Forgot your password?
typodupeerror
Government United States

Why the NSA Piggybacks On Consumer Tracking 62

Posted by timothy
from the because-it's-there dept.
An anonymous reader writes "'Snooping on the Internet is tricky. The network is diffuse, global, and packed with potential targets. There's no central system for identifying or locating individuals, so it's hard to keep track of who is online and what they're up to. What's a spy agency to do?' In a Slate op-ed, Ed Felten explains how consumer tracking makes the NSA's job much easier. Felten was the first-ever Chief Technologist at the Federal Trade Commission, serving as the agency's lead technical expert on privacy issues. Now back in academia, he argues that the NSA gets a 'free ride on the private sector,' from distinguishing users, to pinpointing geolocation, to slurping up network traffic."
This discussion has been archived. No new comments can be posted.

Why the NSA Piggybacks On Consumer Tracking

Comments Filter:
  • Requestpolicy, Noscript & Lightbeam are all Mozilla Firefox addons may well give you a hint of commercial snooping but what other measures can you take to keep your browsing habits and data safe from the eyes of others?

    • by AndroSyn (89960) on Saturday December 14, 2013 @11:37AM (#45689139) Homepage

      Encrypt everything, make life as difficult as possible for those who would snoop your traffic. You mention Firefox plugins, perhaps you should also be using the HTTPS Everywhere plugin: https://www.eff.org/https-everywhere [eff.org]

      Also make sure you are using the SSL Observatory function, this should at least help prevent MITM type attacks against you.

      • by flyingfsck (986395) on Saturday December 14, 2013 @12:17PM (#45689321)
        Browse with TOR whenever possible and restart the TOR session frequently.
        • by AndroSyn (89960)

          I'd consider TOR exit nodes to be fully monitored, so obviously you'd want to take all of the steps above as well, when browsing over TOR.

        • by mcgrew (92797) *

          All those techniques are fine for stopping them from spying on me, but their spying on me isn't the problem. They have nothing to gain by spying on me. The problem is that they're spying on everyone, and that's what needs to stop.

    • by Anonymous Coward

      I'm always amazed at how the Firefox crew manages to fuck up their browser's UI more and more with each release, includes unnecessary crap like a slow-as-fuck PDF reader, remove the easy-to-access preferences option for disabling JavaScript, and wastes time with asm.js, while simultaneously not including by default useful functionality like that offered by those addons.

      The functionality offered by those addons you listed, and others like HTTPS Everywhere and Ghostery, should be included by default. Make use

    • by mrchaotica (681592) * on Saturday December 14, 2013 @12:16PM (#45689315)

      A post in a thread a few days ago gave a good list. (I'd link back to it, but I can't find it.)

      • RequestPolicy
      • NoScript
      • RefControl
      • Ghostery
      • HTTPS-Everywhere
      • BetterPrivacy
      • Cookie Monster

      I didn't list Lightbeam because while it is good at visualizing tracking, it doesn't actually stop it.

      I also currently use

      • AdBlock Plus
      • Self-Destructing Cookies
      • DuckDuckGo search provider

      I'm also looking into running a YaCy [yacy.net] server so that I don't depend on centralized (and therefore inherently trackable, even if some say they don't) search engines at all.

      • by Jah-Wren Ryel (80510) on Saturday December 14, 2013 @02:36PM (#45690091)

        You can also play games with your browser sessions. Both firefox and chrome support multiple browser sessions running simultaneously. I have one just for google searches, another just for youtube, another just for banking, etc. That keeps your cookies and other fingerprinting information like extensions, browser history, etc unique to each task.

        If you run firefox with these arguments it starts up with a picker that lets you choose which profile to run:

        firefox --ProfileManager --no-remote

        I give each profile a different theme and change the titlebar to start with a prefix (like "GOOGLE: xxx" or "BANK: xxx") with the customize_titlebar add-on [mozilla.org] to make it easy to visually distinguish between different sessions.

        I also use the user-agent switcher extension to give each browser session a different user-agent. I usually set them to say the OS is Windows (I'm on linux) to blend in better with all the other Windows users and then each one is set to report a slightly different version of firefox (like 25.0 or 25..0.1 or 24.0 etc).

        It is not just about hiding yourself it is about polluting their databases. Switching the user-agent isn't 100% -- some javascript can figure out the browser version via other means. But it is low-hanging fruit because the user-agent gets transmitted with every single http request your browser makes, so anyone passively sniffing the wire will get whatever you set it to.

        https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/ [mozilla.org]

        There is a similar add-on for chrome by a different author, haven't used it myself:
        https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg?hl=en-US [google.com]

        For firefox you have to make an additional change in about:config in order to have your user agent stick permanently because java gets confused on startup if it is spoofed. Create a new preference 'useragentswitcher.reset.onclose' and set it to false.

    • That's all great for in the browser.

      In real life, I often ask random people on the subway to swap discount, club and rewards cards with me.

  • Opinions on each of these, slashdotters?

    AdBlock (or cat block) with EasyPrivacy
    DoNotTrack
    The no-tracking bit on web browsers
    Denying 3rd party cookies
    Denying traffic on ports other than 80/2083
    Not using Google services (I mean c'mon people)
    Allegedly private search engines like ixquick
    Not using or logging out of social media
    Proxy servers (but how do you know if a proxy is run by the NSA?)

  • But to say it "gets a 'free ride on the private sector'" ignores the fact that the reverse is (possibly) even more the case. We paid for the Internet and did so with the expectation that we would receive and keep certain rights. Instead, Verizon, Comcast and their ilk do everything in their power to clamp down on Internet access and usage either directly (through their greed) or by worming their way back and forth into and out of lobbyist and politically appointed government positions. Add to that the MPAA
  • I never understand claims like that. Do you know how incredibly cheap storage is? Now what if you had government-sized money. How hard would it be to store all data forever?

    Even if it is exabytes. Who cares? They don't sound like the kind of people to let stuff go just to save a few bucks. And to them, it really is just a few bucks.

    • Not to mention, given the exponential growth rate of the Internet's data, if you have the capacity to store data for year N (this year), then storing the data for year N-1...N-N (all years from the beginning to last year) is trivial.

  • ISP routers (Score:4, Informative)

    by gmuslera (3436) on Saturday December 14, 2013 @11:40AM (#45689151) Homepage Journal
    Even ISP routers are being used to get in our private networks, our VPN and even our Tor connections. In NSA/GCHQ sources and methods uncovered [politaia.org] there are some suggestions to improve things a bit.
  • it doesnt matter who made it or how much information it gathers. if it provides more information, they are going to use it. it's just like how microsoft copies google search results via Internet Explorer search bar to put into Bing. is it an asshole move, yeah. are they still going to do it even though they have been caught, yeah.

    why is this even a question?

    • by Trepidity (597)

      Yeah, the concise answer to the question is, "because the data is there, and they can get it".

      Intelligence agencies piggy-backing on private-sector tracking is nothing new, either. Some of the earlier U.S. 4th-amendment cases came out of intelligence agencies getting access to people's telephone records. They also get information from banks, credit-card companies, and all sorts of other such compilers of private dossiers. If they want, they can probably get access to what food you eat, too, thanks to superm

  • A recent foia request by propublica for emails between NSA employees and employees of the National Geographic Channel over a time period that the TV station had aired a friendly documentary on the NSA resulted in the following response from the NSA (the supercomputing powerhouse) "There's no central method to search an email at this time with the way our records are set up, unfortunately.... [the system is] a little antiquated and archaic." A former employee of the department of labor statistics said that t
  • by BringsApples (3418089) on Saturday December 14, 2013 @12:12PM (#45689293)

    Murdering in America is tricky. The streets are packed with concerned citizens, some of which are armed, and there's local police to avoid. There's no central system for murdering or stowing dead individuals, so it's hard to keep track of who been murdered and where their dead body is. What's a murder to do?

    There, that puts it into perspective. I wonder how many goddamned NSA stories slashdot is going to pump into today's atmosphere.

    • by Anonymous Coward

      I wonder how many goddamned NSA stories slashdot is going to pump into today's atmosphere.

      I hope many more and it continues until every secret Snowden stole is made public.

      We and the rest of the World NEED to see how our our government and theirs has been lying, cheating, breaking the law (arguable since the PATRIOT has made some of this shit legal thanks to our ignorant asshole corrupt Congress and Senate), and let the World know that you cannot be complacent when it comes to Freedom.

      All of us need to hold our politicians' feet to the fire and stop being distracted by false fights for freedom (

      • Ok, then release it mother fucker, stop spooling it out. But it's as if our house (America itself), was once great, all the rooms were furnished, the walls were painted, and then one day we went into a room where vandals had spray-painted "Eat shit and die faggot/religious/artist/loner/politician/armed forces/nigger/honkey/old/young Americans!" We were shocked! And we quickly made plans to repaint the wall. So we went out and bought paint, and were all cheering each other on ready. But when we got home
        • by ganjadude (952775)
          the problem is if he just dumps it all at once, a LOT will be overlooked as the media can only grasp a few things to report on at a time. by trickling it out slowly, we ensure that it stays in the media for a longer period of time, and as such keeps the people interested in it as well. while I would personally love to see it all at once and browse everything he has, I understand that this method is better in the current climate
          • Why? What other news would you like spooled to you, in little bite-sized chunks? You just go to the police and tell them that you saw a crime and you will let them know small details as you see fit, let me know how it goes. bullshit, all of it. I'll spool-feed bait on a hook to the lake for fish, and that's what I feel is being done with (queue the deep movie-trailer voice) 'THE SNOWDEN LEAK'.

            And what "current climate" are we talking about here? I demand to know what illegal activity my countrymen a
            • by ganjadude (952775)
              Im talking about the fact that most people have the attention span of a gnat these days, If it all came out at once, it would be forgotten as quickly as that other thing that happened a few months ago, you know the one with the guy and and the gun? yeah that one
              • I know what you mean, most people have the attention span of a gnat, and that's due to the reasoning (that they see) behind 'why to store info' in the first place. We could debate this all day, with no good becoming of it. I think that the news itself in all it's totality is better than little pieces that are controlled by few, where you are apparently compiling a list of stuff so that one day you will see the whole story. I just have to ask, once you do see the whole story, what's your plan; what are yo
        • by khallow (566160)

          Ok, then release it mother fucker, stop spooling it out.

          You don't get the game. As ganjadude noted, it makes more of an impression dribbled out over time rather than dumped at once. Second, the involved reporters are milking this story for what it's worth. Obviously, you'd rather have it all now, but that's not in their interests to do so.

          Third, part of the story is the duplicitous official responses to it. For example, the Obama administration was caught in several lies early on. And they occasionally still get caught telling a humdinger (such as Obama assur

          • by robsku (1381635)

            Indeed - and had the whole thing been released at once it would now be ancient history for most people, who wouldn't even know but a small part of the whole thing.

            Sure, people like me for example would know and remember the whole thing and never forget - however as most people would not it would server more as source of frustration seeing people *not* know/care about the whole thing.

            Obviously this way it's better.

  • Two words: plausible deniability

  • What could be "Tricky" about forcing security and encryption standards to include back doors? It is a bit disheartening that they cheated, I thought these guys were the best and the brightest when it came to hacking, I never included social engineering to actually part of that.
  • ... forming a great partnership. I for one do not doublt one minute that either money, or services, or data (meta or otherwise [there is no 'metadata-as-opposed-to-real' data) has gone from NSA to Google. Truth will out.

Aren't you glad you're not getting all the government you pay for now?

Working...