If you are not yet on NSA watch list, you probably won’t miss on Verizon’s list. A report by AdAge revealed Verizon wireless has been secretly inserting a string of characters and numbers known as Unique Identifier Header (UIDH) into users HTTP requests, allegedly to identify and track users’ browsing habits.
The clandestine activity which has been ongoing for the last two years, enables Verizon to identify specific devices on the web. That implies the company is able to build a users’ profile and target ads based on the user’s browsing habits or other factors such as device types, language preferences, gender, age, or hobby.
The Unique Identifier Header (UIDH) know to Verizon as the PrecisionID, is “a cookie alternative for a marketing space vexed by the absence of cookies” says AdAge. It is an integral component of Verizon’s Relevant Mobile Advertising (RMA) program used to target add to prospective customers.
As expected, Verizon denied using the UIDH to track users’ activities on the World Wide Web. “Verizon Wireless does not use the UIDH to track where customers go on the web. If a customer has not opted out of Relevant Mobile Advertising (“RMA”), Verizon’s ad serving partners will receive demographic and third-party interest based segments related to the UIDH to enable the service of relevant ads to the mobile device associated with the UIDH,” said Verizon in a statement to Business Insider.
According to Verizon, the UIHD or PrecisionID is used to “recognize and authenticate” subscribers of Verizon services, in addition to enhancing the functionality and security of the RMA services. “It is an improvement over alternative authentication methodologies that may be spoofed or require multiple steps and user entries. From a customer experience perspective, the use of the UIDH can eliminate the need for re-entering authentication information which improves the experience and shortens the transaction flow.” Stated Verizon.
Although Verizon says customers could disable the UIDH by opting out of the RMA programs, Security experts believe there is no way out. Verizon will always insert UIDH any time you use its cellular network or other services.
The worrying part is that the UIDH can be used by other Ad networks without Verizon’s or the user’s consent. According Jacob Hoffman-Andrews, a technologist at the Electronic Frontier Foundation (EFF), the UIDH broadcasts to every site you visit, leaving a trail that can be connected easily by other advertising networks. ”All that is needed is for one site that has your e-mail address or name to match that to the UIDH,” says Ryan Singel, CEO of content-recommendation firm Contextly.
Meanwhile, there a few options to avoid Verizon’s UIHD. The users can either use HTTPS encryption wherever possible, use a trusted Virtual Private Network (VPN) or opt for anonymous browsing through proxy servers such as Tor. Users can check whether their devices are broadcasting UIHD tokens through a website set up security researcher Kenneth White.
Top/Featured Image: Verizon FiOS / Wikipedia (https://commons.wikimedia.org/wiki/File:Verizon_FiOS_Logo.jpg)