Feeds

back to article Snowden latest: NSA stalks the human race using Google, ad cookies

The already strained relationship between Google and the NSA has got a little bit worse, after claims in the latest Snowden leak that intelligence agencies are using the Chocolate Factory's cookies to track targets. Documents seen by the Washington Post show that the NSA and the British snoops at GCHQ have found a way to …

COMMENTS

This topic is closed for new posts.

Page:

Tor

No wonder it's running slow, it's the only thing close to surfing the web in private!

7
0
Silver badge
Happy

Snowden just keeps it coming.

Dribbling out this stuff month after month is the best possible policy. It's keeping the pressure on over a long period of time and will have more impact than a single one-time dump.

42
2
Bronze badge

I don't quite understand the technical details of what they've done here, but it makes me glad I have my browser set to only keep cookies for the session. Paranoia pays off again.

11
0
Silver badge

"Paranoia pays off again"

The computer is your friend.

1
0
Silver badge

" Paranoia pays off again."

Only if you've very paranoid. I suspect a typical browser even in private mode with "do not track" flags will be vulnerable to the more persistent forms of cookie. Do a search on evercookies, and you'll see one example of what you're up against. Ghostery and the like can help, but ultimately it is a straightforward arms race.

2
0
Silver badge

Firefox addons like better privacy etc should deal with these.

0
0

So don't use Google directly, but go through a search proxy site like startpage.com. I doubt the piggybacking survives that.

3
0
Silver badge

I looked for some other search provider, and I found Ixquick.

They at least pretend to have a strict privacy policy, and they promise that they don't record your IP address.

For the moment, until I've found better, I'll trust them.

Google is no longer my home page in any case.

1
0

startpage is by lxquick

1
0
Anonymous Coward

DuckDuckGo.com for cookie free search and no tracking.

Why the somnambulistic American public puts up with a tenth of this BS, I will never know.

8
2
Anonymous Coward

We, of course, assume that duckduckgo hasn't similarly been subverted? I mean, just because they say they haven't....

p.s. the fast asleep usa public puts up witha lot of bullshit because of the way their media is controlled by big money. ....... Rupert Murdoch, come on down.....

5
5

You must realise GCHQ are doing exactly the same, and that everyone's data is at risk?

4
0
Bronze badge
Coffee/keyboard

We aren't putting up with it..

Amonymous Coward said,"DuckDuckGo.com for cookie free search and no tracking. Why the somnambulistic American public puts up with a tenth of this BS, I will never know."

Haven't you noticed the grid lock in the American congress? It isn't all because of the budget - many of us, especially conservatives, never did like what they put in the Homeland security legislation - This despite what our twisted media seems to believe!

I have one HIPS(Emisoft) that has already flipped the bird at the Germans for not allowing spies on board, but it doesn't block cookies. So maybe now SaferNetworking in Germany will wake up and start issuing cookie blocks for NSA's crap! I'm sure Chancellor Markel will be more than happy to back them up, as miffed as she's been with the US lately! CCleaner should be able to remove them, even if they are Zombie cookies, and they don't use white lists that I've ever heard of - and we in the security community would have known if Piriform was doing that. They've been very transparent about this business, and have a reputation for that to uphold.

As you can see in the world news - Our businesses woke up too late and are backpedaling furiously to negate anything NSA or any other nincompoop bureaucracy is up to! Even Microsoft seems to be scrambling to join the fray, if you believe those turds, anyway.

3
0
Bronze badge

Skipping Google Just Won't Work; Just Skipping Google Won't Work

If Google has been subverted, you can bet your ass that everything else of weight has been, too. Some willingly, some less so, but compliant nevertheless, if they want to do business in or passing through the USA. Just a safe assumption, even if not provable.

And, now, is this vindication against all those who --blindly, negligently, ignorantly, deceitfully -- who for YEARS kept telling us, the world, that cookies are harmless, that they cannot be manipulated, that they do not carry payload, and only collect, not command?

And, people supposedly smarter than myself would consider me paranoid. I love getting vindication, even years after the fact, but lament the fact that lots of wrongdoing can be done, or has been done.

9
1
Trollface

The Register uses cookies. Some may have been set already. Read about managing our cookies.

Please click the button to accept our cookies. If you continue to use the site, we'll assume you're happy to accept the cookies anyway.

7
0

its been sitting at the bottom of my browser window for over a year now. and it will continue to do so because "i'm not fine with this". same way i don't allow scripts to run. what for, and why should i add just another unnecessary attack vector.

11
0

its gone for good now, hidden from sight with the help of some simple css trickery (stylish + display: none), should have done this ages ago but just couldn't be bothered :)

3
0
Coat

love the headline

The Sting is in the tale...

5
0
Big Brother

Could also have used

There's a spy in the sky, there's a noise on the wire, there's a tap on the line for every paranoid desire. There's always someone looking at you...

(OK, I'm showing my age now!)

0
0
Silver badge

Which reminds me of another good oldie...

I am the eye in the sky, looking at you, I can read your mind

I am the maker of rules, dealing with fools, I can cheat you blind

And I don't need to see any more, to know that

I can read your mind (Looking at you)

I can read your mind (Looking at you)...

Still one of my favourite songs today, and eerily prophetic.

0
0
Silver badge
Thumb Up

A useful Firefox extention

Give CookieSafe a whirl. You can set up a whitelist for the handful of cookies you need and block the rest.

I'm sure there are others but this one works for me.

0
0
Anonymous Coward

A better useful Firefox "extention" [sic]

Try

Tools / Options / Privacy / Use custom settings for history / Keep until: I close Firefox

Then

Tools / Options / Privacy / User custom settings for history / Accept cookies from sites / Exceptions / Google.com [block]

Life is SO much better...when you don't have any [persistent] system cookies at ALL.

1
0

Re: A better useful Firefox "extention" [sic]

The problem with doing this is that you have to re-log in to sites like Facebook, and if I remember correctly, other sites that the browser (FF) used to remember the un and pw, no longer does.

I tried this before, and it became such a pain that I stopped doing it. If the NSA wants to track me, they're going to do so whether I try to stop them or not. I think we all have to recognize that. This isn't the same world that we used to have before the internet.

4
5

Re: A better useful Firefox "extention" [sic]

Facebook? Well, if you use that, you may as well just bend over and take it like the cattle you are - no offence to the Kiwi shepherds/sheep/etc.

9
2
Anonymous Coward

Remember, having Firefox remember your UN and PW...

is equivalent to having no security at all.

For Firefox

Tools / Options / Security / Saved passwords / Show passwords

shows your private lovelies, all out in the open for any person with access to your computer to see. I doubt that you have the Master password set, correct?

Yes, I have Firefox save some passwords...on my office machine. Why? Because my boss insists on occasionally sitting at my desk (and trying to make it his own by rearranging it) and then using my computer to log on to our various online business profiles...to only realize he doesn't know / can't remember the passwords. So rather than hear him complain [about his own technical incompetence] I saved some UN and PW's. Making the decision to do so was very hard for me but it was either that or hear him complain [about his own stupidity], and I grow tired of it sometimes.

As for my personal machines? Nope, no, never ever. Did I mention NEVER? Not even on my cell phones do I have a SINGLE UN or PW saved, and indeed on my cell phone I make it a point to periodically erase all cookies. Especially if I did a Google search because I forgot to switch the search engine preference to DuckDuckGo after I restarted the browser.

If I can't remember my access codes to my online profiles...then I don't truly use and therefore have no dire need for that access, now do I?

3
3
Bronze badge

Re: A better useful Firefox "extention" [sic]

If I understand correctly, restricting these cookies for a session is a pain in certain parts of anatomy, but not because of logins - to FB or anything else. Logins - remembering the UN/PW combo - can be handled by the browser or the system,no need for persistent cookies there.

The problem is with various settings ("preferences"). You want to configure your search? Prefer a certain language? Want Safe Search enabled/disabled? 20 results per page? That is where the PREF cookie comes in. Without it you need to configure your preferences each time you start the browser. And it is the cookie, not your account, since you are not necessarily signed on before you search (and if you cold set preferences only for signed on sessions you would not need the cookie but the result would arguably be even worse, privacy-wise).

If you don't mind the defaults - or doing repetitive customizations each time - limit google.com cookies to session and enjoy the warm and fuzzy feeling of having thwarted another effort of those nasty alphabet-soup agencies. Otherwise, carry on, but don't think that, e.g., TOR can help with his problem - your IP will be obfuscated but your cookie will still be yours.

0
0
Silver badge

Re: A better useful Firefox "extention" [sic]

Invent an algorithm for your passwords.

If you forget your password recalculate My_Algorithm( "Facebook", other_things_that_I_CAN_remember)

It doesn't have to be complicated. You're already ahead of 99% of the crowd. I don't imagine for a moment it'll defeat spooks (who have inside access to Facebook et al anyway). It will defeat the sort of criminal who assumes that all your passwords are likely to be the same, or steals your computer so he can use your stored passwords.

And use a different algorithm for passwords that unlock real money!

1
0
Bronze badge

Re: A useful Firefox extention

Firefox allows more than one profile, so it's possible to have a clean and a dirty one, using different shortcuts to start them.

http://kb.mozillazine.org/Opening_a_new_instance_of_Firefox_with_another_profile

Alternatively, using PortableApps for example, it's not too difficult to load separate copies of Firefox for different purposes, each of which has its own cookie store. Styles can be used to distinguish them when they are on screen and it's easy to delete them entire and replace periodically. This is not as good as using a sandbox, but would keep a large proportion of rubbish at bay.

0
0
Big Brother

Re: A better useful Firefox "extention" [sic]

Ghostery

AdblockPlus

Better Privacy

Self Destructing Cookies

HTTPS Everywhere

Never save passwords

Reject third party cookies

Always clear cookies on exit

Not enough though, install Lightbeam add-on from Mozilla, and use your browser for a while.

You will be alarmed at the amount of tracking that occurs.

0
0
Bronze badge
Thumb Up

Re: A better useful Firefox "extention" [sic]

Life is SO much better...when you don't have any [persistent] system cookies at ALL

Right. I always set cookies to expire at the end of session and run my browser without scripts. Also, I usually have a number of Firefox 'cleaning' plugins* set active.

In addition to these 'cleaning' plugins I also get CCleaner to wipe the FireFox cache, cookie data etc. multiple times a day. There are several other cleaners too that clean stuff that CCleaner either misses or ignores.

I periodically check for toolbars lurking in the registry (and in browser configs etc.)—Google, Ask.com etc.—and if not deleted by the cleaning tools I manually delete them. Also, if I suspect the registry has had a 'hard day' I reload the previous day's registry or another even earlier one from the automatically-stored 30-day registry backup repository using ERUNT (also useful if one trials a lot of software as I do).

Also, I'll regularly spring-clean my FireFox user-profile. This means deleting the complete profile and replacing it from an earlier clean backup.

From what I read here in this group of El Reg posts, I'm very surprised that most El Reg readers don't essentially do similar—just as a matter of form. Very odd!!

I don't do all this because of NSA paranoia—rather it's to both keep ad 'conglomerators' such as Doubleclick at bay and make Firefox run faster—it's surprising how much faster browsers work with all that 'JavaStuff' disabled.

Most web sites work fine this way. Whenever I strike a site that I have to access which insists on cookies and or JavaScript I simply fire up a separate browser installation with cookies enabled etc. and cut-and-paste the offending URL into it. The browser is cleaned when finished.

_______

* Ghostery (set for 'ALL' on); NoScript, FlashBlock, BetterPrivacy (for especially hard cookies--known as local shared objects (LSOs)—Google etc.; AdBlock Plus, JavaScript Deobfuscator. And several other Java blocking/controlling and monitoring tools (XPIs).

0
2
Bronze badge

@RobHib -- Oh, I forgot to mention about the NSA

It seems to me that whilst GCHQ, the NSA, etc. have nothing to worry about from us the citizenry, that can't be said about big business/multinationals.

Stand between big business and a dollar and there'll automatically be big trouble. And Snowden's revelations have spooked it into realising that being spyed upon ultimately means less moolah.

Now, as we know the only truly real citizen in a modern democracy is big business.

'Nuff said.

0
0
Silver badge
Thumb Down

Re: A better useful Firefox "extention" [sic]

Try

Tools / Options / Privacy / Use custom settings for history / Keep until: I close Firefox

Then

Tools / Options / Privacy / User custom settings for history / Accept cookies from sites / Exceptions / Google.com [block]

Life is SO much better...when you don't have any [persistent] system cookies at ALL

I can do all of that and more with CookieSafe and without even opening Firefox's options dialogue.

0
0
Bronze badge

Of course it does. Does anyone think that the Google arose to fame, fortune and anti-mediocrity through meritocracy alone?

And while we are at it, does anyone think that the faults in Android are purely (pukely?) accidental?

2
1
Bronze badge

At this point, Snowden could reveal that the NSA is run by alien lizards..

.. and I wouldn't be surprised.

Given how much info they have on us, why can't we use them as a free backup service? "Hey, NSA/GCHQ, as you know, I've accidentally deleted that file.. can you email me your copy of it?"

13
0
Bronze badge
Happy

Re: At this point, Snowden could reveal that the NSA is run by alien lizards..

Backup from NSA ? You missed that BOFH story perhaps ?

0
0
Silver badge

Re: At this point, Snowden could reveal that the NSA is run by alien lizards..

There is precedent: The philosopher and drug dealer Howard Marks was asked, after the publication of his autobiography,how a man who smoked so much dope was able to remember the dates and general chronology of his life. He said that since the US authorities had been watching him for years, he simply made a Freedom of Information request, and received back the skeleton of his life story.

12
0

Re: At this point, Snowden could reveal that the NSA is run by alien lizards..

I've long wanted to ask them (NSA) for transcripts of the secret Cheney task force on energy policy that he had early in his (whoops, Bush Boy's) presidency.

And then there were all those deleted emails from the White House back in the Ashcroft days.

Or fly-on-the wall during every congress-critter's chats at the bars around DC with savory or not companions.

I know these are all out there and being analyzed for potential use. Lord, Edgar Hoover (FBI thru 1972) knew how to collect and analyze tons of message intercepts and blackmail citizens and politicians. This was before absolutely every voice/email/etc message was collected by extra-gov facilities. Just imagine what they have on EVERYONE.

2
0
Anonymous Coward

Re: At this point, Snowden could reveal that the NSA is run by alien lizards..

Hey, do you mind !!?

I absolutely adore reptiles and am greatly offended by your attempt to tarnish their image by associating them with....that thing.

2
0
Bronze badge

Re: At this point, Snowden could reveal that the NSA is run by alien lizards..

But, it ISSS. You misSSSsed a few hundred staff meetings -- otherwisssse you would not hhhhold in contempt our great SSSStansuuu SSssiglorsssuu. You would have ssseen the weekly WAR reports indicating that the Earth rat population is down by 62% in NYCcccc and Gainessssville, Florida sincccce the human insssurgentsss demolissshhed two of our rodent reproducttttion faccccilitiessss.

We will reprogram you and then Anna will decccide your fate.... human ssssympathisssser...

(SSSSorry... I could not ressssissst. Human humor attemptssss overrun me in thissss bodily form....)

4
0

Thankfully, The Reg does not use Google Analytics. One of the few websites that doesn't, unfortunately.

1
0
Bronze badge
Black Helicopters

google Analytics ?

I see google pages and multiple other web stats companies when ElReg pages load ? I know the site needs to make money, but always assumed that google was in there somewhere. Cold booting from linux live DVDs is beginning to look better all the time, if I had to hide something.

0
0

Re: google Analytics ?

Your problem is not if you have something to hide, it is if THEY have something to hide.

THEY includes your government, the US government and anyone they share data with.

Google, Facebook and the others are probably less of a direct threat although they are intrusive and a nuisance.

Lots of citizens in Germany from the mid thirties had nothing to hide but paid a high price.

Lots of citizens in East Germany until the fall of the wall had nothing to hide but things did not go well for them.

It is not all about Germany either the same sort of government behaviour has existed elsewhere, Chile is just one example.

9
1
Silver badge

@Drew 11

I tend to agree with you, Google Analytics is a site which I've marked as "Untrusted" in my NoScript plugin and therefore it gets blocked all the time.

Now, not to spoil the party but you are aware that El Reg uses googletagservices.com don't you? So you're not fully in the clear yet.

1
0
Bronze badge

Google Analyticssss is a Ssssic... It wassss meant to be Google

Google Analyticssss is a Ssssic... It wassss meant to be Google

Anna Lick Ticksss, a special project of the V Ssssecurity Apparatussss to find the remaining human ssssympthizers amongt the V sssshipssss. Ssssnowden wassss almosssst captured, and wassss partially sssskinned alive, but with help, essscaped. The Vatican would have no more V activity exposssingg their operations, and sssso Ssssnowden was ab-sssconded to Russssia.

Word hassss it that he sssstole and managed to hide the ssssignature of a Blue Energy generator matrixxxx. What can you report on thissss sssset of developmentssss?

0
3
Bronze badge

"Thankfully, The Reg does not use Google Analytics. One of the few websites that doesn't, unfortunately."

Sure?

This is their UA-ID taken from the page source: UA-33330076-1

0
0
Silver badge

No website I visit uses Google Analytics. At least they don't when I visit them, thanks Ghostery! :)

1
0
Bronze badge
Paris Hilton

OKAY

Re: google Analytics ?

What worries me a bit is not so much the technology but the impact on human society, humanism and human interaction spurred on by some of the (usually destructive) psychologies of the watched by the watchers by commanding authorities.

What and where these new dynamics take humanity is adventurous and where will it go in 2 or 3 generations (hunan ones not technological ones)?

0
0
Silver badge
Big Brother

New spin on an old cliche

If you have nothing to hide, you have nothing to fear. So we're going to find out absolutely everything about you so you can watch X-factor in peace.

2
0

Fuck Off!

What is the answer to all this snooping, apart from turning off all my connected devices?

Is there a place on this planet where the Five Eyes do not have jurisdiction, where servers are not compromised (a-la Cisco/Juniper)?

Running a Live Linux boot CD/DVD is slow and painful.

And just as an aside, I started using bookmarks in my Google Chrome browser. I haven't used bookmarks in years, but started to as I was writing an article about all this snooping. Then suddenly, one morning, I found all of my bookmarks deleted, gone. The only bookmarks I had were to news sites like this one, The Washington Post, Guardian, etc. (i do drink a lot)

2
0
Silver badge

Re: Fuck Off!

>Running a Live Linux boot CD/DVD is slow and painful.

Well, there is no reason you can't install Linux on a HDD, make an image of it in it's clean state, and then restore that image prior to each session (shouldn't take long on SSDs, and you could use a USB-booted environment to automate the process at each boot. After each session, make a few random writes to the HDD. I don't know too much about Linux, but I was under the impression that you can put its swap files where you want - onto volatile storage, for example.

This is just a top-of-head idea. I'm sure more thought-through ideas exist.

You could look into http://en.wikipedia.org/wiki/Tin_Hat_Linux as well.

2
0

Page:

This topic is closed for new posts.