What are zombie cookies, and can you block them?

Let’s start from the beginning — what are internet cookies in the first place? A cookie is a piece of code a website attaches to your browser. Cookies keep information about you for performance as you move through a website or even track you when you leave it.

But the fact that cookies keep information about you and track you across the pages of a website doesn’t mean it’s necessarily evil.

There are good types of cookies. For example, first-party cookies allow websites to remember your preferences when you return. A cookie can remember what you put in your shopping cart as you move through the site or help a video streaming platform remember where you stopped watching a video. Later you can pick up watching the video right where you left off. Convenient, right?

But then there are persistent cookies that stay with you after you leave a website. These are the ones that collect data about you as you surf the web and serve you with targeted ads. And some are even more ominous, like super cookies (also called flash cookies) and zombie cookies. They can hide, and they can rise from the dead — incognito browsing won’t help. So how do they work?

Like a regular internet cookie, a zombie cookie is a piece of data that a website attaches to your browser as you enter it. But unlike a standard cookie, a zombie cookie can be stored in multiple locations with backups in the browser. Even if you delete a zombie cookie, its dormant copies stored elsewhere will respawn the cookie using Quantcast technology.

The zombie cookie takes advantage of vulnerabilities in the Adobe Flash Player that, to remember customer preferences, gives them a unique user ID. Zombie cookies combine two types of cookies (a standard HTTP cookie and a super cookie). If you cannot delete cookies from every possible hiding location, the Quantcast program retrieves your user ID and reapplies it to follow you through the web.

The primary purpose of these cookies is to track you across multiple websites using cookie syncing. Cookie syncing enables web trackers like zombie cookies to link your user ID across different sites and gather as much information about you as possible, which is the main purpose of zombie cookies.

Zombie cookies collect information about your preferences, what websites you visit, and what you look at on different sites. The zombie cookies usually provide the collected data to various companies for marketing purposes.

Thankfully, modern browsers are designed to give you some control over the information you share with third parties. You can opt out of third-party cookies, and some browsers have advanced settings that let you delete flash cookies, like zombie cookies.

• Use specialized software to delete zombie cookies. Following the regular process to delete cookies in your browser may not be enough. Consider third-party tools like CCleaner that go a step further. But like always, remember to do thorough research before installing anything on your devices.
• Delete cookies from your browser regularly. While this might not get rid of zombie cookies, clearing cookies on your browser occasionally is an excellent habit to increase your privacy.
• Opt out of cookies when you can. Whenever you visit a website, you’re presented with a choice. Allow all cookies or just the essential ones? We recommend you opt for essential ones since they improve the quality of your web visit. Third-party cookies are the ones that track you across websites.
• Use privacy tools. NordVPN’s Threat Protection feature automatically blocks targeted ads and web trackers from following you online.
• Use a privacy-oriented browser. Some browsers are more privacy-oriented than others. Depending on your needs, consider switching to browsers focused on data safety like Epic, Firefox, Puffin, FreeNet, or similar.

However, keep in mind that even when you take all of these steps, some super cookies are near impossible to get rid of, like the ones implemented by your ISP.

Serious controversy surrounds zombie cookies and, more broadly, super cookies. Over a decade ago, in 2010, a lawsuit was brought up in the U.S. against Quantcast because it had violated federal computer intrusion laws.

The court ordered the websites to delete users’ personal information and stop collecting it in such an intrusive way in the future.

In 2011, an EU Directive was introduced across Europe that gives internet users the right to refuse cookies from the website they are visiting. Eventually, many other countries followed suit. That is why, when visiting a site, you can now opt out of cookies or choose to accept only essential cookies (what we recommend you do).