NSA Uses Google Cookies To Pinpoint Targets For Hacking

Hugh Pickens DOT Com writes "For years, privacy advocates have raised concerns about the use of commercial tracking tools to identify and target consumers with advertisements. The online ad industry has said its practices are innocuous and benefit consumers by serving them ads that are more likely to be of interest to them. Now the Washington Post reports that the NSA secretly piggybacks on the tools that enable Internet advertisers to track consumers, using 'cookies' and location data to pinpoint targets for government hacking and to bolster surveillance. The agency uses a part of a Google-specific tracking mechanism known as the 'PREF' cookie to single out an individual's communications among the sea of Internet data in order to send out software that can hack that person's computer. 'On a macro level, "we need to track everyone everywhere for advertising" translates into "the government being able to track everyone everywhere,"' says Chris Hoofnagle. 'It's hard to avoid.' Documents reviewed by the Post indicate cookie information is among the data NSA can obtain with a Foreign Intelligence Surveillance Act order. Google declined to comment for the article, but chief executive Larry Page joined the leaders of other technology companies earlier this week in calling for an end to bulk collection of user data and for new limits on court-approved surveillance requests."

Re:Use Google-like monopolies to your advantage

[lister+king+of+smeg]

Big data monopolies like Google are the stuff of nightmare for privacy-minded individuals.

But there's a silver lining to that particular cloud: as the most important player in the field, they're the most visible target for abuse of all kinds. Which means that you have a better chance of dodging the abuse if you simply don't put yourself in the center of the target, by not using any Google product.

Kind of like when Windows had the lion's share of the OS market, and you could avoid most viruses by running another OS, not because the other OS was more secure, but because virus writers had a better return on investment writing viruses for Windows and left your fringe OS alone.

Simply not using Google products won't protect you from this as it is using scripts embedded in web pages. Google analytics Gstatic and Googleadservices just to name a few present here on slashdot embeded and reporting back to Google and by extension the NSA.

To block them you need to either completely block javascript which will break many if not modern web pages or learn to use ghostery, request policy, AND OR noscript, oh and https everywhere. then block everything by default and whitelist and temporarily allow as needed to make the pages viewable.

Re:Self destruct cookie

[bruce_the_loon]

If you plug the number into a unix timestamp to GMT converter, it returns Wed, 11 Dec 2013 10:52:19 GMT, so it looks like it is a time stamp, probably LastModified or something.

Re:Self destruct cookie

[pmontra]

I answer myself because I looked for it and found this paper (PDF) titled "An Analysis of Google Logs Retention Policies".

LM is the timestamp of the last modification to the user Google's preference. It can be used to track down the user because we update our preferences at different times. This applies also to non logged in users like me.

Luckily it's easy to reset LM. Just go to google.com, click the menu, turn on or off Safe Search, click again and turn it back to its original value. LM is different.

Obviously Google could store the old and new value and link them into a db ;-)

Re:Use Google-like monopolies to your advantage

[nullchar]

You can easily run ghostery, request policy, refcontrol, noscript, https everywhere, cookie monster, and BetterPrivacy all at the same time.

How does anyone browse without these? I setup all of those, except request policy and noscript, for every user I help. They're nearly all passive.

The laws need changing/revoking...

[advocate_one]

the problem HERE lies with the National Security Act which allows them to get this data from Google without having to jump through the hoops of having to provide due cause and a proper warrant. National Security Letters should be outlawed...