NSA Uses Google Cookies To Pinpoint Targets For Hacking 174
Hugh Pickens DOT Com writes "For years, privacy advocates have raised concerns about the use of commercial tracking tools to identify and target consumers with advertisements. The online ad industry has said its practices are innocuous and benefit consumers by serving them ads that are more likely to be of interest to them. Now the Washington Post reports that the NSA secretly piggybacks on the tools that enable Internet advertisers to track consumers, using 'cookies' and location data to pinpoint targets for government hacking and to bolster surveillance. The agency uses a part of a Google-specific tracking mechanism known as the 'PREF' cookie to single out an individual's communications among the sea of Internet data in order to send out software that can hack that person's computer. 'On a macro level, "we need to track everyone everywhere for advertising" translates into "the government being able to track everyone everywhere,"' says Chris Hoofnagle. 'It's hard to avoid.' Documents reviewed by the Post indicate cookie information is among the data NSA can obtain with a Foreign Intelligence Surveillance Act order. Google declined to comment for the article, but chief executive Larry Page joined the leaders of other technology companies earlier this week in calling for an end to bulk collection of user data and for new limits on court-approved surveillance requests."
Now 2 good reasons not to allow cookie tracking (Score:5, Insightful)
Calling for? (Score:1, Insightful)
Just do it, you moron. You don't need to ask anyone, you can just stop the bulk collection of user data.
Oh I love how they pander... (Score:5, Insightful)
A CEO of one of the most successful US Corporations in the entire world wants to put an end to data gathering, and doesn't somehow fucking get that their company exists only because they are in the business of data gathering.
Oh, I love how they pander to us while continuing to shake hands with the devil. You act like they're going to turn away one of their largest customers.
Don't get me wrong, businesses like Google almost have to take this stance "against" the enemy of the People, else they risk losing other portions of their customer base. I simply don't like being lied to by them any more than I like being lied to by my own government.
In the end, nothing will change. Nothing. The US government won't allow it. You're a fool to think otherwise.
Funny that Google complains (Score:5, Insightful)
Personally, the collection of privacy relevant information by private companies like Google is way more scary than what a government fools around with.
And don't come, it's voluntary. It's anything but, considering how many sites include elements from Google/Facebook/... (e.g. ads or like buttons), and they DO track you even if you are not a registered user. And the end user tools to customize browser behavior (to suppress unwanted elements of a webpage) are mostly non-available on mobile platforms
Worse, as is the "fundamental law" of privacy & data collection, any data collected will be abused. (Classical example, when the truck toll system in Germany was introduced, it was only allowed by the data privacy commissioner because it's absolutely illegal to use the data for anything but tolling. Couple years later, new government, and immediately "let's use the toll data for law enforcement" is a nice idea in the back rooms.)
So Google might be collecting "anonymous" data about person X, not knowing who X is, but that does not mean that the identity of X cannot be revealed later on, or be known by a third party.
Worse, anonymizing data (removing the parts that identify the user and potentially replacing them by a random id) is way harder, e.g. an interested adversary can usually reconstruct the identities, sometimes even trivially.
Idea: Build the biggest choke point possible. (Score:5, Insightful)
I've said it once, and I'll say it again: We gave you a decentralized network capable of self-healing in the face of thermonuclear war -- Packets routed around cities moments after they've vanished. Then you took the Internet, and built centralized data silos with it like fools. There is no such thing as a client and server, there are only peers that wear those hats. From here you look silly with them glued firmly in place.
There's no reason not to have your own recommendation engine in your own home. There's no reason to send personal messages and pictures to a third party just so your friends and family can see them too. As I've said: You will decentralize services, or the web will die by the folly. It may yet be too late. It would be wise to plan on a re-beginning.
Repent. The end is incredibly fucking nigh!
Re:Use Google-like monopolies to your advantage (Score:2, Insightful)
so I got ghostery noscript https everywhere. I hooked up some VPN.
to hell with cryptography, there should be laws protecting my privacy and protecting me even if I don't encrypt anything.
Larry Page objecting? (Score:2, Insightful)
How can Larry Page object to bulk collection of user data? Isn't that exactly what Google is designed to do?
Re:Idea: Build the biggest choke point possible. (Score:4, Insightful)
Apart from the obvious design advantages to centralising it. A recommendation engine, of all things, benefits enormously from being a shared resource. Communications, less so. There is nothing saying that you have to make that same trade-offs. That's the internet's other strength: heterogeneity.
When you assume something only happened because 99% of people are stupid, check again. There is usually a more informative explanation, especially when your criticisms can be applied to something like the majority of the world's scientific computing resources which are indeed centralised.
As if ... (Score:4, Insightful)
No, the advertising industry wants to target ads to us to benefit themselves, and in the process they've made everything we do tracked, monitored, cataloged, and neatly bundled up for sale to someone else.
And since I am not willing to provide them with this, I feel no compunction about blocking cookies, beacons, analytics, and a host of other things.
For website owners who rely on this, too fucking bad. Because your precious content isn't worth trading my privacy for, and I do not give a damn. It's like going to an Italian Restaurant and being told that Vinnie here also needs to get a cut.
I don't believe Google is really interested in stopping collecting user information. They may want to limit what the government can access, and they want to give the appearance of fighting for the consumer. But the big companies like Google who have really made this widespread have a huge financial interest in continuing this practice.
Once you have things like Ghostery and the like installed, and realize just how much crap is on every web page, it's astounding. Hell, right now, on Slashdot I've blocked "Google Analytics", "Google AdWords Converter", a "Scorecard Research" beacon, and whatever the hell "Janrain" is, and something called rpxnow.com -- and Slashdot isn't the "worst" site I've seen. But absolutely none of those sites is entitled to (or is actually receiving) any of my information.
Fuck the lot of them. I've more or less determined the internet is a place where 80% of the big players can't be trusted, so as much as possible, I just deny them the information they want in the first place.
Because, let's face it, doubleclick.com and the like have been douchebags for better part of 15 years. Why would we assume that would ever change?
Re:Keywords: Tracking can NOT be eliminated (Score:4, Insightful)
They can't track everyone. If you steal what you want, you don't make a purchase. If you use someone else's machine -- they track someone else -- and if you have no relationship and you bounced it through some anonymous service, there are diminishing returns on knowing you. If you know a bit more, you are spoofing MAC addresses and piggy-backing on other users. Or you do nothing electronically related to your nefarious plans.
In short; the NSA knows more about innocent people and clueless miscreants than it does about real bad guys. While collecting this massive amount of data -- they are distracted.
Now, if there goal really isn't security but SOMETHING ELSE -- well, then this should work out just fine for them. If it's security -- it's worse than if they did no tracking at all. If I were up to no good, I certainly wouldn't bother with leaving any legitimate tracks.
Re:Keywords: Tracking can NOT be eliminated (Score:5, Insightful)
If the government thinks I'm a "bad guy" and specifically targets me then I'm screwed no matter what I do. Unless I'm the target of a criminal investigation they have no valid reason to know where I go, what I buy, or who I communicate with.