Thursday, December 12, 2013

Is Google complicit?

As most of you know, lots of websites use "cookies" stored on your computer to make your internet usage easier. But the NSA piggybacks on Google's cookies to spy on the citizenry.
The intelligence agencies have found particular use for a part of a Google-specific tracking mechanism known as the “PREF” cookie. These cookies typically don't contain personal information, such as someone's name or e-mail address, but they do contain numeric codes that enable Web sites to uniquely identify a person's browser.

In addition to tracking Web visits, this cookie allows NSA to single out an individual's communications among the sea of Internet data in order to send out software that can hack that person's computer.
PREF is the reason why, if you've ever visited a shoemaker's website, you may start to see shoe ads following you as you travel throughout the internet. Even if you never use Google's search engine, you almost certainly have that cookie on your system. It is everywhere.
Special Source Operations (SSO) is an NSA division that works with private companies to scoop up data as it flows over the Internet's backbone and from technology companies' own systems. The slide indicates that SSO was sharing information containing "logins, cookies, and GooglePREFID" with another NSA division called Tailored Access Operations, which engages in offensive hacking operations. SSO also shares the information with the British intelligence agency GCHQ.
The big question: Is Google a witting partner in the NSA's spying?

Edward Black of the Computer and Communications Industry Association testified to the Senate Judiciary Committee that spying poses a threat commercial use of the internet.
Here in the United States we have been focused understandably on the rights and liberties of Americans, questions of rule of law, and public opinion across the country. While these are critical issues, it is important that the Committee also concern itself with the fact that the behavior of the NSA, combined with the global environment in which this summer’s revelations were released, may well pose an existential threat to the Internet as we know it today, and, consequently, to many vital U.S. interests, including the U.S. economy.
But...if Google is working hand-in-hand with NSA, then Google poses a threat to the economy.

In its public statements, Google has, at times, adopted an adversarial stance toward the NSA. (Example.) But is that stance merely a bit of theater? Are the adversaries actually collaborators?

Can SSO do what it does without Google's aid, or at least its awareness?

I don't know the answer. I'm asking the question.

On a related note: Do you recall our earlier discussion of whether or not cell phones should have a switch to turn off GPS?
Another slide indicates that the NSA is collecting location data transmitted by mobile apps to support ad-targeting efforts in bulk. The NSA program, code-named HAPPYFOOT, helps the NSA to map Internet addresses to physical locations more precisely than is possible with traditional Internet geolocation services.
"HAPPYFOOT." You gotta love that. I've said it for years: The infrastructure set up to deliver advertising to your computer or smart phone also lets Uncle peek at what you're doing.

By the way: The illustration above is the official mission patch for a new satellite (named NROL-39) launched by the National Reconnaissance Office. Cute, huh?

4 comments:

Twilight said...

I've just followed a link on a related topic from another blog I follow:

https://www.aclu.org/meet-jack-or-what-government-could-do-all-location-data

"Meet Jack. Or, What The Government Could Do With All That Location Data"
by Jay Stanley.

If you've mentioned this before - apologies.

Dystopia draws ever nearer!

b said...

Seen this one?

But I already had a bit of tape over my webcam, so there!

And in other news, foxes have been protesting the lax security at chickenhouses.

I know who I think Google are. Can't prove it, though.

Joseph Cannon said...

"Can't prove it" is an honest reaction, b. I feel some obligation to be fair here, since Google is the founder of the feast as far as Blogger is concerned.

But -- I've looked into it, and there is NO way to use Blogger without having the PREF cookie on your system. I flush it out regularly, but it comes back.

In fact, there are reports that it pops onto Firefox even after a completely new install, even if you have visited NO websites whatsoever!

Nevertheless, it should be possible -- theoretically -- to rid your system of that cookie and to keep it off. IF, that is, you never use Gmail or Blogger or other Google services.

Anonymous said...

->
https://www.requestpolicy.com/
"Be in control"
"RequestPolicy is an extension for Mozilla browsers that increases your browsing privacy, security, and speed by giving you control over cross-site requests."
->