0
akarunway

Cookies w/ your milk anyone?

By akarunway, in Speakers Corner

Recommended Posts

akarunway    1

akarunway
By ANICK JESDANUN
AP Internet Writer
Dec 28 4:44 PM US/Eastern

NEW YORK - The National Security Agency's Internet site has been placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most of them. These files, known as "cookies," disappeared after a privacy activist complained and The Associated Press made inquiries this week, and agency officials acknowledged Wednesday they had made a mistake. Nonetheless, the issue raises questions about privacy at a spy agency already on the defensive amid reports of a secretive eavesdropping program in the United States.

"Considering the surveillance power the NSA has, cookies are not exactly a major concern," said Ari Schwartz, associate director at the Center for Democracy and Technology, a privacy advocacy group in Washington, D.C. "But it does show a general lack of understanding about privacy rules when they are not even following the government's very basic rules for Web privacy."


Until Tuesday, the NSA site created two cookie files that do not expire until 2035 _ likely beyond the life of any computer in use today.

Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on.

"After being tipped to the issue, we immediately disabled the cookies," he said.

Cookies are widely used at commercial Web sites and can make Internet browsing more convenient by letting sites remember user preferences. For instance, visitors would not have to repeatedly enter passwords at sites that require them.

But privacy advocates complain that cookies can also track Web surfing, even if no personal information is actually collected.

In a 2003 memo, the White House's Office of Management and Budget prohibits federal agencies from using persistent cookies _ those that aren't automatically deleted right away _ unless there is a "compelling need."

A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy.

Peter Swire, a Clinton administration official who had drafted an earlier version of the cookie guidelines, said clear notice is a must, and `vague assertions of national security, such as exist in the NSA policy, are not sufficient."

Daniel Brandt, a privacy activist who discovered the NSA cookies, said mistakes happen, "but in any case, it's illegal. The (guideline) doesn't say anything about doing it accidentally."

The Bush administration has come under fire recently over reports it authorized NSA to secretly spy on e-mail and phone calls without court orders.

Since The New York Times disclosed the domestic spying program earlier this month, President Bush has stressed that his executive order allowing the eavesdropping was limited to people with known links to al-Qaida.

But on its Web site Friday, the Times reported that the NSA, with help from American telecommunications companies, obtained broader access to streams of domestic and international communications.

The NSA's cookie use is unrelated, and Weber said it was strictly to improve the surfing experience "and not to collect personal user data."

Richard M. Smith, a security consultant in Cambridge, Mass., questions whether persistent cookies would even be of much use to the NSA. They are great for news and other sites with repeat visitors, he said, but the NSA's site does not appear to have enough fresh content to warrant more than occasional visits.

The government first issued strict rules on cookies in 2000 after disclosures that the White House drug policy office had used the technology to track computer users viewing its online anti-drug advertising. Even a year later, a congressional study found 300 cookies still on the Web sites of 23 agencies.

In 2002, the CIA removed cookies it had inadvertently placed at one of its sites after Brandt called it to the agency's attention.
I hold it true, whate'er befall;
I feel it, when I sorrow most;
'Tis better to have loved and lost
Than never to have loved at all.

Share this post

Link to post
Share on other sites

kallend    2,150

kallend
Quote

That is disgusting. Im not very up on what kind of information they would have been able to extract but it is still very worrying



It's disgusting, but mostly it's stupid. It's not in the same league as tapping your phone without a warrant.
...

The only sure way to survive a canopy collision is not to have one.

Share this post

Link to post
Share on other sites

akarunway    1

akarunway
It's disgusting, but mostly it's stupid. It's not in the same league as tapping your phone without a warrant.______________________________________________________________________________________________

"Despite strict federal rules banning most of them"_________________________________________________________________________________________________________________________________________________ So this is LEGAL if it's banned? Not against the law, just federal policy?
I hold it true, whate'er befall;
I feel it, when I sorrow most;
'Tis better to have loved and lost
Than never to have loved at all.

Share this post

Link to post
Share on other sites

kallend    2,150

kallend
Quote

It's disgusting, but mostly it's stupid. It's not in the same league as tapping your phone without a warrant.______________________________________________________________________________________________

"Despite strict federal rules banning most of them"_____________________________________________ So this is LEGAL if it's banned?
Not against the law, just federal policy?



It's stupid because what cornucopia of information could they expect by doing it?
They can already track anyone's internet use in far more detail than a cookie provides.
...

The only sure way to survive a canopy collision is not to have one.

Share this post

Link to post
Share on other sites

kallend    2,150

kallend
Quote

This is weak. It's like a rogue cop who regularly murders suspects receiving a reprimand for using curse words in the lunch room.



Right on.

Rank the following in order of degree of abuse:

Sanctioned torture
Secret prisons
Putting cookies on your computer
Indefinite imprisonment without trial
Wiretaps without a warrant
Invading a sovereign nation that poses no actual threat
Running up the biggest debt in history.
...

The only sure way to survive a canopy collision is not to have one.

Share this post

Link to post
Share on other sites

AndyMan    7

AndyMan
Quote

That is disgusting. Im not very up on what kind of information they would have been able to extract but it is still very worrying



I am very up on what kind of information they would have been able to extract, and it is not very worrying.

The only information they would have been able to extract was a count of the number of times you visited the NSA website, something everyone should assume every website can do (and does!) every time you visit.

They can not corelate that information to a name, a SSN, a drivers license, or anything.

All they know is "anonymous user 123234965234 visited 18 times last year, and spent 18 minutes each time".

If you don't visit the NSA website, they don't even get that.

Cookies as a privacy concern has long been mooted.

The ONLY issue here is that they seem to have mistakenly broken a rule.

_Am
__

You put the fun in "funnel" - craichead.

Share this post

Link to post
Share on other sites

Andy9o8    2

Andy9o8
Quote

Rank the following in order of degree of abuse:



OK, here goes.

1. Putting cookies on your computer
2. Sanctioned torture
3. Secret prisons
4. Indefinite imprisonment without trial
5. Wiretaps without a warrant
6. Invading a sovereign nation that poses no actual threat **
7. Running up the biggest debt in history.

In short, I am aghast.

-------------------

** (well, I'll change that to no immediate threat to the U.S.; and the murdering fucker really did have it coming - but just be up front and tell us the truth, so We The People can make an informed decision on whether or not to petition Congress to authorize action within the bounds of the Constitution)

Share this post

Link to post
Share on other sites

narcimund    0

narcimund
Quote

The only information they would have been able to extract was a count of the number of times you visited the NSA website, something everyone should assume every website can do (and does!) every time you visit.



Well, it's a LITTLE more interesting than that. Cookies can do much more than count visits.

* In shared-IP environments they separate one computer's website usage from another's.

* They can be used to compile your path through the site.

* They can correlate your entries on forms with your paths.

* In coordination with other websites they can even identify you personally if you've identified yourself to those websites.

* If that web of cooperating websites includes a major search engine or news site your entire list of interests, concerns, medical lookups, political searches, sexual habits, and commercial browsing can be mapped together into one personally identified data block.

* For instance, if you logged in to Google's AdWords, Gmail, or anything else owned by Google, your name, address, and telephone number is linked directly to your search for Viagra (or worse).

* And adbanners (or invisible web bugs) with THEIR cookies give advertisers a complete dossier of your travels through every site they touch. And that includes the search terms and sometimes the form entries you entered to get to that page.

Cookies placed by a small, isolated, static website aren't all that nefarious, but groups of websites connected by a common cookie-placing entity (advertisers for instance) can gather and correlate MORE than enough information about you to be scary.

That being said, I seriously doubt the HTML guy at NSA is tracking anything interesting. They've GOT to be more sophisticated than that.


First Class Citizen Twice Over

Share this post

Link to post
Share on other sites

AndyMan    7

AndyMan
Quote


Well, it's a LITTLE more interesting than that. Cookies can do much more than count visits.



It's true that they CAN do more than that, but the points you mentioned are not the controversy.

The controversy is that they used cookies that expire in 2037 when the rule says they can only use session cookies.

Quote

* In shared-IP environments they separate one computer's website usage from another's.
* They can be used to compile your path through the site.
* They can correlate your entries on forms with your paths.



I assume all websites do this. All websurfers should assume all websites do this.

Quote

* In coordination with other websites they can even identify you personally if you've identified yourself to those websites.

* If that web of cooperating websites includes a major search engine or news site your entire list of interests, concerns, medical lookups, political searches, sexual habits, and commercial browsing can be mapped together into one personally identified data block.



If the NSA was doing this, indeed there would be a scandal. There is no accusation of the NSA doing this. Most browsers are set to block 3rd party cookies by default.

Quote

* For instance, if you logged in to Google's AdWords, Gmail, or anything else owned by Google, your name, address, and telephone number is linked directly to your search for Viagra (or worse).



The NSA is not apart of Google Ad-word. The fact that Google collects data and keeps it private is not relevant to the NSA "scandal". Google does not release data it collects. Google has one of the best privacy policies of any of the major sites.

Websites can not use cookies to collect private information - unless users post that information on the internet. Value your privacy? Don't post private information on the internet.

There's a legitimate problem of privacy on the Internet. The fact that the NSA used the wrong kind of cookie on their website is not one of them.

_Am
__

You put the fun in "funnel" - craichead.

Share this post

Link to post
Share on other sites

AlexCrowley    0

AlexCrowley
oh for fucks sake.

This is not an issue unless you're a egocentric tool with too much time on your hands to read bullshit websites about the power of computers.

Look, if this story gave you pause for thought its time to remember this:

YOU ARE NO ONE. NO ONE GIVES A FUCK ABOUT WHO YOU ARE. NO ONE IS WATCHING YOU BECAUSE YOU ARE - on a national security scale - FUCKING BORING.

Thank you, move along.

TV's got them images, TV's got them all, nothing's shocking.

Share this post

Link to post
Share on other sites

crwtom    0

crwtom
http://www.cookiecentral.com/ seems to have a lot of good info.

In any case, any decent browser should allow you to erase existing
and block future cookies. The above URL contains articles that describe
a few more intelligent tricks such as placing empty files in cookie
directories etc.. You may lose some conveniece - but that's always
been the price of security.

The NSA thing sounds like an honest software glitch. But you
never know - perhaps "doubleclick.com" is secretly run by themB|

Cheers, T
*******************************************************************
Fear causes hesitation, and hesitation will cause your worst fears to come true

Share this post

Link to post
Share on other sites

akarunway    1

akarunway
"By the way, nice PA there."_________________________________________________You like that. Unlike all your veiled insultes to everone for the most part. I call a spade a spade and you run to momma crying:P P.S. You'd love to meet me in person
I hold it true, whate'er befall;
I feel it, when I sorrow most;
'Tis better to have loved and lost
Than never to have loved at all.

Share this post

Link to post
Share on other sites

AlexCrowley    0

AlexCrowley
It's hardly personal if I do it to everyone. Neither have I outright called anyone anything - except for the two occasions I was banned - one for 'calling a spade a spade' and once because what I wanted to post was worth a couple of weeks in a timeout.

I certainly haven't felt the need to stoop to 'hey asshole' unless Im talking to Sinker[Micro] and thats only because we're deeply in love, in a manly, platonic, yet strangely erotic way.

Edited to add: what is this about veiled insults anyway? If people arent smart enough to spot it is it veiled? If people dont have a sense of humor is it veiled? People should stop worrying - if Im insulting you (plural) I'll be sure to put a very large flashing sign there - I dont do subtle.



Anyway, the cookie thing still hasnt been explained.
Please help me, I'm so confused.

TV's got them images, TV's got them all, nothing's shocking.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing