They can be crafted to send info back to the originating server such as urls visited after the initial event, not just local site activity.

Huh? Where’d you get that idea? Cookies aren’t code, they’re tiny little text files that save information gathered by the site through other means. They’re a method of storing data, not collecting it.

Besides, there’s no way for a website to view a cookie from another domain. It’s impossible for the NSA’s cookies to track what other websites you visit. Period. Even if the NSA was using a thrid-party tracking company, this whole situation would be moot since the NSA’s site wouldn’t be able to view the third-party cookies.

Now the NSA could use their HTTP headers to see which URL referred you to theirs and it could its webserver logs to track your movements throughout the site, but this would, once again, only affect visits to the NSA website and none of those have anything to do with cookies.

Trust me on this guys. This. Is. Not. A. Big. Deal. Just take a look at the comments at Slashdot if you don’t believe me. People who understand this stuff are laughing at the outrage this has caused. There are much more important things to be concentrating on than whether or not the NSA’s website is using persistent cookies.

For another take on this from a conservative writer who understands the severity of this issue, click here.

I really like your writing here, Greg. Happy New Year.

the use of illegal cookies should be viewed as another way our government is performing illegal actions with very little oversight.

Understood, but aside from the fact that the use of persistent (as opposed to single-session) cookies was against a federal regulation that probably didn’t need to exist anyways, what exactly constitutes an illegal cookie? What data specifically was the NSA gathering and how is that any worse than what, say, Amazon or Yahoo do?

I haven’t done all the homework on this, but here’s a guess at to what might be going on: NSA uses a third-party company to track hits on their site. The same third-party company is also contracted by your bank, or an online store that you buy stuff from.

Nice to see that you’re thinking this one through, but it doesn’t quite work out this way. Without getting into specifics, lemme just say that I work as a Systems Administrator for one of the largest sites online, so trust me on this one.

While it’s possible that the NSA website is using a third-party company to track visitors, this issue here is with the NSA domain dropping cookies. Supposing the site used Hitbox, which is used by many large corporations, the NSA couldn’t directly access to any of the information that Hitbox collects and stores in cookies. Cookies don’t work that way.

Additionally, if you were passing personal information to a site, there’s no reason why that data would be shared with the tracking company. Amaazon doesn’t give your CC number to their tracking company and Yahoo doesn’t give your passwords to theirs. And even if they did, the NSA wouldn’t be able to collect that data without doing things that only the NSA could do.

Unless they demand access to prevent terrorism, at which point I’m sure they will get what they want, even if the president has to sign an executive order “authorizing” it.

Even if we assume a branch of the government can’t get at the cookies stored on your computer by a company they are paying, there still might be privacy issues with one corporate entity being able to track your actions across multiple sites. In time, with enough innocuous tidbits, they might connect the dots and come up with a picture.

That said, while not as big as the NSA domestic spying issue, the use of illegal cookies should be viewed as another way our government is performing illegal actions with very little oversight.

Americans have been a little too “New Testament” Santa Claus with the government for too long. We give and we give and we give, no matter what they do.

I think it’s time we get a little “Old Testament” Santa on them and check our lists twice. Domestic spying - naughty. Using illegal cookies - less naughty, but still not nice.

We have to be the ones to make the list of transgressions large and small, because we’re dealing with an administration headed by a guy who couldn’t think of ONE THING he’d done wrong in his first four years in office.