Verizon Wireless Embroiled In Tracking Controversy - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Business
News
10/29/2014
12:25 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Verizon Wireless Embroiled In Tracking Controversy

Verizon Wireless is in hot water with security and privacy advocates regarding unique identifier headers that function as what one EFF expert calls "perma-cookies."

Verizon Wireless is tracking more than just your bandwidth usage these days -- it's also spent the last two years collecting data on your mobile web searches, the apps you use, and the websites you visit, according to security researchers.

Many websites monitor users' web activity: Facebook recently announced plans to track users' actions between devices and share with advertisers when an ad or promotion leads to a purchase. Google uses cookies similarly to track users across the web, too.

But Verizon Wireless's method, which it calls a Unique Identifier Header (UIDH), can't be deleted, unlike a cookie, and travels across the web with users, even if customers opt out. Security and privacy experts say this new form of tracking has potentially dire consequences for users' online privacy.

"Customers are used to the idea of cookies on the web and understand the various protections you can apply like clearing cookies, private browsing, and Do Not Track," said Jacob Hofmann-Andrews, staff technologist at the Electronic Frontier Foundation, who noticed the UIDH last week. "But this new identifier doesn't work like any of that -- this allows advertisers to create a persistent profile tied to your real-world identity that is impossible to get rid of."

Understanding the UIDH
The UIDH is a string of characters that the company inserts into data that flows between customers and the websites they visit, Hofmann-Andrews said. He likened the UIDH to a "perma-cookie," which any web server you visit can read and use to build a profile of your activity -- without your consent.

(Image: Jonathan Mayer, Webpolicy.org)
(Image: Jonathan Mayer, Webpolicy.org)

Verizon Wireless's UIDH reportedly has tracked users since 2012, but was discovered only recently because it's so hard to observe, Hofmann-Andrews said in an interview.

"Because the header is injected in the network layer after the request leaves the device, there's no way with the device itself to tell what's going on," he said. "In order to notice this, you have to operate the device and the server you're talking to, and in addition to that, the server has to be configured to log all headers, which is a rare configuration."

All Verizon Wireless customers were automatically opted into sending the header based on the company's terms of use policy, Hofmann-Andrews said.

[Popular social apps may track your every move. Read Location Tracking: 6 Social App Settings To Check.]

The UIDH is part of Verizon's Relevant Mobile Advertising program, which shows customers ads on websites and apps based on information such as your address, demographic information, and interest categories. They pair this data with the UIDH, which the company says "may allow an advertiser to use information they have about your visits to online websites to deliver messages to mobile devices on our network."

In a statement to InformationWeek, Verizon Wireless said that it changes the UIDH on a regular basis to prevent third parties from building profiles against it, though it did not disclose the timeframe. Details in its Relevant Mobile Advertising FAQ imply that users are given one ID, at signup: "In addition, we will use an anonymous, unique identifier we create when you register on our websites," it says.

Security researcher Kenneth White set up a website that checks whether Verizon -- or other wireless carriers -- have attached a UIDH to your

Kristin Burnham currently serves as InformationWeek.com's Senior Editor, covering social media, social business, IT leadership and IT careers. Prior to joining InformationWeek in July 2013, she served in a number of roles at CIO magazine and CIO.com, most recently as senior ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Kristin Burnham
50%
50%
Kristin Burnham,
User Rank: Author
11/30/2014 | 6:10:36 PM
Re: A piece of my data
@progman2000 it really is, and yet another reason why some sort of oversight is essential.
Kristin Burnham
50%
50%
Kristin Burnham,
User Rank: Author
11/30/2014 | 6:09:38 PM
Re: When you see a Problem it's also an Opportunity
@mak63 -- I think that's why this story is so important. Most Verizon Wireless customers don't know how important this is and why it's so important. 
mak63
50%
50%
mak63,
User Rank: Ninja
11/3/2014 | 2:36:51 PM
Re: When you see a Problem it's also an Opportunity
@Some Guy

Yes, I meant the general public. But the way, Net Privacy sounds like a good name for it.
Li Tan
50%
50%
Li Tan,
User Rank: Ninja
11/3/2014 | 4:23:40 AM
Re: When you see a Problem it's also an Opportunity
This will be a good opportunity to app developers to develope a special app to remove this customized header and you can download it for free.:-)
Some Guy
50%
50%
Some Guy,
User Rank: Strategist
10/31/2014 | 11:38:33 AM
Re: When you see a Problem it's also an Opportunity
Re: "Too bad most people won't understand a word ..."

Clearly you can't mean that for folks participating in this discussion board, can you?

For the general public, point taken, which is why you would market it as Net Privacy. It's also why they will pay one to do it for them.
mak63
50%
50%
mak63,
User Rank: Ninja
10/31/2014 | 1:41:10 AM
Re: When you see a Problem it's also an Opportunity
@Some Guy

Seems like a great opportunity to sell VPN to a web proxy that strips the header out for you ... and protects you from cookies and tracking in general.

It seems like a great idea. Too bad most people won't understand a word you just said.
Number 6
50%
50%
Number 6,
User Rank: Moderator
10/30/2014 | 4:15:39 PM
Re: The only way
Forget about legislation. That won't happen until some Congressperson has a personal experience with their own information being used for questionable purposes. THEN they'll care.

See some of the history at http://radio-scanner-guide.com/RadioScannerGuidePart9C-Cellular.htm and note the Wilder and Gingrich episodes.
Some Guy
50%
50%
Some Guy,
User Rank: Strategist
10/30/2014 | 1:23:55 PM
When you see a Problem it's also an Opportunity
Seems like a great opportunity to sell VPN to a web proxy that strips the header out for you ... and protects you from cookies and tracking in general.

No need to be sad Mr. & Ms. Cyber-Stalked. Turn that frown upside-down and laugh all the way to the bank!
progman2000
50%
50%
progman2000,
User Rank: Ninja
10/30/2014 | 11:29:08 AM
Re: A piece of my data
Ditto - I don't think I have joined or logged into any forum or website that wants me to use a social media account to do it.
MemphisITDude
100%
0%
MemphisITDude,
User Rank: Strategist
10/30/2014 | 11:17:09 AM
Always feel like... somebody's watchin' me...
Interesting article, and brings to mind some followup technical questions:

1. It is mentioned that the "perma-cookie" survives IP and location changes, but what about SIM card changes? There are affordable dual SIM phones available today, would it be possible to do all your browsing on a "burner sim" from a different carrier?

2. There's been a lot of news about the "Blackphone" recently - does it automatically VPN for you? Or would it be useless against this type of tracking?

3. The EFF representative says "We think Verizon needs to stop modifying users' Internet connections..." but it's not a true Internet connection. Back in the late 1990s when I connected (via dial-up) to a local university, I got a true Internet connection with a real Internet IP address. I could run any applications on it and while I was dialed in anyone in the world could establish a connection to my IP address. But what's being provided by Verizon (and your local ISP for that matter...) is limited and filtered to such an extent it probably should be labeled a "Web Browsing" connection.

 

 

 

 

 

 

 
Page 1 / 2   >   >>
Slideshows
7 Technologies You Need to Know for Artificial Intelligence
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2019
Commentary
A Practical Guide to DevOps: It's Not that Scary
Cathleen Gagne, Managing Editor, InformationWeek,  7/5/2019
Commentary
Diversity in IT: The Business and Moral Reasons
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  6/20/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll