Cookies: The insidious mysteries revealed

I've been reading a lot of tinfoil hat paranoia about browser cookies over the last few days. Enough hysteria to make it obvious that most people don't have the foggiest idea of what a cookie actually is, and what it can do (which is not that much).

So here is Cookies for Dummies. Read this, then resume your rants.

What any website programmer can do:

1) Create a cookie that is stored in your browser's cookie directory (nowhere else)
2) Store a small piece of information (that already exists) on that cookie
3) Read the information on that cookie (if it's still in your cookie directory when you return)

The cookie itself cannot create information. It is simply a place to store information. That's it. An electronic index card. A virtual post-it note. It performs no functions, cannot act on its own, and is basically useless until it is read.

Here is an example of the extremely simple ASP code that is used to create a cookie called "EvilCookie", write some (pre-existing) information on it (in this case, a color preference), and then tell EvilCookie to hang around for a year before committing suicide.

Response.Cookies ("EvilCookie")("MyFavoriteColor") = "purple"
Response.Cookies ("EvilCookie").Expires = Date + 365

To read the information on that cookie, you would use this code:

FaveCookieColor = Request.Cookies ("EvilCookie")("MyFavoriteColor")

The variable "FaveCookieColor" is now equal to "purple."

The most common purpose of a cookie is to trigger some dynamic changes on a website based on whether you are a new visitor to the site ("Welcome, stranger.") or a return visitor ("Hey, Shirley. Welcome back!") The cookie itself can't figure out your name unless you have provided it by filling out a form on the site. It can store information about what pages you have visited on the site, but ONLY if there is some other kind of software on the site which has tracked your movements.

Again, cookies don't DO anything other than store information that someone has gathered and written to the cookie. But not just anyone. If you check your cookies directory, you'll see that all cookies are stamped with a unique domain name. Cookies are associated with a certain domain name. Cookies set by one domain name cannot be read by another. So once you leave a web site, the cookie is useless until (or if) you return to that same web site.

Now, if you're still freaked out by the thought of a perfidious NSA cookie on your computer, just disable cookies in your browser options. Poof! The cookie can't be accessed at all.

to use anything but session cookies on a user's machine. They are breaking the law if they use persistent cookies.

I'm not addressing the issue of the legality of persistent cookies, just the paranoia about the significance of this illegal action. Which is not nearly as serious as many people want it to be.

As a web programmer I can attest to just how easy is to miss the single line of code that sets a persistent cookie, especially if that mistake doesn't break obvious functionality on the site. No programmer sits down and reads every line of code that has been changed by a software update -- it's simply not possible, or necessary.

Progarmmers check to see if anything broke, then they go to lunch.

It's only when an alert user erupts in righteous (and justifiable) indignation that somebody goes "oops" and tracks down the code block in question and changes the expiration date.

It's a very easy mistake to make, and believe me I've made far worse without meaning to.

contracters, understand laws associated with government projects. The Ooops is not with regard to persistent cookie expiration dates but the law that says you can't USE persistent cookies.

I'm not defending the mistake (and I do think it's a mistake), just explaining the limitations of cookies to those who seem to think that cookies are some all powerful spying mechanism.

That said, a persistent cookie without an expiration date is synomous with a session cookie because it expires as soon as your session ends. Based on my experience, government computer projects are passed down through level after level of subcontractors, and I wouldn't be the least bit surprised to hear that many programmers are simply unaware of this law.

That doesn't excuse it, but in the overall scheme of the truly insidious actions that are probably in the works, with a conscious agenda for crowd control, stray cookies on a public web site just doesn't make my blood boil. But that's just me, and spleen mileage may vary for other DUers.

Generally, if, for the Bush administration, someone along the way (let's say, REPUBLICANS) actually took care of some of these issues and we saw justice done, along the way, it wouldn't seem so much like piling on. At this point, for me, it's a situation of feeling outraged just because they're lawbreakers 24x7 (even if cookies are minor compared to data-mining without probable cause)

I'm a web programmer, and I try my best to do a very good job, but from first hand experience I know just how hard it is to coordinate the computer code for an entire production team that is working overtime to meet outrageously short deadlines for impossible jobs.

As deadlines approach, we have everyone from interns and temps to experienced programmers all furiously writing code for their particular slice of a very big pie and there is NEVER time to check the code that somebody else has written. If a temp glazes over while reading 150 pages of single-spaced requirements and misses the prohibition against persistent cookies (assuming it was even mentioned in the requirements) and fails to use session cookies, nobody but absolutely nobody is going to catch that error unless it breaks something during testing.

Web sites look so pretty on the browser side, but if you could peek at the code that the server munches on, you'd see a mass of spaghetti code that would turn your hair white. I look at code I wrote just a few years ago and shudder. But we all have to start sometime and projects have to be shoved out the door even when they held together with spit and a prayer.

You see a law broken, and I see a project requirement overlooked or completely missing.

First, it wasn't just any old website, it was the NSA's-seems to me they would have more than an ordinary interest in making sure security issues were followed (although that supposition is foiled by their spying on Americans etc) Second, NSA told CNN they had teams of privacy experts that, at least theoretically, were looking at making sure all rules were followed.

That at least requires that someone looked at the code other than the developer who wrote it.

But they were all descriptions of companies that went out of business related by programmers who used to work there. :evilgrin:

Everything on their website has gone through several layers of quality assurance and security review. If a programmer accidently used a persistent cookie, it would have been caught before it was used. Somebody at the NSA decided to use persistent cookies, and it was someone who knew it was illegal to do so. It was a flagrant intentional violation of the law.

>> Everything on their website has gone through several layers of quality assurance and security review. <<

:rofl: :rofl: :rofl: :rofl:

Ah, if only it were so. But sadly, there is no such thing as the level of review that you imagine, especially for something as rinky dink as a web site. Government projects -- especially big fat ones for important agencies -- are contracted and subcontracted and subsubcontracted, giving eveyone who touches the project a pocketful of cash for doing nothing.

Code is tested to see if it works, not if it was done elegantly and well. Computer firms that do code reviews for quality assurance almost always go broke, because no one (not even the government) is willing to pay for the time it would take.

And the longer a web site has been in existence, the worse the code gets because good programmers are constantly getting better offers, so there is little if any continuity in the maintenance. The programmers who wrote the code in the first place are long gone, and the ones who come after are focused on fixes and new functionality, not reviewing old stuff.

whether they're just BSing or not, said they had teams of people ensuring privacy standards. Therefore, even if the programmers are all overwhelmed contractors who have lost sight of some legal requirements, the NSA set themselves up to say that THEY had a high standard of compliance, of adhering to law.

They f*cked up, and someone's head will roll. Whether or not it's the right head, who knows?

enforcing rigorous standards on their sites is one thing. But the idea that there are no mistakes or oversights because of the crackerjack teams they supposedly have providing rigorous oversight of their websites, well that's something else.

I remember going to work one day years ago and learning that our gov't agency's website server had been "owned" and the website defaced by Chinese hackers. Apparently the IT shop hadn't yet gotten around to installing some Windows updates.

And BTW can anyone cite the law that was broken here? The articles I've seen so far don't actually reference the specific statute or regulation that was violated. Frequently the media talks about laws and regulations but never bother to actually cite them.

I understand there are laws/regs regarding collection of personal data and public notice of privacy policies and use of personal data. But so far in regards to the use of cookies on Fed websites I've only found government policy documents and guidelines relating to the use of cookies on Fed websites: http://www.whitehouse.gov/omb/privacy/website_privacy.html

Doesn't appear that the use of persistent cookies actually violates law. It appears that the OMB decided by policy that use of cookies should be covered in the privacy notice on Fed websites and there is a procedure for getting the use of cookies approved. Looks like the persistent cookies likely weren't justified and approved via the chain of command as required and there additionally was a failure to include them in the privacy policy.

But violations of policy and procedure and violations of statute are quite significantly different things.

It's referenced in the documents you linked to, for example in
http://www.whitehouse.gov/omb/memoranda/m99-05.html

Here's what the guy who complained about the cookies has to say about it, apparently it was an accident, the emails and faxes he sent are kind of interesting to read:
http://www.google-watch.org/nsacook.html

and guidelines pursuant to the law. The law however as I read it doesn't appear to ban the use of cookies, persistant or otherwise. OMB chose to include in its policy and guidelines the use of website cookies, since some people were upset by the use of cookies at the time. But that alone doesn't constitute a statutory ban on cookies, the violation of which is illegal. It's still policy and procedure.

Privacy Act of 1974 as amended: http://www.usdoj.gov/foia/privstat.htm

I'm not a lawyer, but the way I read it, violating the OMB guidelines and regulations is a violation of the Privacy Act.


(v) Office of Management and Budget Responsibilities

The Director of the Office of Management and Budget shall--

(1) develop and, after notice and opportunity for public comment, prescribe guidelines and regulations for the use of agencies in implementing the provisions of this section; and

(2) provide continuing assistance to and oversight of the implementation of this section by agencies.

http://www.usdoj.gov/foia/privstat.htm

violation of law. To determine whether it is or not, one has to go back to the law and see what it specifically states regarding the matter to see whether it was the law itself that was violated or just a matter of policy. There is a difference. A policy may promulgate statutory mandates or prohibitions which because they exist in statute have the force of law. But the policy may also contain and promulgate policies, guidelines and procedures that are not statutory and thus don't in themselves have the force of law. Violation of the policy in itself is not ipso facto a violation of statute.

The OMB complied by the law which directed it to issue policies and guidelines. The policy/guidelines in themselves, just by virtue of being a policy or guideline alone, don't have the force of law. The guidelines in fact go beyond the law. But the law itself doesn't prohibit website cookies and thus a violation of the OMB's policy on cookies is a violation of policy, not statute.

My understanding is that the law basically says they can only collect information if it's needed, and that they must disclose that it's being collected; neither is true. Persistent cookies per se wouldn't be illegal, as long as they were necessary and disclosed.

Maybe you should ask Daniel Brandt, he's the one that complained to the NSA about it, he's been quoted in the press as saying it's illegal, and I haven't seen anyone contradict that. Feel free to PM me if you find an answer.

From his email to the NSA:
"Please be advised that your website at www.nsa.gov is in violation of
federal regulations."
http://www.google-watch.org/nsapage1.html

Graphic on the front of his homepage http://www.google-watch.org

DOD policy and procedures, his source document, here:
http://www.dod.gov/webmasters/policy/dod_web_policy_12071998_with_amendments_and_corrections.html

A policy in itself doesn't constitute a regulation unless it has gone through the public rulemaking process and has become part of the Federal Code of Regulations. If it's a violation of regulation, why does he not cite the governing regulatory code and instead cite a policy and procedure manual? Or is he simply using the word "regulation" loosely, which seems to be the case as he also refers them to their "policy" rather than any codified regulation. He may state that a violation of policy is a violation of regulation but that doesn't make it so, especially when his citation of authority is a policy manual and not codified regulation.

In your links Brandt cites an OMB policy recommendation and a DOD policy and procedure manual which follows the OMB policy, neither of which just in and of themselves have regulatory or statutory force. He didn't cite Federal regulation or statute regarding the use of cookies.

Cookies are the kinds of records that the Privacy Act applies to.
They may be used if necessary, as long as the user is notified.

a story overblown if any, muddys the water to nsa mass snooping

of disregard for the law permeates this administration at all levels.

Too lazy to type up, glad you did.

That said, while I agree with this in general, I feel you downplay the part cookies can and do play in the gathering of information that individuals may not necessarily want gathered. Yes, cookies in and of themselves don't do anything, but they are commonly used to track people's surfing habits. And, while the information stored in a cookie may not reveal much all by itself, that same information can be used in other ways to reveal quite a lot. This is the reason it is a good idea to clean your cookies rather frequently and avoid allowing 3rd party websites to set cookies when you load a page.

Certainly a degree of paranoia about this that borders on the irrational has erupted, if for no other reason than the one you mention in your closing comments. Disabling cookies is easy. OTOH, the problem is that a lot of people don't.

Many cookies are benign counters. Then there are the data miners.

Because the public knows of these things called "cookies" that are little files placed on their PCs without warning and without explanation, it's very easy to scare the bejesus out of technophobes by just showing them a listing of the files in the cookie subdirectory --- hundreds and hundreds of little files that have no meaning to the user, yet have this tracking value.

I think it's great that the NSA persistent cookie story is getting so much play in the hysterical media. Maybe the "I have nothing to hide" crowd will begin to rethink that position.

I, too, felt the explanation downplayed the information gathering role that cookies can and do play - but wasn't sure I had the energy to add it tonight.

That, say, downloads a larger file that, say, combs your hard drive and reports back to Langley?

according to a recent nationwide survey.

If you have any knowledge of a cookie being able to accomplish this task, please do enlighten us. It's not very mysterious.

It fits so many situations.

They can't.

Cookies will only store strings.

written by Mr. Gonzalez.

There was a thread in the Lounge about the kinds of bizarre things IT people have to deal with. I didn't contribute because I was having trouble making a choice.

I have now chosen.

I pick this.

It's harmless! I've been hearing "cookies are harmless" for ten years, but I've also found some pretty weird stuff on my hard drive.

The possibilities for a response to this are almost limitless, but I'll refrain and remain polite.

Cookies aren't necessarily harmless. They aren't inherently evil. They do not and cannot execute programs.

You might do well to educate yourself about how computers, networking, web browsing, etc. work.

but that's not the world we're living in.

I've been patient, but you're boring me now.

And I don't use Microsleeze.

is vulnerable. And I'm not writing this for your benefit.

The fact I don't use a Microsoft OS means *nothing* when it comes to cookies. They are platform independent.

Oh, hell, why am I bothering. You are obviously proud of your ignorance and seek to display it brightly for everyone to see. Have at it.

not vulnerable to cookies. If you want to trust Uncle Bill because he autosigned your C++ certificate, fine, but I'd exercise caution when asked to accept corporate reassurances.

sheesh. reread the OP. weird stuff on your hard drive means you need better anti-virus software.

Yeah, IT is a world unto itself, and the majority of people consider it to be a scary, inscrutable, mystical world. The higher you go up in the customer's management chain, the less people understand what we do. Execs who approve budgets of hundreds of thousands of dollars for web projects often have only the haziest of notions of what exactly they've paid for and what they're going to get.

Didn't you get the memo.. cookies are now "equal" to web bugs (not)... they are evil (not)... we should rise up and demand something be done. Where is your indignation man ?.. the horror the horror... :sarcasm:

MZr7

Keep jamming up my printer. Damn you NSA!!

your IP address, the URL of the page you came from, the URL of the page you left and went and other info that is also stored on a web server log.

The biggest problem with cookies is that they are too unreliable which is why they invented a thing called "session" where the type of info stored on a cookie is stored on the web server.

And BTW, if you are a registered member of DU and you are logged in to post, you have a cookie from DU.

great lengths to plant those things on our machines and get paid bazillions by their clients.....

The kind of cookie that say, DoubleClick puts on your computer is not there to store your favorite color.

I really don't think that my browsing history is any of the governments business. Do you?

I'm not defending the various ways in which corporations (and government) may use cookies to develop user profiles, just trying to introduce a note of sanity into what cookies can actually do, or more importantly, NOT do.

I have no problem with people who rant about the real issues, just those who rant about hypothetical and awesome powers that they ascribe to cookies.

And you are of course correct in stating that the vast majority of cookies out there are actually completely harmless. For the record I have no idea what the cookies being ranted about from the NSA or wherever actually do. It should be noted though that certain types of cookies CAN in fact not only enable a record to be built of my preferences at one site but can also report visits (and other stored data, given the cooperation of the third party site) to other sites.

I think it is a given that the Bush gang would like as much private info on US citizens as it can get. They really don't seem to believe that we have such a thing as privacy. If the techie gurus within NSA have not noticed the ability of the nastier web advertising agencies to build surprisingly detailed databases full of user information, and further contemplated mimicking them, I'd be shocked.

That doesn't mean they are doing so of course. Quite frankly I think they'd be stupid to do so. I think such a data mining expedition would be discovered (there are some amazingly talented people out there) and once discovered you would see some VERY angry geeks. But if they didn't at least think of it they are a lot less competent than I would have believed.

The cookies are almost certainly benign. I'd still feel better if they didn't exist though.

If you don't want the government putting a cookie on your machine, then setup your browser to warn you before it write the cookie. Internet Explorer has a setting in Internet Setting / Privacy Tab. Click the Advanced button and chose "Override Automatic Cookie Handling" and check "Prompt" in the First Party Cookies and Third Party Cookies.

Then when you enter a new site, you will be asked if you want the cookie saved or not. I usually let the site save the cookie, but not the ad/marketing companies.

In this case, as is the case with most things, the best way to protect yourself is to educate yourself about the threat thoroughly.

:hi:

was possible with DoubleClick advertising on sites you visited that would in effect provide a sort of network of "waystations" of DC adverts and banners, web bugs and cookies as you surfed. Thus a user and activity profile could be accumulated. Hence the origin of concern about cross-domain third party cookies.

That's not what a site cookie does which only is of use on the site that generated it.

Unless you are very explicit about how DoubleClick actually operates, people will think that the cookie somehow follows their movements.

But the truth is that a web site has to actively participate in the DoubleClick network in order for the tracking to occur. So the real culprit is the decision by a commercial web site to knowingly conspire with DoubleClick to track your movements. You can only be tracked on sites that have made that decision and integrated DoubleClick code into their pages.

Nonetheless, the only domain that is setting the cookie is the one on the DoubleClick server. Each time your browser makes a request to download a banner image from the DoubleClick domain, there is an opportunity to read or write a DoubleClick cookie with information about your activity on a participating site.

With the upsurge in phishing, it's going to get harder and harder for companies like DoubleClick to fight the browser security measures that prohibit a download from a site that is on a different domain that the one a user is visiting. Eventually, I suspect, these advertiser campaigns will be collateral damage in the war against phishing. Awwww.

and I started one of those threads, but like others have said, it was illegal for them to do so. That was the point. I wouldn't put it past NSA to track where you have been though, like DU, the nefarious site that we are. :sarcasm: Anyhow thanks for the definition. I block mine anyway except for sites I deem safe like DU.

I'd bet the programmers who actually built the site had no clue that there was such a law against persistent cookies until someone complained.

Guaranteed, some poor overworked, underpaid schlub was responsible for the thankless task of writing a detailed requirements doc for that NSA web site, and if said drone actually included that warning, some overworked, bleary-eyed programmer missed it, or went "Oh fuck it, who cares" and skipped it.

Your average non-programmer simply has no conception of the sheer mass of code that is written for even relatively "simple" projects and how little time there is to review for quality assurance. And the upper-level managers who approve a completed project have no clue what is under the hood, nor do they care.

I truly don't know.

Someone posted in a thread last night that the "law" against persistent cookies was actually a policy without the force of law.

I just posted some info above.
http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=104&topic_id=5713473&mesg_id=5716869

Privacy Act, as amended: http://www.usdoj.gov/foia/privstat.htm

There is no statutory ban on website cookies as far as I can see.

thanks for the info, excellent.

in case anyone's interested: http://www.howstuffworks.com/cookie.htm/printable

had an interesting article on this topic.

...browser options as I have done how does DU read the cookie they installed on my hard drive when I log on? Just curious about that. And can other sites I visit read the DU cookie too?

Don

If you have properly disabled cookies in your browser settings, DU won't be able to read their cookie, even if it still resides on your computer.

And a cookie can be read only by the domain that created the cookie in the first place. So whatever info is on your DU cookie will be available only to DU programmers.

...in both options and DU still reads the cookie I accepted to log on months ago with no problem. Am I properly disabling my cookies in the browser settings for this IE 6.0... browser correctly? Thanks.

Don

There are a number of different levels that prevent cookies from being set on your computer from third-party servers all the way down to blocking any cookie at all. So choose the level of security that you want and don't forget to delete the cookies in your cache.

There's a difference between blocking a cookie (preventing one from being set) and disabling them entirely, which besides blocking them prevents them from being read. You could also set things so that cookies in general are disabled, with exceptions, one of those exceptions being DU.

I don't use IE, so I can't give any specific advice there. I just felt there may have been confusion here due to terms.

Did you store your DU password or did you accept cookies? They are different things.

I have my DU password stored (well, I did until Mozilla went haywire and reset everything to default settings...), so I can log on without entering anything. I generally block cookies until specifically asked for permission - and according to my cookie manager DU never has, and no DU cookie appears in my stored cookies.

Consumer Profiling and Tracking Cookies

The unhealthy kinds of cookies that track Web browsing habits are called "profiling cookies," "persistent cookies," "long term tracking cookies," or "third party tracking cookies." Sometimes they are called "third party cookies" or simply "tracking cookies." No matter what they are called, these kinds of cookies are typically sent to your computer by advertising or marketing companies, and they can last for decades.

The reason these cookies can create a long history of your Web browsing and job searching activities is because these kinds of cookies allow companies to track your movements across many different Web sites. This can be a real problem over time.

For example, if you are looking for a job on Monster.com (which as of this writing deposits advertising.com cookies, among others) and then you go look at a health Web site such as MD.com, then a company called Advertising.com knows you have been to both places. That's because Advertising.com puts a tracking cookie, or a file, on your computer to report back to them whenever you visit one of the sites in their advertising network, sometimes even saying what pages or specific jobs you looked at. Some sites even have cookies on areas where you fill out forms or post a resume, so those companies know when you have posted a resume and may know what kind of information you are giving out online.

What do the marketing companies actually learn from tracking cookies? It may surprise you. If you have filled out forms online with your real name and contact information, or have clicked on banners then purchased an item, or if you have filled out sweepstakes or contests forms, then it is quite possible that major online advertisers know your name and have associated it with your Internet Protocol, or IP address and other information.
The MediaPlex cookie currently deposited to visitors browsing Monster.com, for example, contains a statement that it "stores identifiable information without any user consent." This statement can be viewed using the cookie management feature of the Netscape 7 browser.

Companies like MediaPlex and others that hold this profiling information of your Web browsing habits can then sell or merge that information with many other sources of information, such as magazine or catalog subscription lists. Even though cookies seem quite innocent, allowing the tracking types of cookies to follow you around as you surf the Web is a lot like building a see-through house to live in, click by click.

The good news is that you can manage these persistent tracking cookies to a large degree. To do this, you need to know how to say no to the third party tracking cookies while still allowing yourself to say yes to the harmless cookies. There are several ways to do this. Two of the best ways are to download "opt-out cookies," and to use your browser's cookie management tools to manage your cookies.

http://www.worldprivacyforum.org/cookieoptout.html

"For example, if you are looking for a job on Monster.com (which as of this writing deposits advertising.com cookies, among others) and then you go look at a health Web site such as MD.com, then a company called Advertising.com knows you have been to both places. That's because Advertising.com puts a tracking cookie, or a file, on your computer to report back to them whenever you visit one of the sites in their advertising network, sometimes even saying what pages or specific jobs you looked at."

"Advertising.com" have arranged to have a link (in the form of a banner ad usually) on those web sites to their own domain. That's how they track your movement between sites because domains can't read cookies set by other domains. I agree that this is a problem and the advice on that page is good but I seriously doubt that the NSA is a position that "Advertising.com" is in.

If you think about it, it doesn't even make sense. The NSA would have to have the cooperation of the third party website to include the link on the page. Why would the NSA want to track visitors to friendly web sites? Surely, the only sites they would be interested in would be exactly the same sites that wouldn't cooperate with the NSA.

If you can find a buried link to the NSA domain or other government domain, in a third party web site
then you have your smoking gun but as it is, this NSA/cookie business is a red herring. The NSA are up to far more nefarious activities I'm sure. We should save our energy and get upset about those things.

The NSA cookies ARE a big deal. Some folks here are trying, for whatever reason, to make them seem harmless, which they are not. Does the govt really NEED to know what other websites you visit after theirs? Your assessment was excellent. Thank you.

track users offsite throughout the internet; in fact they have explicitly said that they do not.

Brandt, who brought it to their attention, states that he regards it as a likely oversight ("negligence") on behalf of contractors installing a default configuration of the web page development system and those who were supposed to check their work.

until we get to see the cookie.

"Does the govt really NEED to know what other websites you visit after theirs?"

Cookies can't do that. Cookies can only be read by the domain that set them in the first place. Companies like doubleclick can track what websites you visit because they have links buried all over the place, that's how they make their money and that's why people (myself included) run tools like privoxy.

If it's illegal, then they should fix it, but it doesn't sound like anything different from what most websites do. Not personal either. Not like, say, wiretaps. Most websites, even little personal ones, set cookies to find out if they're getting return visits and to track a visitor through the site, to see what's working and what's not, what pages are most popular, etc. Once again, if it's illegal, fine, change it, but I don't think this is a very big deal.

The cookies are trackers.. once you visit that site, the govt then tracks your other moves. Do you really want your govt spying on you like that? Do you really want to have the govt track everything you do on your computer? Why do you think that people go to great lengths to clear cookies off their machines?

And then, shall we all discuss how the Dept. of Defense computers are scanning many of our computers?? You should be worried.

The problem with the NSA site was that it is ILLEGAL for them to track visitors and use the type of cookies they used. There are different types of cookies, some that track some that welcome back. Shall we just let the media know that YOU said it was no big deal and was harmless? Cuz I think they kind of thought that the NSA disobeying an executive order was kind of a big deal.