Spy Agency Removes Illegal Tracking Files

The National Security Agency’s Internet site has been placing files on visitors’ computers that can track their Web surfing activity despite strict federal rules banning most files of that type. — Associated Press

Those naughty scamps over at the NSA! What crazy hackery are they up to now? Spyware? A virus developed by some master hacker? A rogue ActiveX control?

No, just “cookies.”

“Cookie” files are small text files, usually used to store user preferences for specific websites. If your browser is set to allow it, they can be stored on your computer by a specific website… and read by that website… and that’s it.

Cookies set by one website can’t be read by any other website. They’re data files, not programs. Once you go away from the website that set them there, all they can do is just sit there.

In other words, there’s no way to “track web surfing” via cookies. This is complete nonsense. A website can track which pages you visit ON THAT SITE, but that information is available from the server logs without the use of cookies.

And of course, this is the NSA we’re talking about. If they have an interest in tracking your web surfing habits, they’re perfectly capable of intercepting and analyzing the Internet backbone traffic for that information. I guarantee you cookies won’t be involved.

What the NSA’s exact capabilities are, what they’re doing, and what they should be allowed to do certainly are reasonable subjects for debate. But this is ludicrous.

Take a look at the cookies left behind by the NSA’s website on the computer of one concerned blogger.

The specific cookies he found were CFID, CFGLOBALS and CFTOKEN. These happen to be typical cookies set to store session information by the Cold Fusion website hosting software.

Note that similar cookies from other websites are listed along with the NSA’s cookies, but since they aren’t from the NSA, he’s not worried about those.

On my computer, the exact same CFID and CFTOKEN cookies were set by the website for The American Library Association, which I doubt is a hotbed of covert intelligence activity.

But wait! Weren’t there “strict federal rules” against such things?

Well, yes and no. There’s policies in place prohibiting government websites from setting cookies, most probably simply to avoid the appearance of impropriety. But non-governmental websites you visit can set as many cookies as they want. And it’s most certainly not “illegal.”

This website sometimes sets a session cookie even though I don’t do anything with it. It’s HARD not to set a cookie; most software sets one by default. But sleep well… I mean you no harm.