clock menu more-arrow no yes

Filed under:

NSA reportedly 'piggybacking' on Google advertising cookies to home in on surveillance targets

New, 83 comments
safari cookies 1020 stock
safari cookies 1020 stock

In yet another disclosure from Edward Snowden's pile of leaked NSA documents, The Washington Post has revealed that the US surveillance agency may be using Google's advertising cookies to track and "pinpoint" targets for government hacking and location-tracking. According to Snowden's leaked presentation slides, both the NSA and the British equivalent, the GCHQ, are using a Google-specific ad cookie (know as "PREF") as a way of homing in on specific surveillance targets. While Google's cookie doesn't contain personal information like a name or email address, it does contain numeric codes that uniquely identify a user's browser. That identifier reportedly helps the NSA and the GCHQ single out a specific machine and send out its software to hack into the user's computer.

Google's PREF cookie reportedly gets loaded onto a computer when they use Google's products, like Search or Maps — it can also be loaded through sites that host Google products, like an embedded map on a third-party site. That cookie contains a code that lets Google track users to personalize their ad experience; The Washington Post claims that "most" internet users probably have such a cookie even if they don't directly visit Google's sites.

Google's cookies might be used for more than just ads

The report notes that the NSA doesn't use this technique to find suspicious activity amidst the massive flood of internet communication that takes place every day — instead, it uses it to home in on targets already under suspicion. Either way, it's not a cookie usage that internet users expect, nor one that Google currently discloses. It's not clear whether Google is willfully allowing the NSA to piggyback on its cookies or whether it was required to by the FISA court. Google declined comment to The Washington Post; we've reached out to see if they can confirm or deny the report's allegations. Given recent scrutiny into the security of Google data (not the least of which is coming from Microsoft), this revelation can't be a happy one for the search and advertising giant — Google relies on its ad revenue, and it certainly doesn't want users to actively start blocking its advertising cookies because of surveillance fears.