Mike Masnick writes: The latest Washington Post story from the Snowden leaks highlights how the NSA was able to effectively piggyback on Google’s ad-tracking cookies to track someone’s online activities and to “enable remote exploitation” (the details of that exploitation are not revealed, but there are a few ways that would be possible).

It’s important to note, first off, that it does not appear that that the NSA is doing this in any “bulk” sense. Rather it appears to be accessing this and other data via more specific orders. That is, rather than going through everyone’s surfing habits, it’s using this particular “trick” when it’s looking for someone (or something) specific, and likely getting a FISA court order to do so.

Still, this should raise very serious concerns — and it should lead internet companies to rethink the way they use cookies. I know that some people want an extreme solution, in which cookies go away entirely, but that ignores the many benefits that cookies/tracking can provide. As we’ve said in the past, privacy is always about tradeoffs, and generally it should be about tradeoffs where individuals can assess if what they’re giving up is worth what they get in return. The problem here is that the information on what they were giving up was not clear at all, and open to abuse — meaning that things may have tilted pretty far in one direction. [Continue reading…]