Following intense criticism from privacy advocates, AT&T Mobility says it no longer use “Super cookies to track its subscribers’ online activities, but Verizon wireless is still adamant on inserting tracking codes on users’ HTTP requests purportedly to “recognize and authenticate” subscribers.
Recently, US national carriers Verizon Wireless and AT&T Mobility have been under intense criticism from privacy advocates for using “super cookies” to track subscribers’ online activities. Now AT&T Mobility, the second largest carrier, says it no longer use the spying codes, but Verizon wireless is still adamant on using the Unique Identifier Header (UIDH) to track its subscriber’s keystrokes.
UIDH also known as “super cookies” is a string of numbers and characters secretly inserted on the users’ HTTP requests making it possible for the service provider to track the subscriber’s activities on the World Wide Web. The UIDH leaves a trail of digital footprints that are easily connected to build the user’s online profile and tailor marketing coupon based on their browsing habits.
“This is more like a license plate for your brain,’’ said Jacob Hoffman-Andrews, a senior staff technologist with the Electronic Frontier Foundation, and an ardent privacy advocate. ‘‘Everything you wonder about, and read, and ask the Internet about gets this header attached to it. And there are ad agencies out there that try to associate that browsing history with anything that identifies you.’’
Verizon’s super cookies, sugarcoated as PrecisionID, are an integral part of its Relevant Mobile Advertising (RMA) program, used to target ads to prospective customers. Verizon insists it uses the Super cookies only to “recognize and authenticate” subscribers of its services and not to spy on their online activities as alleged by media reports.Furthermore, Verizon says RMA is a voluntary program that subscribers can opt out any time.
With the growing concerns of online privacy and web anonymity, it is difficult to draw the line between legitimate ‘identification’ of users as alleged by Verizon and malicious tracking for advertising purposes. To make matters worse, the service providers inserting the tracking codes do not have full control of the code. This implies third parties such as ad companies can get hold of users’ browsing data without the operator’s consent.
Although, the super cookies may not send incriminating information, they broadcast to every site visited and it wouldn’t require a tech genius to connect the dots. “All that is needed is for one site that has your e-mail address or name to match that to the UIDH,” says Ryan Singel, CEO of content-recommendation firm Contextly.
Opting out of the Super cookies or switching to other mobile providers such as Sprint and T-Mobile won’t be an easy walk in the park as described by Verizon. However, there are a few options to avoid the super cookies from your network provider. More importantly users are advised to use HTTPS encryption wherever possible. Secondly, always use a trusted Virtual Private Network (VPN) or switch to anonymous browsing through proxy servers such as Tor (TOR). Security researcher Kenneth White, developed a website where users can check whether their devices are broadcasting UIHD tokens.
Top/Featured Image: By Dknights411 / Wikipedia (https://commons.wikimedia.org/wiki/File:ATTCenter.jpg)