- Until Tuesday, the NSA site created two cookie files that do not expire until 2035 — likely beyond the life of any computer in use today.
NSA Web site places ‘cookies’ on computers – [AP]
]]>< 
So, how long before the NSA cookie story is toast?
To be fair, it is not illegal for private citizens and organizations to do this—it’s just not cool. I for one am glad the feds have decided to play by tighter rules. And while I’m not getting my panties in a wad that the NSA got busted I’m glad they made the change.
I’m no web app expert, but isn’t a cookie only useful for tracking when you visit sites with the other half of the cookie and can’t track any other sites that you visit? If I go to nsa.gov and get a cookie it can only track when I go back to nsa.gov or maybe I go to otherwebserver.nsa.gov. What’s the big F’ing deal? Has the press decided to pick on the NSA as a way to get to Bush?
“Has the press decided to pick on the NSA as a way to get to Bush?”
Yes, and welcome back from Mars. How was the 5-year round trip?
Hmmm.
The only time a cookie is any issue is if the cookie is storing sensitive data. Otherwise it’s a non-issue. I.e. if I store your SSN or customer information in a cookie, that’s bad. If I store the last time you visited a website then that’s not a big deal.
If one is not particularly computer literate then the story reads as an expose of government intrusion. However, if one knows better then the story is obviously deceitful.
I suspect most will believe that it is an intrusion.
Chalk this one up to the NYT.
There are several types of cookies. The most basic (and the kind in question) are single-site cookies. These can be used to track user sessions for purposes such as traffic monitoring, user customization persistence, etc. For a solitary site like nsa.gov they have very little ability for misuse, and for the vast majority of individuals, especially in the age of broadband internet, such tracking cookies do not provide much more tracking information than ordinary server logs would. For example, without a cookie a website owner can track hits to their website based on referrer urls, ip address, etc.
Single-site cookies used by advertising companies can be used to track web surfing behavior for individuals by, for example, cross-referencing all the visits to multiple sites (that use the same ad servers) from a single user. This information is also available at an ip level, but is not as reliable as cookie tracking. For example, if you visit catsinsinks.com and cuteoverload.com and both those sites used the same ad servers, the embedded ads on those sites could be used (in coordination with simple cookies) to keep track of your visits to both sites. Cross-site / cross-domain cookies offer similar tracking abilities, only more so (allowing cookies to be shared among different servers and domains). Since the nsa.gov website is not an advertising portal, this isn’t an issue in this case.
Of all of these types of cookies, the nsa.gov cookies are nearly the most benign (following just after session cookies, which expire when you close your browser). They are, for example, infinitely more benign than the cookies used to track your browsing habits by the advertisements on, say, the nytimes.com website. To try to gin them up to be some huge intrusion into people’s privacy is the lamest kind of stupid that exists. It’s nice that government websites have really high standards for user privacy, and I’d like to see them keep to that standard. But to imagine this as anything other than the most minor and completely unthreating accidental breach of the rules is to venture deep into tinfoil hat land. This is the equivalent of a police car being parked half an inch too close to a fire hydrant without the proper paperwork.
Indeed, it’s some sort of testament to the degree of cleanliness of this administration that this is the best the opposition can work up.
Let’s not stop here. I’ll bet the website of every Democrat in Congress drops cookies. Reading this whining story in the New York Times will gain you a half dozen cookies. Yes, the story is a bunch of BS.
So let me see if I understand this — the press reported on this, so the NSA tossed its cookies?
jc:
The point is that the feds have a strict rule about the kind of cookies that NSA is using and NSA violated that rule.
Maybe you think that’s ok, but it makes me very unhappy when I find out that federal bureaucrats don’t play be the rules.
Why should I have any respect for the government and its rules and laws if the government itself refuses to obey its own rules and laws?
What kind of example are they setting?
D.C. Russell, don’t get your panties in a bunch. If you read the story, the permanent cookies were only on because the NSA upgraded their server software, which had them on by default, and someone forgot to turn them off. Not exactly treasonous activity. Its an honest mistake, like forgetting to change the date on a form letter. Also, as I watch Fox News right now, someone is claiming that the NSA cookie can track everywhere you go on the Web. While I consider myself to be pretty good with computers, I’m not quite up on cookies. Is that actually possible, or is this guy just parroting the terribly unclear AP story?
D.C. Russell:
Maybe I’m just desensitized to federal buearocrats breaking rules, laws, and such after the previous administration; what with the lying under oath, illegally having FBI files in the White House, receiving campaign contributions from foreign governments and religious institutions, etc.
Diddy,
Assuming that the browser security is up to snuff, there’s supposed to be a separation so that amazon.com can’t, for example, read your barnesandnoble.com cookie. The exception is that if amazon.com gives its half of the cookie to barnesandnoble.com then they can track you at either site. So the NSA will only know if you go to wizbangblog.com and what posts you look at there if Wizbang wants them to know.
If the NSA wanted to know everyplace you visited on the web there are infintely easier ways than to try and use cookies. For one, it would be nigh impossible to do so via cookies to any effectiveness.
The NSA would have ten times better success and million times less exposure just getting a court order to track you from your ISP.
Hmmm.
About 5 years ago it was possible for a server to query a browser and get the entire stack of cookies. It was cumbersome, but possible. But due to the various hacks since then all recent browsers have implemented changes to prevent this.
It’s really a non-issue in every way imaginable.
Frankly it’s complete nonsense like this that so severely degrades the credibility of the left.
BTW, I just checked out the NSA’s web site. It’s actually pretty cool, particularly if you have a broadband connection and Flash.
Wow, if the DNC was the government, they would have broken the rules. Not that the cookies from the NSA or WH sites are anything to be concerned with in terms of privacy; they’re not spyware (though some of us are against persistent cookies in general). They did break their own rules though; the DNC did not.
I suspect this is being overblown as an invasion of privacy issue. Still, there are rules against it that the NSA broke, and I’m not sure when we arrived at a point that when a Federal bueaucrat says “it was just a mistake” then it’s automatically assumed to be true, and no further questions are allowed.
I admit to not having more than a rudimentary knowledge about cookies, but based on recent hints that the NSA may be trying to protect surveillance technology that no one yet knows about, I don’t think it hurts to be a little extra vigilant when dealing with them.
And as for the suggestion that “The NSA would have ten times better success and million times less exposure just getting a court order to track you from your ISP,” I think that’s kind of laughable, seeing as how the NSA has already made it clear that the whole “court order” route doesn’t always meet their needs.
Did anybody else verify this? I checked it and the cookie expires at midnight tomorrow, but maybe they did get caught and changed it.
I have a cookie from the NSA website from a while ago (I don’t remember why I visited their site) and the cookies are CFGLOBALS, CFTOKEN, CFID, and CFCLIENT_NSA, and they expire in 2035. I’m pretty sure that’s the default for Macromedia’s ColdFusion.
Also spying on me: the local 10news.com, ABC news, Adobe, blogger.com, cbs.com, CNN, DailyKos, Fox News, Google, Intel, Macromedia, Little Green Footballs, Michelle Malkin, Microsoft, the NFL, Senator Reid’s blog, Reuters, SlashDot, The Political Teen, The Smoking Gun, the univeristy I attend, The Washinton Post, The Washington Times, weather.com, and maybe 300 other sites that aren’t worth mentioning (or I don’t want to admit to publicly). Those 300 are just sites I’ve been to recently or who have expiration dates 20-30 years in the future which is not uncommon at all.
To see who’s spying on you in FireFox go to Tools::Options->Privacy->Cookies->View Cookies. I’ve got to go to Sam’s Club and buy bulk amounts of tin foil now.
I’m surprised that TNYT didn’t include an allusion to — if not suggestion that — ~~the NSA watches users from their monitors~~.
The cookie issue is moot unless you’re comfortable in not knowing the nature of cookies (TIF) and are eager to be fearful of “spies”.
Tracking cookies are the problem but are easily removed — as are all cookies as many of us do remove and nearly every day — and better yet, easily blocked. And, cookie expiration dates are meaningless when their lifespan on most computers is only a few days, due to normal housekeeping measures.
But, you know, why am I not surprised that these simple and nearly primordial aspects to personal computing are not included in the “expose” as to the NSA cookies?
I see so much desperation by TNYT in it’s need to diminish the United States of America. And so, what is primordial is TNYT.
Another thing: my DEMOCRAT Senators won’t even accept emailed correspondence from constituents…you have to either write a letter sent via U.S.P.O. or you have to engage their website’s correspondence form (meaning, you betcha’ that there are cookies there).
This NSA-Cookie-Story is Tin Foil Hat material by TNYT. I’m not surprised.
Diddy: I haven’t heard/read the FOX thing on this issue (yet) but if you heard someone there who was not a liberal, not screeching, about this issue, say that the NSA cookie could track user’s web surfing…then they’re referring to A TRACKING COOKIE, which is spyware.
Many marketing companies use them and even SiteMeter does.
They’re not good things and are objectionable and can easily be blocked by site URL involved and prevented from further downloading to any computer afterward. And, many programs keep them off a computer, too but even without those, they can be blocked in a browser after identified.
But, Tracking Cookies are hardly an issue unique to anyone, just objectionable to most, although I still don’t know whether or not the NSA cookie was, in fact, a Tracking Cookie. If it was, they undoubtedly made an error…
Cookies are your friends. Even tracking cookies can’t hurt you.
My nytimes cookie keeps my name and password. As do about 150 other cookies I have for sites I’m a member of.
I don’t give a rip if Yahoo knows that one day I navigated from Yahoo e-amil groups to Yahoo News. Sheesh.
To me, it looks like there is a significant scandal here:
Did someone at the Associated Press tip off the DNC about this issue in advance of publication? This reminds me a bit of Mary Mapes and her apparent collusion with the Kerry campaign while she was working on the Bush TxANG “story” …