NSA Places Illegal Cookies On Computers

By ANICK JESDANUN, AP Internet Writer Wed Dec 28, 4:44 PM ET

NEW YORK - The National Security Agency's Internet site has been placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most of them.

These files, known as "cookies," disappeared after a privacy activist complained and The Associated Press made inquiries this week, and agency officials acknowledged Wednesday they had made a mistake. Nonetheless, the issue raises questions about privacy at a spy agency already on the defensive amid reports of a secretive eavesdropping program in the United States....

news.yahoo.com.

Computers are my business and there is no way "mistakes" like this should not be uncovered during routine quality assurance testing. It is much more likely that this was a policy decision much like the policy decision by one of the credit cards authorization companies to strip off customer information for mailing list sales even when their contract with Visa/MC prohibited such stripping.

DallasNE

any more than a gif or jpg can monitor your surfing habits. they are small texts files that may be modified or read by various sites depending on your browser settings. sites do use cookies to store information like what page you visited last time you visited the originating site.

originating sites can snoop your IP address but short of downloading spyware the information you get from a cookie is pretty limited. If you are still worried just block cookies entirely.

btw pornsites (so I'm told), games companies and marketing companies have been sneaking spyware onto peoples machines for ages not just to monitor surfing habits but to check if there are pirate copies of software or second party hacks running in the background.

The only foolproof way to get rid of all of them is to reformat your drive and re-install everything.

How do you think doubleclick works?

If a site sets a cookie on your system and you visit another site that looks for that cookie and finds it, voila, your surfing habits have been tracked. So, suppose you start a company that pays website operators to include a bit of code that both sets and checks for certain cookies. If you get enough websites to agree to do this, you can get a pretty good profile of a person's habits. And, if you are, say, a government agency forcing websites to do this, or even purchasing the information from some legitimate tracking service, you can get a really good profile on a person.

I also disagree entirely with the notion that the information you get from a cookie is limited. In terms of absolute volume of the information stored in the cookie itself, sure, it's limited. But, it can contain your IP address, and from that small bit of information, you can get a lot of other information. Cookies can also contain passwords and other private information that would be used in ways very harmful to the person to whom they belong.

Cookies are essential in the operation of some websites, so turning them off completely often isn't worth it for most Internet users. But, one should clear them on a regular basis and block those that originate from 3rd party sites.

As for .jpg and .gif files, I assume you've heard of a web bug? The image itself may not do anything, but the manner in which it is delivered to your web browser can do quite a lot.

I usually have cookies on prompt myself as well as scripting and lots of higher 'functionality', yes it's a pain but I've had it with activeX viruses and spamware. Cookies allow the originating site to obtain your local IP address because it has to place the file on your hard disc. If they contain info like passwords and can be accessed remotely then they are a massive security hole symptomatic of catastrophic design.

Any site that wants to set a cookie on my machine that expires in 2038 immediately gets a 'block all cookies from this site' tag. there is no way any data on my disc is going to persist for that length of time as I will have upgraded/re-equipped/re-installed long before that.

The original post gives the impression that cookies are used as spyware. Yes, cookies can be farmed for data but only if the farmer has knowledge about where to find the cookie, what the name of the file is and can interpret the information held in the cookie. All this crap about functionality is an excuse to monitor our spending/surfing habits so marketing zombies can pressure us into buying more useless rot.

The article in the original post was apparently written by someone who is rather ignorant of the way things work, so my disagreement with you was not necessarily an agreement with that article.

I just felt your comments could leave a false impression that cookies can't be used in ways detrimental to the person who has them on his or her machine. On that note, you're correct in saying that the data farmer has to have knowledge about the cookie itself before information can be efficiently taken from it, but that's the point. Doubleclick, for example, knows to look for its own cookies, and thousands upon thousands of sites set and retrieve doubleclick cookies, giving a pretty good idea of a person's surfing patterns if they don't bother to block/clear these from their system.

I'll defer to you're superior knowledge on web browser subtlties. I'm more of a green-screener myself.

Which does not have the strength or law or regulation. IIRC some commercial server packages use them by default. Cookies have a very limited functionally, this is a tempest in a teapot, nothing more. Focus on the real (an important) issues that so sorely need our support.

For the government to install this type of spyware cookie on your computer.

If there was no benefit to NSA they would not be installing these cookies without knowledge. While this may not bother you it is a good example to show the extent the paranoid Bush administration has gone with lawless activity. I will grant that this is less serious than the warrantless wiretaps on Americans.

Occams Razor anyone?

Welcome to DU!! :toast: