Slashdot Mirror
NSA Uses Google Cookies To Pinpoint Targets For Hacking
Hugh Pickens DOT Com writes "For years, privacy advocates have raised concerns about the use of commercial tracking tools to identify and target consumers with advertisements. The online ad industry has said its practices are innocuous and benefit consumers by serving them ads that are more likely to be of interest to them. Now the Washington Post reports that the NSA secretly piggybacks on the tools that enable Internet advertisers to track consumers, using 'cookies' and location data to pinpoint targets for government hacking and to bolster surveillance. The agency uses a part of a Google-specific tracking mechanism known as the 'PREF' cookie to single out an individual's communications among the sea of Internet data in order to send out software that can hack that person's computer. 'On a macro level, "we need to track everyone everywhere for advertising" translates into "the government being able to track everyone everywhere,"' says Chris Hoofnagle. 'It's hard to avoid.' Documents reviewed by the Post indicate cookie information is among the data NSA can obtain with a Foreign Intelligence Surveillance Act order. Google declined to comment for the article, but chief executive Larry Page joined the leaders of other technology companies earlier this week in calling for an end to bulk collection of user data and for new limits on court-approved surveillance requests."
Big data monopolies like Google are the stuff of nightmare for privacy-minded individuals.
But there's a silver lining to that particular cloud: as the most important player in the field, they're the most visible target for abuse of all kinds. Which means that you have a better chance of dodging the abuse if you simply don't put yourself in the center of the target, by not using any Google product.
Kind of like when Windows had the lion's share of the OS market, and you could avoid most viruses by running another OS, not because the other OS was more secure, but because virus writers had a better return on investment writing viruses for Windows and left your fringe OS alone.
Simply not using Google products won't protect you from this as it is using scripts embedded in web pages. Google analytics Gstatic and Googleadservices just to name a few present here on slashdot embeded and reporting back to Google and by extension the NSA.
To block them you need to either completely block javascript which will break many if not modern web pages or learn to use ghostery, request policy, AND OR noscript, oh and https everywhere. then block everything by default and whitelist and temporarily allow as needed to make the pages viewable.
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
If you plug the number into a unix timestamp to GMT converter, it returns Wed, 11 Dec 2013 10:52:19 GMT, so it looks like it is a time stamp, probably LastModified or something.
Trying to become famous by taking photos. Visit my homepage please.
I answer myself because I looked for it and found this paper (PDF) titled "An Analysis of Google Logs Retention Policies".
LM is the timestamp of the last modification to the user Google's preference. It can be used to track down the user because we update our preferences at different times. This applies also to non logged in users like me.
Luckily it's easy to reset LM. Just go to google.com, click the menu, turn on or off Safe Search, click again and turn it back to its original value. LM is different.
Obviously Google could store the old and new value and link them into a db ;-)
if you continue to use google for searches, discontinue this practice immediately and instead use duckduckgo.com
Keep a whitelist of cookies you're willing to accept, and accept them only for the session in which they are generated. this type of limitation can be controlled in Firefox's preferences under privacy. you should routinely delete the whitelist, as a periodic audit of what you need is more expensive than simply rewhitelisting your most visited sites and discarding the one-time stuff you no longer need.
at one time there was a slashdot article on 4 things you can do to increase your privacy as outlined by the EFF, however i cant find it and see no harm in reposting it.
1. use adblock plus
2. use noscript
3. use HTTPS everywhere
4. block any and all cookies, as mentioned above, with strict whitelisting for banks and reputable online merchants.
newer nerds to slashdot may reconsider the virtues of using mutt, cone, or alpine for email as they effectively render tracking pixels and malicious http content an exercise in futility on the part of the sender. RMS uses links/lynx for all of his web browsing, and while that may be a bit extreme for most of us, it certainly cant hurt to use it for opening email links should you be faced with the necessary evil of a questionable URL.
Good people go to bed earlier.
You can easily run ghostery, request policy, refcontrol, noscript, https everywhere, cookie monster, and BetterPrivacy all at the same time.
How does anyone browse without these? I setup all of those, except request policy and noscript, for every user I help. They're nearly all passive.
the problem HERE lies with the National Security Act which allows them to get this data from Google without having to jump through the hoops of having to provide due cause and a proper warrant. National Security Letters should be outlawed...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.