
NSA tracks Google ads to find Tor users - fraqed
http://news.cnet.com/8301-1009_3-57606178-83/nsa-tracks-google-ads-to-find-tor-users/?part=rss&subj=news&tag=title
======
devx
So in this case letting Google analyze the data really is wiretapping [1].

I understand there can be tremendous benefits in letting companies analyze all
sorts of data on us, and then letting them spit back useful services for us.
However, if we're going to go along with all of this, then we'd better have
some _very strong_ national and international laws to protect us against
government abuses in simply lifting data of millions of people at a time, or
simply targetting various people, whether nationally _or internationally_ ,
without very strong oversight and a clear record of what happened, who did it,
and why they did it.

Otherwise, companies like Google, by collecting so much data on us and keeping
it for so long, are just making it extremely easy and trivial for governments
to abuse their power.

[1] - [http://www.nytimes.com/2013/10/02/technology/google-
accused-...](http://www.nytimes.com/2013/10/02/technology/google-accused-of-
wiretapping-in-gmail-scans.html)

~~~
anxiousest
First of all let's not confuse the issues here, the one in question is about
tagging visitors with cookies, and the one you link to is a terrible decision
by a judge about the nature of data processing in the cloud with the potential
to adversely affect all tech corps and startups and further enrich leech trial
lawyers. Here are some opinions by those who know the law much better that
myself:

[http://www.volokh.com/2013/10/04/is-gmail-
illegal/](http://www.volokh.com/2013/10/04/is-gmail-illegal/)

[http://www.washingtonpost.com/blogs/the-
switch/wp/2013/09/28...](http://www.washingtonpost.com/blogs/the-
switch/wp/2013/09/28/heres-whats-wrong-with-this-weeks-ruling-that-google-may-
be-wiretapping-its-customers/)

It’s just an awful decision.

Back to the cookie thing, the technique described is not exclusive to national
agencies, any black hat with gumption can manage it (although the NSA taps
teleco traffic which makes it much easier for them) the attack vector in this
case is a vulnerability in the Tor browser that ought not have been there in
the first place (rather than any data analysis) and I'm guessing it was
already patched seeing as the documents describing it are a bit dated.

It’s not a kickoff point to philosophise about the merits of free services and
the legality of hadoop. Also "companies like Google" aren't the ones that came
up with terrible laws nor should they stop building stuff because of them.

