Where’s My Cookie?

This is a benign, normal cookie. In the digital world, a cookie is a deceptively-named weapon of mass surveillance. See Englehardt, et al.

In my previous post, I asked … if you’re on, say, Windows/Chrome, where’s the cookie file located on your hard drive (assuming it’s not some fancy in-memory data structure)?

It’s a bit of a trick question because cookie data are not really kept in regular files at all.

In fact, a cookie in FF or Chrome is implemented as a row in a SQLite file.

Confusing, I know, given that WebSQL/SQLite have long been “deprecated” — but then again, after all, these boys are currently all under investigation by the US House of Representatives.

SQLite is, in fact, not only not deprecated, but indispensable to the functioning of the Chrome and Mozilla engines (I haven’t checked out Edge yet), and is critical to browser-based surveillance operations around the world.

How ironic.

To find the Chrome File, type this in the address bar of your Chrome browser:


Then go down the file and find your Profile path, which will look something like this:

C:\Users\%YourWindowsID%\AppData\Local\Google\Chrome\User Data\Profile 2

Now pay attention, because Google does a little trick here.  There is a file called “Cookies” in that directory.

chrome cookie in sqlite

What you need to do now is read it.  There are many ways to do this:  you could use JS in the console, or if you want the result set formatted without having to do any work, use DB Browser for SQLite or the Chrome Cookies View utilities from Nir Soft.

chrome cookies

Sweet, no?

This gives you essentially the same information you will find by going to Chrome’s dev tool interface (hit PF12 to go in and out of this).

But now you have a lot of control.

You know where the file is located.

You can delete it, if you want, and now for sure it’s gone (we will deal, in a future post, with the toxic cookies that keep coming back like roaches in your Florida garage).

Or you can save it, if you wish, to another location in SQLite.  Note that you can easily encrypt this data in SQLite if you wish.

Are you starting to get some dangerous ideas… ?

With JS — an easy to learn prototyping/scripting language — you can build a tool that can do almost anything you want.

For example, you might want to dick around with cookie information such that marketers build a ridiculous online “dossier” on you — don’t change everything, just enough to screw their business models, while keeping them thinking it’s still working.

Why not?

It’s your disk space.

It ain’t illegal if what you do stays on your side of the fence.

Remember:  your computer, your eyeballs, your rules. Oh, and fuck them.

Say you’re feeling generous.

You might have this incredible brainstorm and decide to develop a kind of Airbnb app on your desktop that rents out cookie disk space to Google so that at least you get something out of being spied on by all those sleazy internet marketers and data gatherers.

Google probably wouldn’t go for that, though, but Bing might.

The point is that even this little bit of knowledge has given you a level of control you did not have before.  For example, here’s how you query Firefox cookie data from a Win command line interface:

moz cookie

It’s like the Matrix, man.

Having fun yet?