Thursday, December 29, 2005

Cookie Monster

Scandalous! Amid all the ohmygoodnesswe'rebeingspiedon controversy swirling around the president we're hear this today about the NSA:
The National Security Agency's Internet site has been placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most of them.
 
These files, known as "cookies," disappeared after a privacy activist complained and The Associated Press made inquiries this week, and agency officials acknowledged Wednesday they had made a mistake.
 
Nonetheless, the issue raises questions about privacy at a spy agency already on the defensive amid reports of a secretive eavesdropping program in the United States.
 
"Considering the surveillance power the NSA has, cookies are not exactly a major concern," said Ari Schwartz, associate director at the Center for Democracy and Technology, a privacy advocacy group in Washington, D.C.
Well, no kidding. And, considering just about every well-visited website uses cookies it seems like a heck of a thing to expect the NSA to not track the surfing habits of visitors on their own website.
 
If you really want to get your undies in a bunch over surf tracking, try a little research on what the big web ad agencies do. It'll make your skin crawl.
Until Tuesday, the NSA site created two cookie files that do not expire until 2035 — likely beyond the life of any computer in use today.
This is quite a common practice with web programmers to remember users when they return to their site. How do you think Amazon remembers who you are time after time when you visit their site from the same computer?
But privacy advocates complain that cookies can also track Web surfing, even if no personal information is actually collected.
Privacy advocates should look into disabling cookies if it's that much of a problem. If you think tracking by cookie is bad, just think of how the RIAA is tracking down folks to sue -- by finding the IP address of suspect computers and then requesting a subpoena of the user records of the person using that address from the ISP who owns it. Web servers track surfing habits, too.
 
At the end of the day these aren't really privacy advocates bellyaching, they are anonymity advocates. It's one thing to expect privacy when sharing personal information with an agency of some sort for the purposes of conducting some sort of business with that agency. It's quite another to expect to not be traceable when you are the person requesting resources off another person's or agency's property.

No comments: