NSA Caught with its Hand in Google's (Browser) Cookie Jar

Ads that hound you from site to site don't seem quite so heinous in the wake of Tuesday's browser cookie-based revelation. The National Security Agency is reportedly using a particular kind of tracking cookie from Google to identify and track potential hacking targets. The NSA is also grabbing location data from third-party advertisers delivering ads to mobile apps, according to The Washington Post.

By Ian Paul
Wed, December 11, 2013

PC World

NSA, privacy, surveillance
Ads that hound you from site to site don't seem quite so heinous in the wake of Tuesday's browser cookie-based revelation. The National Security Agency is reportedly using a particular kind of tracking cookie from Google to identify and track potential hacking targets. The NSA is also grabbing location data from third-party advertisers delivering ads to mobile apps, according to The Washington Post.

The latest leaks about the NSA's surveillance activities come once again from the trove of documents leaked by former NSA contractor, Edward Snowden.

If you don't know what a cookie is, it is a small piece of text deposited by a website into your browser. Cookies can be used for handy things like keeping you logged into Facebook even if you shut down your PC, or to help a web app such as Google Docs function correctly. Often, cookies are used to monitor your browsing activity to deliver ads that are supposedly tailored to your interests.

Google stores a number of cookies on your computer whenever you visit one of the company's sites or even a non-Google site with embedded Google elements in it, such as a map.

Choosy NSA agents choose PREF

The Google cookie the NSA favors is called the PREF, which is short for preferences. According to Google's cookie explanation page, the PREF cookie stores data such as your language, the country you're in, how many search results you want to see per page, and other preferences.

The PREF cookie doesn't contain any personal information like your name or email address, but it does include a unique ID made up of a string of characters and numbers. This string can be used to identify an individual browser and is what the NSA reportedly focuses on to figure out who to hack.

Anyone interested can easily find their own PREF cookies. In Chrome, for example, right-click on any Google page and select Inspect Element. In the window that appears at the bottom of the page click on Resources>Cookies and look for PREF under google.com.

Google's PREF cookie isn't used by the NSA to monitor large numbers of people the way some of its other programs reportedly do. Instead, the PREF cookie helps the NSA identify a specific target already under surveillance. Similarly, the NSA uses location data pulled from third-party mobile advertising networks to pinpoint the daily activities of surveillance targets, according to the Post.

While the NSA's dip into Google's cookie stash appears to be about monitoring persons of interest, it's easy to see how cookies with unique ID strings could also be used for mass surveillance.

Actually, what am I saying? Cookies are already used for just thatbut it's private companies watching and tracking us all, not the government.

Originally published on www.pcworld.com. Click here to read the original story.
Our Commenting Policies