Telecom Transparency Project
  • News
  • Publications
  • ATIP Documents
  • About
Half-Baked: The Opportunity To Secure Cookie-Based Identifiers From Passive Surveillance

internet

Half-Baked: The Opportunity To Secure Cookie-Based Identifiers From Passive Surveillance

August 6, 2015 by Christopher Parsons Leave a Comment

Half-Baked ImageAndrew Hilts and Christopher Parsons have released a new paper that is titled “Half-Baked: The Opportunity To Secure Cookie-Based Identifiers From Passive Surveillance.” Cookie-based identifiers are used by websites to deliver advertisements as well as collect analytics information about website visitors. Incidentally, intelligence agencies such as the NSA, GCHQ, CSE, and other Western signals intelligence bodies use the same identifiers to track the activities of individuals and their devices as they access, and use, the Internet. The paper respond to a series of basic questions: To what extent do major online properties encrypt the advertising, cookie, and other digital identifiers used by the NSA and other intelligence agencies to track users and their devices around the globe? Since the Snowden revelations began have providers actually encrypted more, or less, of these identifiers?

Full Abstract

Documents released by Edward Snowden have revealed that the National Security Agency, and its Australian, British, Canadian, and New Zealand equivalents, routinely monitor the Internet for the identifiers that are contained in advertising and tracking cookies. Once collected, the identifiers are stored in government databases and used to develop patterns of life, or the chains of activities that individuals engage in when they use Internet-capable devices. This paper investigates the extent to which contemporary advertising and analytics identifiers that are used in establishing such patterns continue to be transmitted in plaintext following Snowden’s revelations. We look at variations in the secure transmission of cookie-based identifiers across different website categories, and identify practical steps for both website operators and ad tracking companies to take to better secure their audiences and readers from passive surveillance.

Download the Paper

Posted in: Government, Surveillance Tagged: cookies, CSE, gchq, intelligence, internet, NSA, Privacy, security

Recent Posts

  • The (In)effectiveness of Voluntarily Produced Transparency Reports
  • IMSI Catcher Report Calls for Transparency, Proportionality, and Minimization Policies
  • Release: DIY Transparency Report Tool
  • Canada’s Quiet History of Weakening Communications Encryption
  • Half-Baked: The Opportunity To Secure Cookie-Based Identifiers From Passive Surveillance
  • Canadian Transparency Publications
  • Industry Canada Transparency Report Guidelines Intensely Problematic
  • Canadian Police Requests for Telecommunications Data
  • Capturing the Security Intelligence Review Committee

Copyright Information

Original content posted to The Telecom Transparency Project is licensed under a Creative Commons Attribution Share-Alike 2.5 Canada License. Read our Privacy Policy here.

Copyright © 2021 Telecom Transparency Project.

Custom WordPress Theme by themehall.com