OSdata tech blog
NSA uses Google cookies
NSA uses Google cookies
The U.S. National Security Agency (NSA) is using Googles advertising cookies to secretly track the public and pick targets for government hacking and surveillance.
Former NSA contractor Edward Snowden released an internal NSA slide that showed that the agency is using the cookies comapnies use to follow consumers on the internet. The slide suggests that the government uses this information to help identify targets for offensive hacking operations.
Central to Googles targetted advertising is keeping track of individuals. Google creates a PREF cookie that records a numeric code that uniquely identifies the web browser (and therefore, the indiviudal, or a family if the computer is shared). Contrary to popular opinion, the Google PREF cookie does not record a name or e-mail address).
Everytime someone visits Googles website (or any website they own, such as YouTube) or visits a webpage with a Google ad or visits a webpage with any Google features (such as Google Translate or Google widgets), Google creates or updates the PREF cookie and records the web page visited. This tracking allows Google to better target its advertising program.
The NSA uses Googles PREF cookie to track an individual across the internet and send out software that can hack an individual computer. The NSA slides claim the NSA uses Googles PREF cookie to enable remote exploitation, but does not identify the specific attacks or techniques used.
Chris Hoofnagle, a lecturer in residence at UC Berkeley Law School is quoted by the Washington Post as saying, On a macro level, we need to track everyone everywhere for advertising translates into the government being able to track everyone everywhere. Its hard to avoid.
The Washington Post claims that the NSA obtains the cookie information under a Foreign Intelligence Surveillance Act (FISA) order. Companies (including Google) served with a FISA order are required to provide the informationt he government requests and are forbidden from informing the individual that the government is spying on them.
Apples Safari web broswer automatically blocks third party cookies, such as Googles PREF cookie. As of this date, Mozillas Firefox is experimenting with the idea. None of the automated privacy systems stop the tracking when it comes from the website the person is currenty visiting (the primary site).
The NSA slide refers to the GooglePREFID, which is the unique numeric identifier stored in the Google PREF cookie. The NSAs Special Source Operations (SSO) division works with private companies to scoop up data as it flows through the Internets backbone and through the private companies proprietary systems.
The Washington Post quotes Princeton University computer scientist as saying, This shows a link between the tracking thats done by Web sites for analytics and advertising and NSA exploitation activities. By allowing themselves to be tracked for analytic or advertising at least some users are making themselves more vulnerable to exploitation.
In October of this year, the Guardian revealed that DoubleClick.net (Googles third-party advertising service) was attempting to use the cookies to identify individual users of the Internet anonymization tool Tor when they switched back to regular web browsing.
The Washington Post quotes Princeton University computer scientist as saying, Its similar in the sense that you see the use of an unique ID in the cookie to allow an eavesdropper to connect the activities of a user over time.
Another NSA slide shows that the NSA is collecting the location data transmitted by mobile apps. The mobile apps collect the location data to support ad-targetting efforts. The NSA program, code-named HAPPYFOOT, helps the NSA map Internet IP addresses to physical locations with much more precision than is possible using traditional Internet geolocation services.
Native apps can use the signals from Wi-Fi networks and cellular towers for geolocation, even if the smart phone user disables the GPS.
The Washington Post quotes Stuart P. Ingis, General Counsel at the Digital Advertising Association, as saying, If data is used and it stops the next 9/11 our fellow citizens wouldnt have any problem with it no matter what it is.
In my opinion, many people consider it a bad idea to surrender basic liberties for the rare cases when a tragedy is prevented and even more people object to the government using the data to blackmail those with unpopular beliefs.
On November 27, 2013, three Black teenagers were arrested for disorderly conduct. The three teenagers had been told by their Edison High school basketball coach to wait on a public sidewalk for the school bus so that they could be transported to scrimmage game.
A Rochester, New York, police officer ordered the Black teenagers to disperse. They attempted to explain their coachs instructions. The police arrested the Black teenagers.
The basketball coach arrived at the scene and begged the police officers at the scene to let the Black teenagers attend their game. The police officers told the basketball coach to leave or they would take him downtown.
The police report asserts Your compainant gave several lawful clear and concise orders for the group to disperse and leave the area without complaince [sic].
When the Digital Advertising Associations lawyer Stuart P. Ingis says that there must be a balancing act between pursuing bad actors, while at the same time preserving the civil liberties, this is the exact results of the so-called balancing act.
The goal of government and corporate liberty balancing acts is to deny basic human rights to minorities.
I will point out once again that all law (regardless of nation) is an intentional lie and all lawyers (regardless of nation) are professional liars. In logic, anytime the clear and predictable results of a system are mutually exclusive and incompatible, they system is proven false. The U.S. Supreme Court instead of throwing out the entire false system, keeps making up new laws to supposedly resolve the conflict between laws.