Verizon Using Unblockable ‘Perma-Cookie’ To Send Mobile Web Surfing Info To Advertisers

Chuck Bednar for redOrbit.com – Your Universe Online
Verizon Wireless has been subtly inserting an unblockable “perma-cookie” that follows its customers’ online movements and then transmits that information to advertisers, various media reported earlier this week.
According to Wired’s Robert McMillan, Verizon, one of the largest carriers in the US, has been quietly inserting a string of approximately 50 letters, numbers and characters into data flowing between wireless subscribers and the websites that they visit for the past two years.
The company refers to the data as a Unique Identifier Header (UIDH), but McMillan called it a “short-term serial number that advertisers can use to identify you on the web, and it’s the lynchpin of the company’s internet advertising program.” He added that critics call is “a reckless misuse of Verizon’s power as an internet service provider.”
In an interview with Wired, Electronic Frontier Foundation (EFF) technologist Jacob Hoffman-Andrews referred to the UIDH as a “perma-cookie,” and he wants Verizon to stop using it. “ISPs are trusted connectors of users and they shouldn’t be modifying our traffic on its way to the Internet,” he said, noting that the data can be read by any web server visited by subscribers and can be used to construct a profile of anybody’s Web surfing habits.
While Verizon representatives have denied using the UIDH to create profiles of its customers, Ian Paul of PC Magazine said that since the data string is bundled with every unencrypted Web request made by users, the strings are public and can be used as tracking beacons by any computer expert that knows how to find them.
While regular browser cookies can be deleted or blocked, the UIDH method used by Verizon is far harder to discover and address because it is inserted directly into a user’s Web request at the network level, Paul explained. If an ad network discovered them, they could start recording the information across any website that displays its ads, thus building a database on Verizon customers – and there appears to be no way to avoid them.
According to Paul, Verizon has said users can opt-out of the advertising network that uses the information. However, he noted that “even if you opt-out it appears Verizon will still insert a UIDH into your web traffic rendering the opt-out pointless. It’s not clear how long a specific UIDH lasts, but it seems the unique string persists at least over several days perhaps even a week.”
Verizon isn’t the only mobile carrier doing this sort of thing either, according to Gizmodo reporter Kate Knibbs. Security researcher Keith White told her that he has discovered evidence that AT&T is also identifying customers using tracking beacons that “persist across location and new IP addresses, for several days.”
AT&T told Knibbs that they currently do not have a mobile advertising program like this, but a spokesperson added that the company was “considering such a program, and any program we would offer would maintain our fundamental commitment to customer privacy. For instance, we are testing a numeric code that changes every 24 hours on mobile devices to use in programs where we serve ads to the mobile device.”
Verizon users and other mobile customers looking to avoid being tracked have a few options, Paul said. The first would be to only use their mobile device’s Internet functions while connected to Wi-Fi, but avoiding wireless networks completely would be rather unpredictable. The others are to use SSL (HTTPS) encryption while visiting websites or connecting to the Internet through a virtual private network. Both methods will block the insertion of UIDH codes.
—–
Shop Amazon – Contract Cell Phones & Service Plans
—–
Follow redOrbit on Twitter, Facebook and Pinterest.