Verizon Wireless Embroiled In Tracking Controversy - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Business
News
10/29/2014
12:25 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Verizon Wireless Embroiled In Tracking Controversy

Verizon Wireless is in hot water with security and privacy advocates regarding unique identifier headers that function as what one EFF expert calls "perma-cookies."

Verizon Wireless is tracking more than just your bandwidth usage these days -- it's also spent the last two years collecting data on your mobile web searches, the apps you use, and the websites you visit, according to security researchers.

Many websites monitor users' web activity: Facebook recently announced plans to track users' actions between devices and share with advertisers when an ad or promotion leads to a purchase. Google uses cookies similarly to track users across the web, too.

But Verizon Wireless's method, which it calls a Unique Identifier Header (UIDH), can't be deleted, unlike a cookie, and travels across the web with users, even if customers opt out. Security and privacy experts say this new form of tracking has potentially dire consequences for users' online privacy.

"Customers are used to the idea of cookies on the web and understand the various protections you can apply like clearing cookies, private browsing, and Do Not Track," said Jacob Hofmann-Andrews, staff technologist at the Electronic Frontier Foundation, who noticed the UIDH last week. "But this new identifier doesn't work like any of that -- this allows advertisers to create a persistent profile tied to your real-world identity that is impossible to get rid of."

Understanding the UIDH
The UIDH is a string of characters that the company inserts into data that flows between customers and the websites they visit, Hofmann-Andrews said. He likened the UIDH to a "perma-cookie," which any web server you visit can read and use to build a profile of your activity -- without your consent.

(Image: Jonathan Mayer, Webpolicy.org)
(Image: Jonathan Mayer, Webpolicy.org)

Verizon Wireless's UIDH reportedly has tracked users since 2012, but was discovered only recently because it's so hard to observe, Hofmann-Andrews said in an interview.

"Because the header is injected in the network layer after the request leaves the device, there's no way with the device itself to tell what's going on," he said. "In order to notice this, you have to operate the device and the server you're talking to, and in addition to that, the server has to be configured to log all headers, which is a rare configuration."

All Verizon Wireless customers were automatically opted into sending the header based on the company's terms of use policy, Hofmann-Andrews said.

[Popular social apps may track your every move. Read Location Tracking: 6 Social App Settings To Check.]

The UIDH is part of Verizon's Relevant Mobile Advertising program, which shows customers ads on websites and apps based on information such as your address, demographic information, and interest categories. They pair this data with the UIDH, which the company says "may allow an advertiser to use information they have about your visits to online websites to deliver messages to mobile devices on our network."

In a statement to InformationWeek, Verizon Wireless said that it changes the UIDH on a regular basis to prevent third parties from building profiles against it, though it did not disclose the timeframe. Details in its Relevant Mobile Advertising FAQ imply that users are given one ID, at signup: "In addition, we will use an anonymous, unique identifier we create when you register on our websites," it says.

Security researcher Kenneth White set up a website that checks whether Verizon -- or other wireless carriers -- have attached a UIDH to your

Kristin Burnham currently serves as InformationWeek.com's Senior Editor, covering social media, social business, IT leadership and IT careers. Prior to joining InformationWeek in July 2013, she served in a number of roles at CIO magazine and CIO.com, most recently as senior ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
impactnow
100%
0%
impactnow,
User Rank: Author
10/29/2014 | 12:59:40 PM
Data collectiona and usage legislation

I agree that most consumers would not have known about this and most will never know unless they are informed. This really exemplifies the need for legislation to catch up with technology to protect our privacy.

zaious
50%
50%
zaious,
User Rank: Ninja
10/29/2014 | 1:07:20 PM
A piece of my data
It appears that everyone is after the user data and habits. These days we cannot do almost anythign without getting tracked fro business benefits. The question is do we know when our data is getting tracked and sold to third parties? And, what can we do if we do not want to get tracked this way? The options are limited, we need to agree to 'Terms and Conditions'.
progman2000
50%
50%
progman2000,
User Rank: Ninja
10/29/2014 | 2:08:20 PM
Re: A piece of my data
Scary what you open yourself up to by blindly agreeing to their TOS.
melgross
50%
50%
melgross,
User Rank: Ninja
10/30/2014 | 11:15:23 AM
Re: A piece of my data
It doesn't matter whether you "blindly" agree to this or not. Not only does AT&T do this as well, but I'd be willing to bet that the others do too, or are thinking about doing it. If that's the case, then there's no escaping it. I'm also now seeing that a number of sites that allow you to sign in using social site accounts are demanding more information from us. They now want to be able to access all of our " friends" followers, etc. I'm not bothering to comment on those sites.
progman2000
50%
50%
progman2000,
User Rank: Ninja
10/30/2014 | 11:29:08 AM
Re: A piece of my data
Ditto - I don't think I have joined or logged into any forum or website that wants me to use a social media account to do it.
Kristin Burnham
50%
50%
Kristin Burnham,
User Rank: Author
11/30/2014 | 6:10:36 PM
Re: A piece of my data
@progman2000 it really is, and yet another reason why some sort of oversight is essential.
melgross
100%
0%
melgross,
User Rank: Ninja
10/30/2014 | 11:02:06 AM
The only way
The only way to prevent this is to get our representatives to make this illegal. Will that ever happen? Well, we're seeing some movement in the government towards privacy. We saw this before 9/11, but that killed it. We have to make those officials understand that our votes will overwhelm whatever money they get for their campaigns from these companies.
Number 6
50%
50%
Number 6,
User Rank: Moderator
10/30/2014 | 4:15:39 PM
Re: The only way
Forget about legislation. That won't happen until some Congressperson has a personal experience with their own information being used for questionable purposes. THEN they'll care.

See some of the history at http://radio-scanner-guide.com/RadioScannerGuidePart9C-Cellular.htm and note the Wilder and Gingrich episodes.
MemphisITDude
100%
0%
MemphisITDude,
User Rank: Strategist
10/30/2014 | 11:17:09 AM
Always feel like... somebody's watchin' me...
Interesting article, and brings to mind some followup technical questions:

1. It is mentioned that the "perma-cookie" survives IP and location changes, but what about SIM card changes? There are affordable dual SIM phones available today, would it be possible to do all your browsing on a "burner sim" from a different carrier?

2. There's been a lot of news about the "Blackphone" recently - does it automatically VPN for you? Or would it be useless against this type of tracking?

3. The EFF representative says "We think Verizon needs to stop modifying users' Internet connections..." but it's not a true Internet connection. Back in the late 1990s when I connected (via dial-up) to a local university, I got a true Internet connection with a real Internet IP address. I could run any applications on it and while I was dialed in anyone in the world could establish a connection to my IP address. But what's being provided by Verizon (and your local ISP for that matter...) is limited and filtered to such an extent it probably should be labeled a "Web Browsing" connection.

 

 

 

 

 

 

 
Some Guy
50%
50%
Some Guy,
User Rank: Strategist
10/30/2014 | 1:23:55 PM
When you see a Problem it's also an Opportunity
Seems like a great opportunity to sell VPN to a web proxy that strips the header out for you ... and protects you from cookies and tracking in general.

No need to be sad Mr. & Ms. Cyber-Stalked. Turn that frown upside-down and laugh all the way to the bank!
mak63
50%
50%
mak63,
User Rank: Ninja
10/31/2014 | 1:41:10 AM
Re: When you see a Problem it's also an Opportunity
@Some Guy

Seems like a great opportunity to sell VPN to a web proxy that strips the header out for you ... and protects you from cookies and tracking in general.

It seems like a great idea. Too bad most people won't understand a word you just said.
Some Guy
50%
50%
Some Guy,
User Rank: Strategist
10/31/2014 | 11:38:33 AM
Re: When you see a Problem it's also an Opportunity
Re: "Too bad most people won't understand a word ..."

Clearly you can't mean that for folks participating in this discussion board, can you?

For the general public, point taken, which is why you would market it as Net Privacy. It's also why they will pay one to do it for them.
mak63
50%
50%
mak63,
User Rank: Ninja
11/3/2014 | 2:36:51 PM
Re: When you see a Problem it's also an Opportunity
@Some Guy

Yes, I meant the general public. But the way, Net Privacy sounds like a good name for it.
Li Tan
50%
50%
Li Tan,
User Rank: Ninja
11/3/2014 | 4:23:40 AM
Re: When you see a Problem it's also an Opportunity
This will be a good opportunity to app developers to develope a special app to remove this customized header and you can download it for free.:-)
Kristin Burnham
50%
50%
Kristin Burnham,
User Rank: Author
11/30/2014 | 6:09:38 PM
Re: When you see a Problem it's also an Opportunity
@mak63 -- I think that's why this story is so important. Most Verizon Wireless customers don't know how important this is and why it's so important. 
Commentary
Learning: It's a Give and Take Thing
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  1/24/2020
Slideshows
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Commentary
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll