« Wednesday | Main | Thursday »

December 29, 2005

Confused Americans for Truth - Advertisers May Be Able to Tell You've Looked at the NSA Web Site

by Ferdinand T Cat

It turns out that the NSA was caught using permanent cookies. This has several people in a tizzy, but the incident says more about the silliness of federal regulations than it does about invasion of privacy.

A cookie is a file that sits on your computer. It is not a program. Its purpose is to remember what you were doing the last time you visited a site so that you don't have to set your preferences every time you visit. Nowadays, preferences are so complicated there isn't room to put them in cookies, so mostly the cookie knows who you are and the real data is pulled from a database. The privacy danger from cookies is that a program on your PC (e.g. a virus or a Sony copy-protection driver) can read the cookie and tell where you've been. Many years ago, a bug in Internet Explorer allowed malicious web sites to read the cookies from another web site. This capability could have been used to steal your Amazon.com password, which was stored in cookies at the time. The capability is no longer there, but the point is, there needs to be a program running on your computer to exploit the cookies. A cookie left by the NSA cannot be read by other web sites, and the cookies from other web sites cannot be read by the NSA.

Keep in mind that thanks to database technology, without any but the most rudimentary use of cookies, Amazon.com knows just about every book you've looked at while you shop. It's kept in a database record and used to recommend purchases. For years, Bruce would get recommendations for obscure theology tracts because of a Christmas present he had bought for his wife.

But there is no way the NSA can find out you've been doing on Amazon by putting cookies on your desktop.

The mechanism by which web sites determine your browsing habits is through the use of what are known as third-party or tracking cookies. The trick works as follows.

  1. Company XXX serves banner ads on a whole bunch of websites, including web site YYY.
  2. When you visit web site YYY by clicking a link on web site ZZZ, the banner script for XXX executes. It records the fact you're on YYY and that you just came from ZZZ.
  3. The script then places a cookie for XXX on your desktop so that it will know who you are the next time.

The XXX people can't stash a cookie for site YYY because they wouldn't be able to read it. The cookie is considered third-party because it's a cookie for XXX involved in a transaction between you (the first party) and YYY (the second party).

Browsers can detect third-party cookies easily. This article explains how to disable them. But the NSA cookie was a first-party cookie. It was placed there by the NSA, read by the NSA, and the only thing it could tell the NSA is what you were doing while you were visiting on the NSA web site. Regardless of your policy toward cookies, there is no way to prevent the NSA from knowing what you are doing while you are visiting their web site. The web server keeps a log for precisely that purpose.

In spite of this, the Federal government has a regulation preventing the NSA from using permanent cookies. The policy has ABSOLUTELY NO EFFECT on your privacy. It merely makes it more expensive for the NSA to make their site convenient to use. Such is the wonderful world of government regulation.

But of course, journalists don't know that, so we get articles like this. Here's how the article starts.

The National Security Agency's Internet site has been placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most of them. These files, known as "cookies," disappeared after a privacy activist complained and The Associated Press made inquiries this week, and agency officials acknowledged Wednesday they had made a mistake. Nonetheless, the issue raises questions about privacy at a spy agency already on the defensive amid reports of a secretive eavesdropping program in the United States.

The scary thing here is not that the NSA is spying on us. It's that I've used Breitbart as a news source for many articles I've written and they've just completely discredited themselves. I am not happy about that.

In the meantime, everybody who uses the Carnival Submit Form has a cookie from Conservative Cat on their hard drive. If you are a liberal, this cookie could be used by the NSA to get you classified as a terrorist. For your own safety, I suggest you close down all your web sites, move to a cabin in the woods, and stay away from polling places.

Don't thank me: it's enough that I know how you must feel.

Respectfully submitted,

Ferdinand T. Cat

Hat tip to My Vast Right-Wing Conspiracy.
Trackposted to Diane's Stuff, Liberal Common Sense, TMH's Bacon Bits, Jo's Cafe, bRight and Early, and the Oofy Prosser Fan Club.

# At Thu 7:40 AM | Permalink | Trackback URI | Comments (3) | More Confused Americans for Truth

Trackback Pings

Comments

As you rightly point out, NSA perma-cookies is a non-news item that some will blow into "the sky is falling!" proportions.

Of course, with a real browser, third-party cookie detection/rejection/management is easy. Of course, I have my browser set to delete ALL cookies, history, etc., every time I close it.


Posted by: David at December 29, 2005 10:06 AM

Ditto what David said. And I use a "real" browser, too (Firefox 1.5). ;)


Posted by: FTS at December 29, 2005 3:31 PM

I once visited the NSA website and now I'm sure they are tracking my every move. I'm afraid I have led them to suspect my friends, like Ferdy. I feel so dirty.


Posted by: PTG at December 30, 2005 8:25 AM

HTML is not allowed in comments; however, if you put in a raw URL (http://www.somewhere.com/page.html) it will automatically be converted to a link.. Also, it is likely your comment will not appear unless you refresh the page manually after posting it.

Post a comment