“Users did not have much control in the cookie era,” says Marc Rotenberg, executive director of the Electronic Privacy Information Center, a nonprofit advocacy group in Washington. “But the problem is about to get much worse — tracking techniques will become more deeply embedded and a much smaller number of companies will control advertising data.”

Rotenberg says potential NSA use of the next-generation tracking data is all the more reason to move away from behavioral tracking. And he points out that there’s already evidence that ad data could have been used by government spies. NSA documents published by the Guardian earlier this month appear to postulate that cookies set by the pervasive Google-owned ad network DoubleClick could be used to spot internet users who also use the Tor anonymity system.

The NSA Tor attack could only work on people who made mistakes using what is otherwise a strong system. But yesterday, Ad Age reported that Microsoft is developing a system that has intimate tracking at its core, following people as they hop from the web to apps and from PCs to tablets to phones to videogame consoles. By shoving aside cookies for an unspecified new identification technology built into devices at a lower level, Microsoft and its authorized partners would gain detailed tracking ability — though the report also says that the system could lock out non-authorized parties, who are harder to exclude from the data flow in cookie-based tracking.

That may sound like a good thing, but keep in mind that Snowden’s documents indicate that the NSA has previously helped itself to big company data, with authorization or without.