A report in the Washington Post cites new NSA documents leaked by Edward Snowden tells of how the agency, in collaboration with the British equivalent the GCHQ, uses commercial web site cookies to track suspects.
The NSA expresses a particular interest in Google PREFIDs, which the documents indicate they use for "remote exploitation." See the image below.
Cookies like these cannot be used individually to identify anyone. They do not contain any specifically identifying information, but do have unique IDs which can be used to track a user (or, more specifically, a browser) from location to location, and coordinated with other data. The agency can also tell from the cookies what sites the user has visited. This can assist in determining methods with which to compromise the computer.
The documents indicate that the NSA uses the data only to track suspects they have already identified through other means. They do not appear to collect cookie data more generally.
The documents do not say how the NSA obtains the cookie data from Google or other sources, but this data is discoverable under FISA court orders.
The documents also indicate that the agency, in a program named HAPPYFOOT, is also using location tracking information gathered by smartphone apps. Location data is often tied to advertising information collected by apps because advertisements associated with location data are more valuable than those without.