backtop


Print 128 comment(s) - last by .. on Aug 24 at 6:29 AM


  (Source: Puppet Government)
Government could reap a wealth of information from its citizens

Every day millions across the country navigate to government webpages, to read pertinent information. Since 2000 that access has been safeguarded, thanks to a prohibition on government websites using cookies or other tracking technology to track users.  Agency exceptions could only be granted under cases of "compelling need".

Now the Obama administration is looking to overturn that prohibition and potentially begin harvesting a wealth of data on its citizen's activities.  Under the plan, the prohibition would be replaced with a set of privacy provisions.  Aides say that it would increase government transparency and "increase public involvement".

The measure, though, has many opponents.  The American Civil Liberties Union spokesman Michael Macleod-Ball commented that the measure would "allow the mass collection of personal information of every user of a federal government website."

Other opponents dislike that the government may be looking to revoke the protections at the request of search-engine giant Google and other parties.  The Electronic Privacy Information Center and Electronic Frontier Foundation, both of which oppose the measure, pointed to a February 19 contract with Google and an unnamed federal agency over an exemption to use the YouTube player.

EPIC retrieved the proposed changes, negotiated by the General Services Administration, through a Freedom of Information Act request and says they "expressly waive those rules or guidelines as they may apply to Google."  States EPIC Executive Director Marc Rotenberg, "Our primary concern is that the GSA has failed to protect the privacy rights of U.S. citizens.  The expectation is they should be complying with the government regulations, not that the government should change its regulations to accommodate these companies."

Currently, government content is banned from having tracking cookies, but third-party content, such as YouTube videos on federal websites may have tracking cookies.  Google spokeswoman Christine Chen declined to discuss the new rules, but thanked the government for its use of YouTube, stating, "[The use of YouTube] is just one example of how government and citizens communicate more effectively online, and we are proud of having worked closely with the White House to provide privacy protections for users."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

It's just cookies, people
By VaultDweller on 8/13/2009 7:54:00 AM , Rating: 1
I am a privacy nut. A very paranoid privacy nut, at that. I just want to throw that out there...

However, for fuck's sake people, they're just cookies. The anti-spyware industry has managed to get the public terrified of these things, for absolutely no reason.

ALL mainstream web browsers enforce something called the same origin policy when dealing with cookies and scripts. Websites can only access (or check the existence of) cookies that they created themselves. Say you have a website at bigbrother.gov. bigbrother.gov can not read cookies placed on your computer from any other domain, and other domains cannot read cookies placed by bigbrother.gov. Allowing bigbrother.gov to place a cookie on your browser will not magically give them the ability to track what websites you visit - they could only do this if the other websites you visited had embedded external content from bigbrother.gov which placed a cookie on their behalf.

If the guidelines outlined for government cookie use allow each website to create their own cookie, there is absolutely no way that these websites can do any tracking beyond, "Yes, you've been to THIS exact website before." The only point that it would become worrisome would be if all government websites pointed you to bigbrother.gov to get a cookie from them, rather than placing a cookie of their own - this would indeed allow bigbrother.gov to track which websites you've received a cookie from, but would also be useless to the involved websites (as only bigbrother.gov could read these cookies).




RE: It's just cookies, people
By TheEinstein on 8/13/2009 5:00:55 PM , Rating: 2
You are fail.

Criminal hackers have been spoofing the protections for a while now. There are a variety of means around it. Go to a major encryption forum, or attend a hackers meeting (been there, done that) and you will find that your information is about as much security as Obama's administration saying there are no terrorists, just not legal combatants... or some crap like that.

Better yet go to the correct sites and they will advertise to your last 20 web searches so long as your cookies are still intact. They will promise you all sorts of items.


RE: It's just cookies, people
By VaultDweller on 8/14/2009 10:20:17 AM , Rating: 2
quote:
You are fail.


That isn't even a sentence, genius.

quote:
Go to a major encryption forum, or attend a hackers meeting (been there, done that)


Been there, done that, didn't buy the T-shirt but got some free ones along with other convention swag.

quote:
Criminal hackers have been spoofing the protections for a while now. There are a variety of means around it.


Oh, do elabroate on these means... or is this just FUD and fear-mongering? Cross-site scripting is the only reliable way to steal cookies. A well designed website will not have XSS vulnerabilities - and if it does, user information could be stolen with or without the use of cookies. DNS spoofing? Again, there's no need for cookies if you're able to do this.

Sure, a hacker that owns your computer could get cookies that way too, a few cookies are the least of your worries.

It isn't the year 2000 anymore. The percentage of systems running a totally unpatched IE6 is low and getting lower - people are actually using web browsers that enforce their security policies these days.

quote:
Better yet go to the correct sites and they will advertise to your last 20 web searches so long as your cookies are still intact.


This kind of hocus-pocus is nothing but a cheap trick to alarm the uninformed, on par with the annoying "Your IP address is #, are you scared yet?" scripts people like to stick in forum signatures. Instructing a client browser to display client-side information to the client user is not the same thing as gaining access to that information yourself.


"There is a single light of science, and to brighten it anywhere is to brighten it everywhere." -- Isaac Asimov














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki