NSA uses Google's PREF and other commercial tracking cookies to spy on folks

It looks like every single day we find out how wrong George Orwell was, in that things are much much worse than he envisioned. New info from the files leaked by Edward Snowden shows that the NSA used cookies from Google and others to spy on systems.

Cookies are tiny bits of data stored by your browser to make your life a little easier. It’s what keeps you logged on on certain sites and what companies use for targeting advertising. But it seems like the NSA has found another use for them, by piggybacking on them such as Google’s “PREF” cookie, which is downloaded by the browser when it accesses any of Google’s services.

Through the use of such cookies the NSA could spy on a user’s activity online and even go as far as injecting code and infecting the person’s device which would give them further access to the person’s digital life and communication.

According to the Washington Post cookie information can be obtained legally by the NSA through a court order and companies are obliged by law to provide the agency with all of their data.

Many privacy groups have argued for a long time that being able to opt out of being tracked commercially by companies such as Google, should be an integral part of the web, but so far these efforts have come up short.

Source: Washington Post | Data mining image courtesy of Shutterstock

Report a problem with article
Previous Story

Apple jumps on the curved screen bandwagon by securing patent

Next Story

HP Discover: Memrister and photonics and hype, oh my?

32 Comments

Commenting is disabled on this article.

It's clear this NSA program was set up to spy on every one just because of the fact that it has so much capability and storage.And making laws to get around the 4th amendment does not make it legal,just the opposite.The Constition is the law of the land,and setting up hand picked judges with no accountability and no citizen oversite proves the point.It just a rubber stamp on violating the aveage law abiding citienzens right to privacy.It also came to light that what the NSA could not obtane it has the british spy agency obtained for it,has is this legal?How many terriost attacks has this stopped,none,the whistleblower Snowden and all the ones before this, brought these illegal acts of mass spying to light,the transpency we were promissed.There is no outcry in congress or the President(the ones that are suppost to represet us) on this troubling program.It appears this adminastration wants to spy on every one,the questions every one should be asking is why!Welcome to the USSA.

Brony said,
Even NSA prefers Google than the "other".

off course, the biggest spy agency prefers the biggest spy company. It's a match made in heaven, specially if you run google services.

"Through the use of such cookies the NSA could spy on a user's activity online and even go as far as injecting code and infecting the person's device"

Yeah, this is not possible. They don't have access to the cookies, just the data from Google. Even if they did have access to the cookies, you can't infect a computer via them.

Sly_Ripper said,
"Through the use of such cookies the NSA could spy on a user's activity online and even go as far as injecting code and infecting the person's device"

Yeah, this is not possible. They don't have access to the cookies, just the data from Google. Even if they did have access to the cookies, you can't infect a computer via them.

Depends, maybe they know about some security flaws - we've seen in the past how buffer overflows could trigger executables on the client machine. Could also be this is plain BS.

Sly_Ripper said,
"Through the use of such cookies the NSA could spy on a user's activity online and even go as far as injecting code and infecting the person's device"

Yeah, this is not possible. They don't have access to the cookies, just the data from Google. Even if they did have access to the cookies, you can't infect a computer via them.

agreed. not directly at least. the best they could do is forge the cookie data to exploit some kind of hole against the target site and get some kind of information. But if they have the ability to modify cookies on the fly, they surely have the ability to inject script, which would be FAR FAR more dangerous.

What you could do is only output malware or social engineering attacks only if you see a particular person accessing the page. It doesn't seem like a very effective method but it is technically doable. It's no different than displaying a different ad based on the user.

What I also find shocking is that one man - Edward Snowden - had access to such a massive, and varied amount of NSA information. Surely, the NSA would not grant such widespread access to any one individual within the organization!? Makes you wonder just what else will emerge from the Snowden leaks in the coming weeks/months!

Spicoli said,
You can make up pretty much anything you want and people will believe it. Appeal to prejudice is a powerful political tool.

Are you saying that Snowden made it all up?

Spicoli said,
You can make up pretty much anything you want and people will believe it. Appeal to prejudice is a powerful political tool.

How can we be sure that what has been leaked is or is not true?

GreatMarkO said,
What I also find shocking is that one man - Edward Snowden - had access to such a massive, and varied amount of NSA information. Surely, the NSA would not grant such widespread access to any one individual within the organization!? Makes you wonder just what else will emerge from the Snowden leaks in the coming weeks/months!

well, it is pretty much documented snowden had been busted by trying to gain access to un authorized material before and that his superiors wanted him out. however the security clearance firm, as well as his new NSA employer didn't bother to research him enough. All the signs were there that this guy was up to hacking and exposing whatever information he could get a hold off. So the NSA has only itself to blame for hiring him and all he did was hack away once he was inside the firewalls. surprised? It's like asking a thief to be your maid.

este said,

How can we be sure that what has been leaked is or is not true?

You can't but logic requires the one making the claim provide the proof. You cannot demand a negative proof.

este said,

How can we be sure that what has been leaked is or is not true?

If the leaked documents were not true then why would the US be trying to arrest him for leaking them?? They would be trying to arrest him for something else.

-adrian- said,
Well the problem is that - administrators are well.. administrators


This. If you're an admin who's going to stop you?

That's like being an Admin for a system that blocks some websites for people. Guess what? Not for admins.

GreatMarkO said,
What I also find shocking is that one man - Edward Snowden - had access to such a massive, and varied amount of NSA information. Surely, the NSA would not grant such widespread access to any one individual within the organization!? Makes you wonder just what else will emerge from the Snowden leaks in the coming weeks/months!

You are assuming competence in a government entity. LOL!!

If someone can list one agency that is competent and runs efficient business, please do. One?

BigBoy said,

You are assuming competence in a government entity. LOL!!

If someone can list one agency that is competent and runs efficient business, please do. One?

I would say the military. Not cheap but they tend to be very efficient at what they do =). Aside from that...

GreatMarkO said,
What I also find shocking is that one man - Edward Snowden - had access to such a massive, and varied amount of NSA information.

He also used other people's credentials according to reports.

-adrian- said,
Well the problem is that - administrators are well.. administrators

If the system is designed properly, they aren't...

In security conscious environments, administrators should have little more access than approving a request or replacing encrypted media that they themselves cannot read.

(The 'administrator' argument is what Google uses when they explain that their employees need to have access to user's stored data, and it is wrong.)

and who is setting the encrypted stuff up and is responsible if something does not work properly with the encrypted stuff? right.. the admin.. so he has to know its ways.

Scabrat said,

I would say the military. Not cheap but they tend to be very efficient at what they do =). Aside from that...

I think you might be confusing "destroying stuff thoroughly" with "efficient". Case in point: http://www.cbsnews.com/news/re...as-at-afghan-bases-400-gal/ - think about that for a second. Then think about US military being in about 150 countries around the world. And that's only one small aspect of it. Efficient?

-adrian- said,
and who is setting the encrypted stuff up and is responsible if something does not work properly with the encrypted stuff? right.. the admin.. so he has to know its ways.

That doesn't mean the administrator needs the private key of the encrypted data, nor shall ever see the data once the system is put in place.

This is getting ridiculous that people still believe 'viewing' data is somehow required for a system to work.

Even using Windows on a desktop, you can set it up so that once the user logs in, everything they do and all their data is protected from you EVER viewing it using NTFS encryption. The only thing you can do is delete their folder/account. PERIOD.

BigBoy said,

I think you might be confusing "destroying stuff thoroughly" with "efficient". Case in point: http://www.cbsnews.com/news/re...as-at-afghan-bases-400-gal/ - think about that for a second. Then think about US military being in about 150 countries around the world. And that's only one small aspect of it. Efficient?

While that is a way to look at it, looking at the military and purpose blowing stuff up the best way you can is indeed efficient =). We got the best spec ops, drones, missiles, R&D resources, ships, planes, tanks, etc, etc. Its not cheap, no. But so far, its been extremely efficient imo. Like I said, its not cheap =).

Also, look at the end of the article you linked. They will be address secondary concerns later. Right now they are focused on other things. It doesnt mean you can be efficient because you spend a lot on something.

Scabrat said,

While that is a way to look at it, looking at the military and purpose blowing stuff up the best way you can is indeed efficient =). We got the best spec ops, drones, missiles, R&D resources, ships, planes, tanks, etc, etc. Its not cheap, no. But so far, its been extremely efficient imo. Like I said, its not cheap =).

Also, look at the end of the article you linked. They will be address secondary concerns later. Right now they are focused on other things. It doesnt mean you can be efficient because you spend a lot on something.

What are you talking about? All the "best" technology you listed is extremely expensive. Is there a more monetarily efficient way of blowing stuff up? Yes, plenty.

Also, what about the countless innocents and friendly forces are injured by "blowing stuff up the best way they can". These are things that are not the target, but get blown up anyway. This is not efficient.

Militaries all around the world spend huge amounts of money and are notoriously inefficient. I don't know where you got the idea that it was any different.

M4x1mus said,

What are you talking about? All the "best" technology you listed is extremely expensive. Is there a more monetarily efficient way of blowing stuff up? Yes, plenty.

Also, what about the countless innocents and friendly forces are injured by "blowing stuff up the best way they can". These are things that are not the target, but get blown up anyway. This is not efficient.

Militaries all around the world spend huge amounts of money and are notoriously inefficient. I don't know where you got the idea that it was any different.

Like I said, you are just looking at money. Not protection efficiency. Battle efficiency. Coop efficiency.

Scabrat said,

Like I said, you are just looking at money. Not protection efficiency. Battle efficiency. Coop efficiency.

You mean to say high civilian and military casualties and friendly fire are not examples of bad Battle and Coop efficiency?

M4x1mus said,

You mean to say high civilian and military casualties and friendly fire are not examples of bad Battle and Coop efficiency?

No. I am saying with the sophistication of the planning they are doing, they are pretty efficient at it. There is going to be casualties in war. Civilian and military. But over all they are pretty dang good at it. You seem to be taking a few examples and thinking its the norm.

But thats ok. You arent going to convince me they are not efficient at battle and I wont convince you they are. That is ok. I dont really care if I do. The question was "If someone can list one agency that is competent and runs efficient business, please do. One?" I said, "I would say the military. Not cheap but they tend to be very efficient at what they do =). Aside from that..." I think our military is efficient at killing/cooperating/training/etc. You dont. Again, thats ok. You are free to have your opinion =). Thank God for that.