There is a tempest in a teapot over the National Security Agency's use of cookies on its Web site.
Let me say first that cookies can be and often are mis-used, and I routinely delete a lot of cookies left on my computer. And the NSA did use persistent cookies, which is against the Federal government's rules.
But having said that, the AP article being published almost everywhere is misleading, and perhaps intentionally so. Here is one example:
"....privacy advocates complain that cookies can also track Web surfing..."
The statement makes it sound like the NSA cookies could be used to see where you have been anywhere on the Web. There is no way to do that with cookies. They can be used to track where you have been on the NSA Web site, but that's all. It is a huge difference. Many sites do use cookies to see where you have been on their particular site. And they often use the cookies to see how often you visit their site, and so on. Companies like Google and Amazon can build extensive dossiers on you by using cookies to figure out what kind of books you like (Amazon) or what kinds of topics interest you (Google). But they can only track where you have been on their site, not on other sites. And they can only store personal information that you have typed in yourself, on some form on that site.
Here is another misleading statement:
"...NSA site created two cookie files that do not expire until 2035 - likely beyond the life of any computer in use today."
The reality is that many sites do this routinely--again, check the expiration date of the cookies Google leaves on your computer. The article tries to attach some sinister meaning to the long expiration date, but fails to provide any evidence and fails to note that many sites (millions and millions, probably) do exactly the same thing.
This site uses cookies because it makes the software a little more responsive and improves the browsing experience. No personal information is stored, and you can safely delete the cookies as often as you like. We don't use the cookies to maintain any kind of dossier on our readers, and never will. As far as I can tell, neither did the NSA.
Lots of private companies use cookies inappropriately, but the article fails to note that. In the case of the NSA, they turned the persistent cookie feature off immediately when it was pointed out to them. I think this was nothing more than a case of a Web site administrator who did not know the rules, and a lack of oversight. The rules for government sites are that cookies should be deleted automatically at the end of the browsing session, instead of leaving them on the computer. It saves a little time to be able to leave the cookie around for next time, but sites work fine without persistent cookies.
Cookies are entirely under your control. I recommend that you review your cookies regularly and delete ad-related cookies (usually obvious because 'ad' appears somewhere in the domain name), as well as Google and Amazon cookies, and any other cookies from sites that might have an incentive to create a dossier on you. Note that some sites use cookies to remember your userid/password information, so if you delete those, you will have to log in. Newspaper sites tend to use lots of cookies.
The Internet is scary only if you don't understand it, and it is unfortunate that some news organizations would rather write a lurid story than to help explain how things work.