This GCHQ presentation from March 2009 shows that the agency has targeted a number of popular websites in a concerted effort to harvest cookies (“target detection indentifiers”) on a massive scale: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
This CSE (then CSEC) presentation from 2012 describes the Canadian agency’s file download monitoring operation: see the Intercept article Canada Casts Global Surveillance Dragnet Over File Downloads, 28 January 2015.
This undated joint GCHQ/CSEC presentation provides an overview of “exploring and exploiting leaky mobile apps”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
This 2011 presentation, created by GCHQ’s Network Analysis Centre describes new techniques for gathering reconnaissance on the IT personnel of targeted organisations (their “Network Operations Centres”), using Belgacom as an example in several slides: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014.
A presentation entitled ‘Tor Stinks’ outlines the capabilities and difficulties of attacking the Tor anonymity network: see the Guardian article NSA and GCHQ target Tor network that protects anonymity of web users, 4 October 2013.