Verizon Wireless Embroiled In Tracking Controversy - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Business
News
10/29/2014
12:25 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Verizon Wireless Embroiled In Tracking Controversy

Verizon Wireless is in hot water with security and privacy advocates regarding unique identifier headers that function as what one EFF expert calls "perma-cookies."

Verizon Wireless is tracking more than just your bandwidth usage these days -- it's also spent the last two years collecting data on your mobile web searches, the apps you use, and the websites you visit, according to security researchers.

Many websites monitor users' web activity: Facebook recently announced plans to track users' actions between devices and share with advertisers when an ad or promotion leads to a purchase. Google uses cookies similarly to track users across the web, too.

But Verizon Wireless's method, which it calls a Unique Identifier Header (UIDH), can't be deleted, unlike a cookie, and travels across the web with users, even if customers opt out. Security and privacy experts say this new form of tracking has potentially dire consequences for users' online privacy.

"Customers are used to the idea of cookies on the web and understand the various protections you can apply like clearing cookies, private browsing, and Do Not Track," said Jacob Hofmann-Andrews, staff technologist at the Electronic Frontier Foundation, who noticed the UIDH last week. "But this new identifier doesn't work like any of that -- this allows advertisers to create a persistent profile tied to your real-world identity that is impossible to get rid of."

Understanding the UIDH
The UIDH is a string of characters that the company inserts into data that flows between customers and the websites they visit, Hofmann-Andrews said. He likened the UIDH to a "perma-cookie," which any web server you visit can read and use to build a profile of your activity -- without your consent.

(Image: Jonathan Mayer, Webpolicy.org)
(Image: Jonathan Mayer, Webpolicy.org)

Verizon Wireless's UIDH reportedly has tracked users since 2012, but was discovered only recently because it's so hard to observe, Hofmann-Andrews said in an interview.

"Because the header is injected in the network layer after the request leaves the device, there's no way with the device itself to tell what's going on," he said. "In order to notice this, you have to operate the device and the server you're talking to, and in addition to that, the server has to be configured to log all headers, which is a rare configuration."

All Verizon Wireless customers were automatically opted into sending the header based on the company's terms of use policy, Hofmann-Andrews said.

[Popular social apps may track your every move. Read Location Tracking: 6 Social App Settings To Check.]

The UIDH is part of Verizon's Relevant Mobile Advertising program, which shows customers ads on websites and apps based on information such as your address, demographic information, and interest categories. They pair this data with the UIDH, which the company says "may allow an advertiser to use information they have about your visits to online websites to deliver messages to mobile devices on our network."

In a statement to InformationWeek, Verizon Wireless said that it changes the UIDH on a regular basis to prevent third parties from building profiles against it, though it did not disclose the timeframe. Details in its Relevant Mobile Advertising FAQ imply that users are given one ID, at signup: "In addition, we will use an anonymous, unique identifier we create when you register on our websites," it says.

Security researcher Kenneth White set up a website that checks whether Verizon -- or other wireless carriers -- have attached a UIDH to your

Kristin Burnham currently serves as InformationWeek.com's Senior Editor, covering social media, social business, IT leadership and IT careers. Prior to joining InformationWeek in July 2013, she served in a number of roles at CIO magazine and CIO.com, most recently as senior ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
melgross
50%
50%
melgross,
User Rank: Ninja
10/30/2014 | 11:15:23 AM
Re: A piece of my data
It doesn't matter whether you "blindly" agree to this or not. Not only does AT&T do this as well, but I'd be willing to bet that the others do too, or are thinking about doing it. If that's the case, then there's no escaping it. I'm also now seeing that a number of sites that allow you to sign in using social site accounts are demanding more information from us. They now want to be able to access all of our " friends" followers, etc. I'm not bothering to comment on those sites.
melgross
100%
0%
melgross,
User Rank: Ninja
10/30/2014 | 11:02:06 AM
The only way
The only way to prevent this is to get our representatives to make this illegal. Will that ever happen? Well, we're seeing some movement in the government towards privacy. We saw this before 9/11, but that killed it. We have to make those officials understand that our votes will overwhelm whatever money they get for their campaigns from these companies.
progman2000
50%
50%
progman2000,
User Rank: Ninja
10/29/2014 | 2:08:20 PM
Re: A piece of my data
Scary what you open yourself up to by blindly agreeing to their TOS.
zaious
50%
50%
zaious,
User Rank: Ninja
10/29/2014 | 1:07:20 PM
A piece of my data
It appears that everyone is after the user data and habits. These days we cannot do almost anythign without getting tracked fro business benefits. The question is do we know when our data is getting tracked and sold to third parties? And, what can we do if we do not want to get tracked this way? The options are limited, we need to agree to 'Terms and Conditions'.
impactnow
100%
0%
impactnow,
User Rank: Author
10/29/2014 | 12:59:40 PM
Data collectiona and usage legislation

I agree that most consumers would not have known about this and most will never know unless they are informed. This really exemplifies the need for legislation to catch up with technology to protect our privacy.

<<   <   Page 2 / 2
Slideshows
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Commentary
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
News
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll