file needs to be extracted into CC's program directory.

Under certain circumstances the bug allows other users to surf via your CookieCooker. Identities saved in your CC will not generally be disclosed since the identity selection window will pop up on your local screen.



What is it all about?

Cookies have been developed to help service providers on the internet recognizing specific users. Cookies are small data packets a user's computer stores on behalf of a web server. With every further visit of the web server the data packets are transmitted to the web server by the user's web browser. (similar to a customer card shown with every purchase). Every user gets a different cookie and by recognizing this cookie certain data about the user can be stored and collected. For instance the search criteria that he used. A user profile can be derived from his behavior.

Usually the above procedure takes place without asking or even informing the user. Quite seldom a user is allowed to decide independently if he agrees to the storage of his data or not. Often providing the service is bound to the agreement to data storage.

Newer browsers offer the possibility to ask the user before the storage of a cookie. Unfortunately this affects the usability if the web servers wants to set cookies quite often. There are possibilities to refuse cookies completely but unfortunately web services that are unable or unwilling to avoid cookies are not usable any more.

Because of many users' increasing sensitivity in using cookies many web servers have changed their method to trace users. Their services now require user registration with account and password. Obviously the effect is just the same as with cookies: A user's behavior is traced by his account quite easily. Many providers even use these accounts to demand much more personal information from the user than they would have gotten from cookies. On the other hand (from a data protector's view) it is an advantage that the user becomes conscious of his own traceability - and he has access to his account information and the data collected within it. Additionally a user is able to change his account. This leads to different user profiles for the service provider who may not able to connect them easily.

Of course the above mechanisms (cookies and accounts) are not exclusively and by every service provider used to build user profiles. Sometimes the user has advantages from being recognized by the server. Usually the user gets access to offers adapted to his needs and to individual data e.g., e-mail or SMS. A tool like CookieCooker, dedicated to the users privacy has to make sure that these advantages are preserved.

The largest problem with regard to cookies are web advertisers. Usually a cookie is only send to the server which set it. In many web sites advertisising banners loaded from a central avertising web server are embedded. By visiting such a web site the user also loads the banner from the avertising web server. Thereby this advertisind server is able to send and receive cookies and extend a user's profile. The user profile consists of all information the avertising web server got from the web sites its advertising banner is embedded in.

What do you achieve by using CookieCooker?

By using the CookieCooker a user is able to use the advantages of cookies and user accounts while making it difficult to build user profiles. There's no way to make it impossible because it is always possible to trace users if the effort made is high enough. By only using this tool no one is able to protect himself against tracing by a secret service or similar institutions. Therefore you additionally need an anonymizer service which also protects the communications relation between sender and recipient. But the CookieCooker prevents the user profiling that is quite commonly done by many web servers. "User profiling" already is a real danger also for the "usual" internet user because it works fully automatically with quite low effort (cost).

Functionality of the CookieCooker

User profiles can only be build over a long period of time if the web server recognize a user on his repeated visits. Merely by recognition the web servers knows to which user profile new information should be added. CookieCooker's functionality is now not only to manage one identity (allowing recognition) but arbitrary many.

CookieCooker's most important functions:

Usage of different identities

If a web service is usable indepently of an identity (the user has no advantage of recognition by the server) the CookieCooker may choose the identity of the user randomly or invent a new identity. Additionally it may exchange identities between users. The user is able configure these measures according to his preferences.

If recognition by the server is essentially for the service required (e.g. for e-mail accounts) CookieCooker asks the user which identity to use on every visit to the server. The user may also configure a standard identity for every web site he visits.

Exchange of cookies between users

Because the CookieCooker allows the exchange of cookies collected between users several users are able to use the same cookie. Thereby all users using the same cookie appear to be one user for the web server. The web server no longer is able to trace one single user but only the group of users using the same cookie. It collects a set of files but it can no longer be sure that every file contains only one user profile. The former profiles of users now become non-person-related profiles of the usage of the web server. The server cannot easily distinguish between the latter profiles and "real" user profiles because those several users don't show a conspicuously different behaviour than one single user. If CookieCooker is used by many users nearly every user profile collected by web servers will become useless because potentially it might not be a "real" one. Thereby also the users not using CookieCooker will be protected.

User-defined identity management

CookieCooker assists the user in using web services which need recognition or identification (e.g. web based e-mail accounts). For the usage of these services the user has to use one of his own identities. CookieCooker helps to manage these identities (i.e. it stores login name and other data) and is makes the registration semi-automatical if required. The user only has to choose which identity he wants to use for this service and CookieCooker fills in the registration forms with the prepared login data. CookieCooker gives you an overview of your identities and records their usage. Thereby you know exactly where, when and how that data was used.

Assistance at the registration at a web server

At the first usage of a web service CookieCooker assists you in filling in the long registration forms. There are two options you choose from.

Application with "real" personal data

If the web server needs your "real" personal data (e.g. your post adress) you can instruct CookieCooker to fill in the web form automatically with your real data.

Application with "faked" data

Most web servers do not need the data inquired to fulfill their service. In this case you can or even should (if you want to prevent profile building) register with faked data. Thereby you prevent at least a bulk of advertises in your conventional mail box. CookieCooker assists you in filling in forms with suitable random data (e.g. town, street, zipcode). Even user name and password are chosen randomly. CookieCooker stores all data filled in under the identity used at this website. At your next visit to the website CookieCooker fills in the login data for you. You do not need to keep dozens of login names and passwords in mind.

Encrypted storage of data

To protect your personal data CookieCooker offers the possibility to encrypt all data that is stored on your computer's hard disk. The data is encrypted with the symmetric Rijndael algorithm. The password that you enter will be used as a key for the encryption.

Download CookieCooker

CookieCooker can be downloaded and used free of charge.

Attention: The current version is a beta-version. We cannot guarantee correctness. If you want to download CookieCooker now, you are a Beta-Tester :-)

Please send an email on [email protected] if you find any errors, unclear help texts or if you have suggestions.
Thank you for your interest in the CookieCooker.

DEDownload CookieCooker, Beta version 0.00.013 (850 kB, only for Windows 98/ME/NT/2000/XP)

Windows NT: If you get the error message "mapi32.dll not found" please download file: mapi32.dll and copy it into CookieCooker program directory (mostly C:\Program Files\CookieCooker).

If you don't want to install CookieCooker, but nevertheless want to protect yourself from the misuse of cookies we recommend our data protection configuration file, unfortunately only for Internet Explorer 6.0.

[email protected]
Cachefeed: v1.1 - Source - cd3035e70babb9b515bae80d16e89206