I can’t believe this story is getting any airplay at all:

The National Security Agency’s Internet site has been placing files on visitors’ computers that can track their Web surfing activity despite strict federal rules banning most of them.

That’s the first sentence of a AP article that’s getting front-page play on all major news sites over the past 24 hours:

• ABC: NSA Web Site Places ‘Cookies’ on Computers
• MSNBC: NSA used banned data-tracking on Web site
• CNET: NSA catches heat over cookies
• CBS: NSA Web Site Uses Banned ‘Cookies’
• Fox News: NSA Caught Placing Cookies on Web Visitors’ Computers
• Breitbart (via Drudge): NSA Web Site Puts ‘Cookies’ on Computers
• Yahoo! News: NSA Web Site Places ‘Cookies’ on Computers

The media, in typical fashion, is so desperate to run a “Look how scary our government is” story that they don’t even bother to fact-check it.

Sorry, but “cookies” just don’t work the way this story implies that they do. This is very similar to the “cookies are bad because they can infect your machine with viruses” junk that went around in the mid-90’s.

It’s painful that the general population knows so little about the technology they’ve come to rely upon. Including the reporters in these stories that speak as though they thoroughly understand what they’re talking about. But, as usual, the problem is we live in a headline-driven society. And now popular blogs are picking up the story and reporting it as well, driven only by the desire to have something to criticize the current administration about:

• HD For Indies: Way OT - your government in action (UPDATE: Mike removed this story after I commented that his site placed 3 cookies on my browser, one with an expiration date of 2033)
• Slashdot: NSA Caught With The Cookies

This story is only interesting to left-leaning organizations/blogs, those that are desperate to pile-on the current wire-tapping stories that are going around (which is a whole ‘nother pile-o-smelly that I just won’t go into now).

Let’s make this simple:

1. Cookies are simply snippits of text that a website can ask your browser to send back the next time you visit. They’re not executable code. They don’t carry viruses. They don’t propagate.
2. Cookies are controlled by the BROWSER, not the web server. A browser (i.e. the user) can decide not to accept cookies. Or can toss their cookies at any time (pardon the pun).
3. Cookies will only be sent back the web server that sent them in the first place. A server cannot “poll” a browser for all it’s cookies. The browser sends the cookies that a server sent to it when a page on that server is requested.

Getting a little more technical: cookies are persistent state devices that allow the web to have a session oriented experience. Without them, most of the web wouldn’t work.

If your desperately looking for someone to be afraid of, look to the media agencies themselves: the ad agencies, google, etc. Because of the ubiquitous presence of these ads, they can truly track where an individual browser is going, because references to their servers are embedded in the pages you visit. I don’t know of many sites that embed image references directly to the NSA in their pages.

Think before you panic, and read past the headline before you jump to conclusions.