The NSA and its British counterpart GCHQ are secretly piggybacking on website cookies to track and monitor the internet use of surveillance targets.
Published by the Washington Post, the documents reveal how the agencies use advertising cookies specifically operated by Google, known as Pref, to "pinpoint" targets. While the cookies do not contain the user's name or email address, they contain a code unique to the user's web browser.
Once the NSA and GCHQ has that code, their agents can reportedly single out a specific machine and send out software designed to hack into it and reveal more information about the suspect.
Slides leaked by Snowden say cookies are used by the NSA to "enable remote exploitation" of the target's computer, but the Washington Post reports that specific attacks using this method were not published in the documents.
The newspaper likened the NSA's actions to "when soldiers shine laser pointers on a target to identify it for laser-guided bombs" - in other words, the technique doesn't provide any new information on the target, but helps the agency single out the suspect's computer and attack it directly with other software.
Although the agency's actions here are not as forceful as disclosed by Snowden's previous leaks, the practise is still one which internet users will not expect, and which Google does not currently disclose.
It is unclear if Google is aware of the NSA's use of its cookies, or if the search giant was required to comply by the Fisa court.
Google is yet to respond to requests for comment by both the Washington Post and IBTimes UK.
Wholescale collection of data
A NSA spokesman told the US newspaper: "As we've said before, NSA, within its lawful mission to collect foreign intelligence to protect the United States, uses intelligence tools to understand the intent of foreign adversaries and prevent them from bringing harm to innocent Americans."
Google recently joined Facebook, Apple and other major technology companies in a coalition against government spying on their users. Google chief executive Larry Page said: "The security of users' data is critical, which is why we've invested so much in encryption and fight for transparency around government requests for information.
"This is undermined by the apparent wholesale collection of data, in secret and without independent oversight, by many governments around the world."