The same Web browser cookies used to track consumers on the Internet are being used by the National Security Agency to track surveillance targets, according to a Washington Post report.
The cookies -- bits of code that allow advertisers to track consumers' Web activity to deliver more-targeted ads -- are being used by the NSA to help identify targets for government hacking and surveillance, according to internal NSA presentation slides provided to the newspaper by former NSA contractor Edward Snowden.
The NSA is particularly fond of using a Google tracking mechanism called a PREF cookie, which contains a unique numeric identifier rather than personal information such as a user's name or e-mail address. While the cookie doesn't allow the agency to identify suspicious behavior, it does allow for pinpointing of a subject already under investigation for "remote exploitation," the newspaper wrote.
The cookie is part of Google's "safe browsing" service, which aims to protect consumers from malware and phishing attempts. According to Google, the PREF cookie is also used to store users' Web browser preferences, such as preferred language and number of search results.
The documents also showed that the NSA is using location data gathered by smartphone apps and mobile operating systems to pinpoint mobile devices around the world, the newspaper reported. The Post said the information collected is more specific than the 5 billion location tracking records the agency reportedly collects on a daily basis.
Representatives for the NSA and Google declined to comment on the report.
Google cookies have been linked to NSA tracking activities before. Documents leaked by Snowden to the U.K.-based Guardian newspaper in October show that the agency used ad networks like Google's AdSense to locate and identify users of the US-based Tor Project, which is devoted to providing a system that lets people use the Internet anonymously.
The collection of behavioral data via cookies has long riled privacy activists and consumers alike. Proponents argue that tracking people as they visit different sites on the Web allows advertisers to provide more targeted marketing.
After the US Federal Trade Commission requested a mechanism to block online tracking, Mozilla offered Do Not Track technology to prevent Web pages from tracking people's online behavior for advertising purposes. However, efforts to make it a standard have stalled over disagreements about how to enable it. An alternate proposal submitted by several advertising groups was rejected this summer by the Tracking Protection Working Group, a standards group that includes representatives from browser makers, advertisers, and privacy groups.
A federal judge recently dismissed a class-action lawsuit that accused Google and three other online advertising companies of having "tricked" plaintiffs' Web browsers into accepting cookies that enabled Google to serve the plaintiffs targeted advertising. While agreeing that the companies bypassed the browsers' privacy settings, the judge in the case found that the plaintiffs did not demonstrate that they suffered harm as a result of their personal information being collected and sold.