Slashdot Mirror
NSA Caught With The Cookies
zardo writes "The associated press is reporting that the NSA is putting cookies on visiting computers. Apparently it is unlawful for the government to put anything but a session cookie out unless it's expressed in the site's privacy policy." From the article: "Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on. ... In a 2003 memo, the White House's Office of Management and Budget prohibits federal agencies from using persistent cookies _ those that aren't automatically deleted right away _ unless there is a 'compelling need.' A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy."
Clearly someone made a mistake. If the NSA wanted to track you, they wouldn't leave it to browser cookies. They try to make the 203x expiration date seem like a big deal, but that's how you do "permanent" cookies for logins and such.
"So either one or both agencies in question are simply incompetent, or lying to us"
I know, how dare they place a cookie on my machine! No other site in the intarweb does!!
Don't you think you overreacted just a little??
So either one or both agencies in question are simply incompetent, or lying to us. Which do you think is more plausible?
Never attribute malice to that which can be explained by stupidity.
I don't really think they'd gain much by putting cookies on the machines of web users. If terrorists do come to their site, their IP address will give them away far better than a cookie. Now if anyone finds an image on other sites pointing back to the NSA or CIA, then you may have found your smoking gun.
Javascript + Nintendo DSi = DSiCade
Cookies are easy to delete. This is hardly a "Your Rights Online" issue. Jeez.
Because we know that the people in that agency, even more so their IT dept., know absolutely nothing about how computers work.
You must make a lot of money to afford all that tinfoil.
The NSA is stamping your PC with the Mark of the Beast, a... cookie? So if you ever visit a NSA website again they'll know it's a return visit? This is useful... how?
Oh, this is all about riling up room-temperature-IQ journalists (I'll be charitable and note I mean Fahrenheit) into another hissy-fit over the fact that Bush is still president. Never mind. Go read some history.
"Unlawful"???
"NSA"???
Did I mistakenly click on a link for the Onion?
So the NSA's gotta hold a bake sale now to fund a wiretap?
yes, because the thing I fear most about the NSA, with their acres of listening stations, underground football fields worth of humming supercomputers, and small armies of intelligence agents, is the cookie that they placed on my computer while browsing their website....
need glasses, anyone?
We recently learned that the NSA could be listening to any of our phone conversations. This is insignificant in comparison.
Socialism: A feeling of discontent and resentment caused by a desire for the possessions or qualities of another.
So either one or both agencies in question are simply incompetent, or lying to us. Which do you think is more plausible?
What, cant it be both?
The Doormat
If you're not outraged, then you're not paying attention.
NSA has configured their webserver to track visitors in a "LOG" file. They keep the time, your ip address, where you visit, your browser and other information. What are they doing with this, you ask? They are ... MAKING STATISTICAL GRAPHS!!!! Alert Drudge, alert the New York Times... this baby's about to break wide open.
Ok. Let me get this straight. We don't want our government websites to contain persistent cookies, but every other website in the world (including sites with malicious intent) can have persistent cookies? Why is this a big deal? Don't like it? Then delete the cookie or disable cookies alltogether. It's not rocket science.
This is all messed up. We're basically giving more rights to malicious websites than we are to government agencies.
-Nick
"A plan fiendishly clever in its intricacies"- Homer Simpson
Just set your browser to delete cookies when you close the browser. I think that is a basic setting on any browser. Now, if they had some kind of "supercookie" that you couldn't delete, that would be more interesting. Or if you tried to delete it and the Department of Homeland Security came knocking on your door.
Honestly, though, there are plenty of sites that install cookies. If you don't like them, delete them. It is as simple as that.
Why Baath would Iraq I be kill on insurgency the Hamas NSA's London website Israel anyway?
How come if the government breaks the law, they get off with stopping the action and an apology? I should try this when they accuse me of a crime.
"Sorry, officer. You're right, I was going to sell these 30 pounds of crack to some schoolkids. But it's okay, as long as I throw it away and promise not to do it again. Right?"
seriously...it's a freaking cookie. it's not like doubleclick where hundreds of thousands of websites have an iframe that is capable of reading your cookie and tracking your browsing habits. even if they decide to track it across all government owned websites, it's nothing they couldn't already do with simple logfile analysis.
i'm sure if the NSA wanted to track your every move 1) They already are 2) You don't know it and 3) There isn't anything you can do about it.
NSA Cookies don't scare me. What scares me is the idea that the NSA could get my ISP's records, or Google's data. All of that would give them a lot more info than my NSA cookie.
All they need to get the data that Google has gathered is a court order.
http://www.thebricktestament.com/the_law/when_to_
We're talking about a regime in the federal government which has made, "oops, well, the ends justify the means" a policy they depend upon.
I don't really think they'd gain much by putting cookies on the machines of web users. If terrorists do come to their site, their IP address will give them away far better than a cookie. Now if anyone finds an image on other sites pointing back to the NSA or CIA, then you may have found your smoking gun.
This is all rationalizing. The fact of the matter is they're using the "oo, i'm a baddd widdo boy =)" defense.
A feeling of having made the same mistake before: Deja Foobar
"The public does not need to be concerned that the CIA is tracking them. We're a bit busy to be doing that."
;-)
OK, does that quote from the 2002 case seem humorous to anyone else now with the recent revelation of what was keeping them so busy
"reality has a well-known liberal bias" - Steven Colbert
I've now seen a bunch of comments modded down as trolling despite their being reasonable comments by people who just happen not to wear tin foil hats. If this article freaks you out or upsets you and seems like an important rights issue, great! I'm glad you're interested in defending your rights and by extension all of our rights. Thank you! But, don't by modding suppress the opinion of many who feel this isn't some stunning/shocking/scary revelation. That many feel the issue isn't a major one is itself an important thing to know.
As for me, Carnivore and all the recent "unlawful" wire taps scare me, a permanent versus a session cookie, not so much.
Quincy
Don't vote for Eugene Papansanovich for Congress!
Security and encryption - to protect us from our own government.
Are you...Are you some kind of genius?
No, ma'am, I'm just a regular Slashdot reader.
So the NSA could use session cookies to track visitors to THEIR website across multiple vistis?
Big freaking deal.
Do people not get that? The cookie was issued by nsa.gov, and could only be read nsa.gov, and in no way could track a user's movements across "teh intarnets." The NSA could use it to see if you'd been to their site before.
If they NSA wants to know where you've been, they'll just subpoena Google. Their cookies are all over the place.
Maybe I'm lacking some information on cookie spcifications, but I was under the impression that cookies can only be read/written by the web site that you are visiting unless there are links to other sites, such as advertising sites, that manipulate cookies. This is of course how you can visit a site but then get cookies from 24/7 media, AdServer, and others. But the cookies cannot be arbitrarily read by other web sites unless there is some kind of partnership going on. Again, this is the impression that I was under regarding general cookie use. So, if that's correct the NSA cookie is not even an issue when you visit other web sites unless they're specifically looking for it -- like any of them would.
/. But this to me is nothing more than unnecessarily putting some fuel on an already smouldering dislike for the current administration, courtesy of an ill-informed and/or careless IT person at the NSA, in the hopes that a large, anti-NSA and more generally anti-current-administration fire will grow out of it.
Okay, so the NSA puts a permanent cookie on the system. Why is this an issue? It's not a security breach; it's not a cross-advertising cookie that tracks where you go. There's not one of us who has installed software and went over every configuration setting with a fine-toothed comb, particularly with off-the-shelf software, at one time or another. Cookies are also easily removed and can be blocked on future visits. Of course, the web logs themselves can get the IP address of everyone who visits, so even if you block cookies, the NSA can still tell exactly when a specific IP address contacted their site.
I realize that the U.S. government, particularly the current administration, is not a favorite of the Slashdot crowd and that this will be (and has already been) touted as "yet another flagrant policy violation!!!" by political opportunists here on
Just my two cents. Convert to your currency as necessary.
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
Oh No! Slashdot has set 36 cookies on my computer. Is Cowboy Neal in league w/ the NSA???
I'm sure _anything_ they deem relevant and meaningful is saved server-side, not as a cookie.
This is just a mistake.
http://request-header.info
First of all, their office of management and budget made this policy. A pencil pusher/bean counter policy that is hard to keep up with in the real world that their IT staff has to follow, not them. I agree 100% with the parent. They probably have a million regulations they have to follow, with many many employees spread all over the map, with software from 3rd parties, with countless people who probably don't even know this policy exists there.
The reality of it is, the CIA/NSA/Whatever has a billion other much more effective ways to track you. Their intention was obviously wasn't to track people, and they immediatly removed it after it was brought to their attention. I hate our current administration, but this is just some fucktard news reporter that is up 'n arms about the wire tapping escipade. I do not agree at all with the wire tapping, but this has ABSOLUTLY NOTHING TO FUCKING DO WITH THAT. I can't believe the reporter is such a fucktard that he couldn't spend 2 minutes to research cookies and what they are. Setting cookies far into the future is the de-facto way to keep a cookie on your computer a long time. Most cookies that aren't set as session cookies are set to dates 10 years or more in the future, way more than the computers expected lifetime. The reporter has no clue what he's talking about and should be slapped like a bitch. I hate reporting like this because then it takes away from things we should be legitimitly concerned with. People get an overflow of bullshit news and many can't pick out the real from the fucktards like this guy.
If an officer ever threatens to taze you, say you have a pacemaker.
This is obviously an attempt by the reporter to blow things out of proportion. The article is quite misleading to the non tech-savvy reader. A cookie sent to your computer by a website can be access only by that website. The cookie can only contain information from that website. Meaning that this limits NSA's ability to track you to which pages you have visited on THEIR site. Now, I understand how some people feel that even this is a violation of their privacy, but when my brother read the article, he got the impression that by the use of these cookies, NSA was able to track where he went online, not just on the NSA site.
Wow! I got cookies from my mom, my aunt, and my cow-orkers, but I didn't know NSA was doing that. That's nice of them. I'll have to visit their site and pick up some.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
I hear that NSA mail servers have also been decoding headers on all email received, including from the general public!
Evil is the money of root.
So either one or both agencies in question are simply incompetent, or lying to us. Which do you think is more plausible?
Wow! The fact that you're even asking this is a clear indication that you have never worked in any government entity. All levels of government - federal, state, and local - are loaded with incompetency and attempt to lie to the public whenever such lying is "in the public interest" or covers their asses.
You also seem to have some notion that as soon as you become a government employee that you are going to somehow assume and retain all legal ramifications based on all existing laws just by being hired. Management changes happen. Staff changes happen. The notion that all government employees of all levels will be aware of all rules and regulations regarding all functions is highly naive. For all we know, the installation of this supposed "off-the-shelf" software was the first task of a new, NSA intern in the IT department.
I know that you dislike (hate?) the current administration, but this is absolutely a "mountain out of molehill" scenario in the grand scheme of things.
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
Considering the provisions of the Patriot Act, wire tapping, internet tapping, unauthorized surveylence, and the US government spying on it's citizens, leaving persistent cookies "by mistake" is a really small issue. What are they going to do? Track the fact I play EverQuest online? Anybody who's compitent enough to either block cookies or delete them should have no problems. IMHO, this article's intention is to provide more embarrasement on the current government. "Oooh, the government's spying on you...". Guess what? They already are. This is nothing new.
It is not our abilities that show what we truly are... it is our choices.
Because it is against the law.
Prosecuting the "lying about blowjobs" was all about maintaining the "rule of law" for Republicans a half-decade ago.
But maintaining the "rule of law" no longer applies with Republican administration? That's what I'm getting from you in your post.
If the NSA did this, they broke the law. Doesn't matter if it is a stupid law. All my conservative friends told me in 1999 that the "rule of law" reigns supreme, no matter how minimal the offense.
Sorry... I'm not letting the Bush-apologists off the hook when the tables are turned.
"I have as much authority as the pope, I just
don't have as many people who believe it" - George Carlin
The real, frightening question is why the NSA apparently:
1). Put software into production without checking all the settings
2). Put software into production without fully testing it
3). (probably) used software which they don't have the source to, and thus don't know if there are any backdoors.
I am worried about it from a National Security perspective - NSA using cookies worries me far less than Microsoft doing it - but the above issues could expose the NSA, and hence the USA to attack.
With software companies outsourcing to countries with less stringent security and more people hostile to our interests, there is a greater risk - although even without outsourcing, compromising a software company is still a severe risk.
Perhaps the government should require people to get security clearances if they work at Microsoft, etc in any capacity where they can compromise the code. Perhaps they should use Open Source. I know of a Linux distribution they might want to use.
P.S. NSA is a lot of crypto geeks who do a very important job protecting all of you - and is made of people a lot like most of you. They aren't cold blooded killers who whack you for speaking out. Sorry to disappoint you.
What's the big deal here?
There's no story and who cares if a site leaves a persistent cookie?
Much more can be obtained by perusing the logfiles on the hosted server.
if you steal from one source, that is plagiarism, if you steal from many, well, that's just research.
If NSA needs a cookie to figure that out (and if Abdul is visiting nsa.gov from Afghanistan and DC), then neither Abdul nor NSA are doing their respective jobs.
I'm going with neglect on the part of the website administrator here. Stupid default settings in applications, plus benign neglect in the brains of users, equals embarassment. Always has, always will. Unless...
~adjusts phase coil on tinfoil hat~ /dev/null /dev/null, and where NSA complied with my orders only under protest.
If, however, I was trying to divert attention from a serious abuse I'd performed, I'd release a story exactly like this. It's got the word "cookie", which is about as high-tech as Joe Sixpack ever gets about security, so he can get all upset -- and it's simultaneously a non-issue, which means everyone from the Blogosphere to Dan Rather can trot out an "expert" to tell Joe Sixpack that if this is the NSA at its most dastardly, then he has nothing to fear even if he's got something to hide
~readjusts phase coils~
and the story I'd release would be the same, whether or not I was NSA, looking to divert attention from the fact that I wanted to trawl through the set of data originally destined for
~tweaks fnord emitter~
or whether I was the Party official who ordered NSA to do stop dumping all that good stuff into
They don't call it the puzzle palace for nothing.
It's not against the law. It's against White House policy, "In a 2003 memo, the White House's Office of Management and Budget prohibits federal agencies from using persistent cookies ... blah blah blah." Wow, so the Bush Administration, whom you are so keen to slam as soon as you see an opening, was who set the policy that those cookies *weren't* supposed to be persistent.
I stole this
Sued by the state of Texas under the stalking laws, Doubleclick has made extensive use of cookies.
With the Office of Homeland Security having a former officer of Doubleclick on staff, it's a pretty good guess that the government sees their sort of information gathering technology as useful.
Doubleclick handles banner ads on a huge number of websites.
I wouldn't put it past them to be buying the purchasing data from every chain store that has a member discount card. Do/will RFID chips in our tires get scanned at intersections? If it is possible, and potentially useful, shouldn't we expect it to happen unless there are laws to prevent it?
Have you ever had to answer a bunch of questions when applying for a purchase rebate?
Someone is using or selling that info.
How much gathering, sale and use of data on us reasonable? What should be legal?
What about the damage done to us when info from the data collectors is used for identity theft?
Who passed these laws allowing opt-out privacy policies at banks and insurance companies?
Where does the Auto Club get off tying in with MBNA sending out credit card mailings?
Comment is incredibly insightfull. Aside from the fact that if you check your browser there will hundreds to thousands of persistent cookies, Aside from the fact that cookie management is widely regarded to be the responsibility of the user, This is completely a non issue unless someone can proove that the NSA went to the trouble to track the cookies outside of their website.
Once again it prooves the left has gone completely bonkers. If the NIH found that Sarin or BZ could cure cancer the story would read Bush administration makes unwise use of chemical weapons.
I'm alot more worried about suspects being shipped off to secret prisons and tortured than I am about cookies.
Sometimes I ended up helping friends with computer problems. The most annoying to deal with are the ones which equate cookies with virus's due to media hype, "I can't get my stock quotes" "you need to have cookies turned on for that website" "COOKIES?! Are you kidding they can see everything I do, even watch me have sex with my wife" "But you don't even have a web cam" "You need to do some reading young man [when your almost 40 thats almost flattering], here look at this www.paranoidnutjob.com, see! Don't go putting me at risk by recommending that I accept cookies! A friend wouldn't do that to a friend, your no friend of mine! Your an agent for the greys!" "ummm I I guess your meds have run out, I just remembered I left a candle burning at home, got to run."
So either one or both agencies in question are simply incompetent, or lying to us. Which do you think is more plausible?
You're kidding, right? NSA and CIA are separate Federal agencies with tens of thousands of employees. Their web masters and IT departments probably pay about as much attention to what the other does as Ford Motor Company & Dodge. And this is hardly the first time that a Federal agency has handed out persistent cookies against policy. Do you think CIA & NSA are in cahoots with the Office of Personnel Management, Ames Laboratory, and Bureau of Labor Statistics?
I think that a more likely and equally plausible explanation is that NSA's sys admins, web developers, and IT staff are in about the same boat as most people in IT: overworked, understaffed, plagued by too many meetings, dealing with more hacking attempts than you could imagine, struggling with a software upgrade, and simply missed flipping one of a growing number of switches in software which changed a relatively minor behavior in the software. (Another possibility is that government employees are all 10 feet tall, super geniuses that never make mistakes. I think previous discussions on Slashdot have largely deprecated that possibility.)
Besides, if you were really concerned about avoiding their scrutiny, you wouldn't visit their web site any way.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
(Disclaimer: Yes, I am aware that the CIA and the NSA are different agencies. However, that shouldn't preclude one learning from the other's foul-ups.)
Yes, it should. These are huge, independent agencies. (DHS is a mess, there is *no* meaningful interaction, even now). Why would they "learn" from each other? Especially about something so minor. Seriously, I'd much rather the NSA and CIA compare notes about terrorist plots, than constantly coordinate to make sure that they synch up on minor bits of policy. I'm not giving them a license to break the law, just saying that one screwing up should in no way be an indictment of the other.
Its a COOKIE. Get over it already.
Here will be an old abusing of God's patience and the king's English.
Then kindly quote the law which was approved by the House, approved by the Senate, and signed by any President that makes the usage of permanent cookies on any government web site a violation of federal law. I know of no law and thus far none of the anti-Bush, or in your apparent case anti-Republican, crowd has been able to bring forth the bill that placed that restriction into law.
Clinton lied under oath. That is a violation of established law. But unless you can bring forth the bill from Congress that made permanent cookies illegal, the phrase "no President is above the law" doesn't apply at all.
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
I see no problem with dropping cookies... just don't violate the 5 second rule when you pick them up.
Cheesy Movie Night
Yes, it's just like them "forbidding government offices from reading caller ID from incoming calls"
It is the principle of the matter.
pre-9/11 some people used to think a minimally invasive government was a good idea. The country was founded on the idea of state and personal autonomy from the government.
technically involving "privacy" issues is the exact same thing as 'actually' involving privacy issues. Potentially invasive laws (or laws that specifically don't prohibit certain behaviors) usually means it is a matter of 'when' and not 'if' they will be abused.
I'll say it again: It is the principle of the matter.
[Fuck Beta]
o0t!
No, we're talking about a cookie. A device used by almost every website in existence. We're talking about some guy running the NSA website not being aware that a memo from the White House's Office of Management and Budget made a guideline (not a law) to not use a universally acceptable website statistical tracking device. I wouldnt even attribute this to stupidity. Just forgot about some silly guideline. Anyone making a big deal out of this is doing so out of total computer illiteracy or being intellectually dishonest as to their true motive for their outrage.
"In the game of life, someone always has to lose. To me, if life were fair, that someone would always be Oklahoma." -DKR
From TFA: The House on Wednesday is expected to adopt the compromise version of a fiscal 2002 Treasury-Postal Service bill, H.R. 2590, that would expand privacy protections for people visiting federal Web sites and provide funds for crime-fighting technology.
It's an article from 2001 that states that the House is expected to adopt this provision. Please provide the document that states that this particular clause not only made it into the bill, but that the bill was approved by both houses of Congress and that President Bush actually signed it.
After that, please show me the test that all government employees have to take proving that they are fluent and fully-versed in the millions upon millions of rules and regulations to which they need to adhere and the ramifications thereof for violating any such rules and ramifications.
I also expect to see that various documents thus proving that all levels of management are also refreshed on a regular basis of the policies and violation ramifications. After all, we would not want them to forget any of the millions of laws and policies that they have to adhere to, would we?
It was wrong when the Republicans went on a witch hunt against Clinton who admitted to breaking the law - lying under oath. Just because the tables are turned does not make it less of a witch hunt nor does it make said witch hunt "less wrong".
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
Privacy advocates nitpicking about cookies is like a minority group overplaying the race card to the point where actual and horrific cases of racism becomes ignored or rejected.
All I care about is any govt or company taking the necessary precautions with my personal info so that crooks cannot abuse it. And by crooks, I include those rare cases where employees/leaders of said entities might be the abuser.
What we should be talking about is:
1. what precautions are taken so that any personal info collected about US citizens cannot be abused by corrupt politicians or corrupt employees?
2. what precautions are taken so that said personal info cannot be stolen from the collecting agency by data thieves?
3. what are the auditing procedures and laws that can help quickly identify abuses and punish the abusers with at least a felony?
The abuse of non-public information about US citizen(s) for politically motivated retaliation is probably the most important reason anyone can specify about this issue.
Why isn't there a law that makes it illegal for an elected official or government employee to misuse or publicly dislose NON-PUBLIC information they collected about a US citizen?
If such legal and procedural protections were in place, I would feel much better about any info our govt collects about me and my fellow US citizens if the collection was actually done for justifiable reasons.
Another reason for concern about this is that there has been an active weakening of the separation of church and state over the past several years which is a radical departure. I happen to believe in God as well as the separation of church and state.
If a future US president was Muslim, would you feel comfortable being a Christian or Jew if the government knows that about you? Perhaps helping keep the separation of church and state would be prudent. After all, nobody has the magical power to predict what religion other people/strangers may choose in future generations.
Consider the words of the people responsible for risking their lives and founding the United States of America and other heroes in the US history (in their own words rather than how they are characterized by popular media):
"They who would give up an essential liberty for temporary security, deserve neither libery or security." -Ben Franklin.
"The United States of America should have a foundation free from the influence of clergy."
-George Washington.
"In every country and in every age, the priest has been hostile to liberty. He is always in alliance with the despot, abetting his abuses in return for protection to his own"
-Thomas Jefferson
"One day the dawn of reason and freedom of thought in the United States will tear down the artificial scaffolding of Christianity. And the day will come when the mystical generation of Jesus, by the Supreme Being as His father, in the womb of a virgin will be classed with the fable of the generation of Minerva in the brain of Jupiter."
-Thomas Jefferson (in a letter to John Adams)
"The question before the human race is, whether the God of nature shall govern the world by his own laws, or whether priests and kings shall rule it by fictitious miracles."
-John Adams, 2nd US President
"Religious bondage shackles and debilitates the mind and unfits it for every noble enterprise."
-James Madison, US President and known as "father of the Constitution"
"The government of the United States is not, in any sense, founded on the Christian religion."
-Treaty of Tripoly, article 11 (drafted during G. Washington, signed during John Adams presidency)
"My earlier views of the unsoundness of the Christian scheme of salvation and the human origin of the scriptures have become clearer and stronger with advancing years, and I see no reason for thinking I shall ever change them."
- Abraham Lincoln in a letter to Judge J.S. Wakefield
"Leave the matter of religion to the family altar, the church, and the private schools,
this is an organization of supposed straight-laced agents whose job is to snoop on people to make sure that they're in line with the law
No, you're thinking of the FBI. The NSA's job is to monitor communications to/from and between foreign entities that might expose potential threats to US security. Sure, some people physically sitting in the US may be party to those foreign communications, but the NSA is definitely not a domestic law enforcement agency.
but they can't be bothered to keep themselves in compliance with the law
I think we can pretty much guarantee that whatever contractor or team at the NSA's public relations office responsible for their public-facing web site has little (and probably nothing) to do with their actual operational mission. They, like all security agencies, are highly compartmentalized.
they can't just ignore it while they go about their business of monitoring other peoples' compliance with the laws
Well, they certainly shouldn't ignore the government's own rules about persistent cookies (silly as that is), but it's not like you're talking about traffic cops who don't put change in the parking meter. NSA spooks and analysts (and the thousands of IT people who make that agency work) probably don't give the operations of their public web site much thought at all. Can you imagine the hits they get from all the idiots of the world? The people they're really concerned about are smarter than to leave a trail from their PR site all the way back to some hotel room in Karachi.
Don't disappoint your bird dog. Go to the range.
While what you said is true to an extent, it's almost entirely Off-Topic. The NSA doesn't have anything to hide. A cookie is not all that amazing. It's true that cookies are a sometimes food but the fact that people get worked up over this is quite retarded.
NSA people are supposed to be top-notch, not some bunch of yahoos hanging out in the IT shop of Dunkin' Donuts.
So you think the top trained NSA agents are wasting their time making websites and doing tech support? Its their website, I doubt they spent much time on it or use it much, they have better things to do than waste time with their public website. It doesnt really seem like you have a grasp on how company IT depts work.
"In the game of life, someone always has to lose. To me, if life were fair, that someone would always be Oklahoma." -DKR
"Never attribute malice to that which can be explained by stupidity."
The problem with that is the volume of catastrophic mistakes that seem to "oops" happen over the last several years. When do you stop letting the baby(s) play with the gun? When the baby(s) gets advanced and secret oks and advice from folks who like accidents to happen, and when the baby(s) uses stealth means to acuire the guns anyway, dont you have to wonder at the baby's innocence?
In my opinion you couldnt do this much damage to national wellbeing by accident.
Let's be good parents and put the kids in the playpen, and lock away their access to guns before more accidents "happen".
C.
"Doctor, it's not the voices I hear in MY head, but the voices I hear in YOUR head that really frighten me."
>What we're talking about here, isn't stupidity or lack of seeing a memo. It's Strategic Stupidity
A cookie is pretty obvious, not exactly the high-end technology secret spy stuff. Erasing/blocking it is easy and done everyday. If you would go through all the trouble of having a "hidden agenda/top-secret", why have something that points directly to yourself, easily detected, well-known and is trival to defended against?
And exactly what would they get out of it? You need to have a motive for doing things.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
What, cant it be both?
No, that would put them into a cat state.
Any computer professional's complaint of spying is innately absurd.
The job of computers is to track and spy on people. They track this, track that, data mine this, data mine that, report on this, report on that, and we do it so our corporate masters can make more money. In fact, we even have a philosphical movement to build spying technology for -free-.
Here we are, a bunch of web dudes, complaining that a web site about spies uses cookies of all things, when just about every major web site also uses cookies, or, you get the same effect of cookies by playing games with the URL. You can stick the state in the URL, you can stick it in a hidden POST tag to keep it along, but somewhere along the way, we're all keeping state. Ironically, at least the cookies are most upfront about it.
We complain about the government listening in on people's phone calls without a warrant, yet, I would bet at least half of us on this board have user superuser powers on his or her company systems at one point to read another user's documents. If you are a network admin, you don't have to have a warrant to read your users' email or documents. You just do it.
We voluntarily let every detail about what we buy or sell get tracked when we purchase products electronically, but, god forbid, the government might actually keep a database itself, that's evil. Heck we write these systems. If anything, the only real concern about government spying is that we haven't gotten the contract ourselves to write the system or that it might not be written using Linux.
The solution is to not build ever more arcane systems to have things in secret, but really, we should just make everything public about anyone.
This is my sig.
"The Slashdot story is about the NSA ignoring the law"
Enough with the lying (or did I just get trolled?).
What law? Specificlly what federal statute was violated by their putting a persistant cookie for the NSA website? Cite US Code, section etc.
You cannot, do you know why? Because no such *law* exists. Because it was an executive order in the OMB part of the Whitehouse. I.e. a bureaucratic rule, not a law.
And aside from that, it likely was a mistake in their setup after and upgrade, not a deliberate decision. A result of ignorance or carelessness on the part of the tech staff at NSA's website (the possibility of which should be more alarming to people than the cookie!)
You do well to remember Hanlon's Razor:
Never ascribe to malice, that which can be explained by incompetence.
Esepcially when dealing with the government or any other large bureacratic organization.
You are free to ignore the facts and make up ones as you wish (looking at your links, you apparently do). But your tinfoil hat has apparently slid down and obscured your vision on this - you might want to adjust it.
Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo! http://goo.gl/J9bkO
I have no problem with the NSA using persistent cookies - people get so damned worked up over a file which doesn't do much more than store user preferences, visitor frequency (what's wrong with tracking user stats? Hell, even I do that on my web sites, just so my web logs have a little more accuracy), and in the case of session cookies, your session state. It's common practice on web sites and not a violation of any constitutional rights - it's just making obvious, standardized use of a technology that was put in place for that very purpose.
What I DO have a problem with is government agencies telling citizens that the first, second, and fourth amendments were merely guidelines and they don't matter any more due to case law and unconstitutional executive orders. Things like gun control (proper gun control = making sure the citizenship is well-armed to hold back a tyrannical government, and I'm ashamed to admit I don't own a single gun), illegal wiretaps (uh, Dubya, mechanisms are in place for constitutionally-sanctioned secret wiretaps. Use the secret court sessions to obtain wiretaps. Put select justices on call for such things, but don't bypass the courts, because that goes against your oath to preserve and protect The Constitution of The united States of America, which is basically treason), illegal search and siezure, and abatement of freedom of the press and freedom of political expression ("free speech" areas are bullshit, as are made-on-the-fly rules regarding sign sizes, etc. just so you can "justify" arrest of smelly hippies - as misguided as some protestors may be, they have an inalienable right to tell you they think you're a prick), and abatement of the freedom of worship)
Also: You don't need court orders to wiretap non-citizens who are here illegally. They have no rights except out of the kindness of your heart. Deport the f*ckers and encourage LEGAL immigration following legal, well-established processes. EVERYONE here is an immigrant from somewhere else (including so-called "native" Americans) so I don't believe in shutting down immigration, but to encourage people who are willing to become worthwhile members of society to come here and work.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Not, really, as it's happened before. [...]
So either one or both agencies in question are simply incompetent, or lying to us.
I noticed you made a grammatical error above with an unnecessary comma. So are you incompetent or are you just lying to us? False dilemmas suck... try to avoid their use.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
>This is the government which is keeping terrabytes of data on everything and wants the ability to snoop and record every packet which goes over the internet.
If they keep track of every packet over the Internet, why do they need cookies?
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
That AP article is full of errors, some of which I commented on yesterday. For instance, it happened twice this month. And those 30-year cookies are still around until you go and remove them...
How am I supposed to fit a pithy, relevant quote into 120 characters?
The only motive Slashdotters need for outrage or intellectual dishonesty are 4 letters: B-U-S-H.
Good heavens Miss Sakamoto - you're beautiful!
I'm going to write my representatives in Congress and encourage them to issue a new law to codify this OMB guideline - that way, if they DO try it again, the consequences will be much more severe.
As a federal webmaster (not NSA or CIA), let me be the first to say "Thanks a pantload." Now, if I miss a configuration setting in IIS, I could go to federal prison!
Sometimes somebody screws up. Sometimes they screw up and nobody notices. Technical oversight of my work is thin on a good day, and my boss' boss sure as HELL doesn't know if I'm serving persistent cookies. For the record, I'm not, because I follow OMB memos to the best of my ability and I double-checked this one.
It's not always a conspiracy. Sometimes it's just some server jock who was mentally elsewhere and didn't uncheck a box in Windows. Bugs in web apps I write are not intended to catch you surfing pr0n. I'm just not as good a programmer as you are. Worst case scenario at your work, you screw up, get fired, and get another job. I don't have "company policy", I have "federal statute". My coworkers and I do our best, and we do a pretty good job, but nobody's perfect. If I forget to put an "alt" tag on an image on a page linked seven deep that gets three hits a year, not only am I not doing my job correctly, but I'm in violation of 29 U.S.C. 794d. Don't think that that's the only law telling me how to do the job, either.
I'm not complaining. I signed up for the job knowing full well how it works, and I'm proud of what I do. Your vigilance is commendable, but I'm not sure that putting big nasty penalties on cookies is the right way to go about solving this one. If you and a majority of Members of Congress agree that placing persistent cookies is worth going to prison over, so be it. God knows there aren't any killers who couldn't use that cell more than me.
Dare to Hope. Prepare to be Disappointed.
Congratulations, Divide by Zero! Best post of the day - Somebody throw some mod points his way! Damn, I'd hate to get caught in the middle of the religious wars going on between the Rushies and the MoveOn.Org-ans.... This one should be a +5 insightful.
Does anyone else see the irony in the fact TFA wants to set a cookie that expires in 2038?
qz