Tag Archives: UIDH

Verizon Customers Can Now Opt Out Of Supercookies

I have written before about Verizon (and AT&T) supercookies (see here and here, among others).

Briefly, supercookies are tracking devices that Verizon adds to your web traffic from your phone after the traffic leaves your phone but before it reaches the intended web site.

Verizon uses this traffic to figure out what sites you visit and paint a complete picture of you (you visit REI and Starbucks and Bank Of America) to sell to advertisers.  Advertisers themselves figured out that they could use this data if they have multiple brands to track customers and see what kind of cross marketing they could do.  In addition, since you log in to one of these sites, they now know your name (and everything else about you) on all of these sites.  Advertisers were particularly interested in this because pesky consumers sometimes have the nerve to delete tracking cookies or block them completely.  Even privacy enhanced browsers fail at protecting you from these supercookies.

When AT&T got caught doing this, they immediately said “my bad”, made up some excuse that they were testing this and stopped doing it.

Verizon, on the other hand, said advertisers would never use the data that way and we never sell your data – just your usage patterns – and generally resisted the fact that they got caught with their hand in the cookie jar.

In addition, several senators have asked the FCC to investigate.

Well finally, they have come up with a mechanism for you to opt out of this tracking.  What is not clear is whether they stop adding a UIDH tracking header to your traffic or merely stop selling your data.  In either case, you can at least opt out to some degree.

To opt out, you can go to the privacy options on your personal Verizon web page (here) or call their customer service at 866-211-0874.

Verizon Has A New Friend – The U.S. Senate

Well, maybe not a friend that you want to have, but they will likely get to visit the nation’s Capitol.

Verizon has gotten way more press than it would like by inserting super-cookies into it’s customers web traffic to allow folks like the marketing giant Turn to build dossiers on Verizon customers and then sell that information to advertisers in a thousandth of a second to the highest bidder.

Senators Bill Nelson of Florida, Richard Blumenthal of Connecticut and Edward Markey of Massachusetts have asked the FTC to investigate whether Verizon’s use of super cookies violate FTC privacy rules.  These senators wrote Verizon a short note last week asking them a few questions, which Verizon said it would respond to.

The Senators want to know if legislation is required (I assume to regulate or outlaw this activity).

Advertisers are probably really, really mad at Verizon right now.

If Verizon had just done what AT&T did last year when they got caught doing this, the ad industry would not be getting all this unwanted attention.

When AT&T got caught doing this last year, they said it was just an experiment (yeah, right!), my bad, and we will stop doing this now.

Verizon, on the other hand said that no one would ever user our super cookies to track what users were doing.  Even though Turn, who was doing that exact thing, was a vendor to Verzion (must have been a different department).

Turn said that just because people were deleting their cookies didn’t mean that they did not want to be tracked.

If Verizon has just been a little smarter and taken the AT&T route and said sorry, this would all have gone away.

And six months later they could have re-contextualized the program and started it back up.

From my point of view, I am glad they were not being very smart.


Verizon To Allow Opt Out Of Super-Cookie “Soon”

According to USA Today and the NY Times, Verizon has announced that it will allow users to opt out of their super-cookie program “soon”.

You may remember that both Verizon and AT&T were caught adding a unique tracking identifier into all web page requests last year as customers were  using programs such as ad blocker and ghostery to attempt to retain some semblance of privacy as they surfed the web.

Verizon’s super-cookie, dubbed a Unique Identifier Header (UIDH), was added to the web page request after the request left your phone or tablet, hence all the traditional methods for deleting them were ineffective.  Their advertising partner Turn was caught building user profiles of sites visited after Verizon publicly stately surely no one would do that.  Turn said that the fact that people were deleting their cookies did not mean that they did not want to be tracked.

AT&T announced in November that they were ending what they called in their press release an experiment in the use of super-cookies.

Turn announced last week that they would end their use of compiling profiles that way in February – but I assume they will not end the practice of creating user profiles.

Finally, as the story would not go away, Verizon announced that they are “listening to their customers” and would allow their customers to opt-out of the UIDH real soon now.  The only conclusion I can draw from this is that the UIDH does not serve any legitimate purpose other than tracking you and that they are counting on users to be too lazy to opt out.  I will report again when the option is actually available.


Turn To Stop Using Verizion Zombie Cookie To Track Users

PC World and others are reporting that Turn, the advertising group that I wrote about a few days ago, will stop using Verizon’s unique identifier to target advertising to Verizon customers in early February.

The practice, which is completely legal, lets Turn track every web page a Verizon customer visits, even if they delete their tracking cookies.  The only solution is to run all of your traffic over a VPN, which encrypts your traffic until it leaves the Verizon network.

Turn insists that users who delete their tracking cookies should not expect not to be tracked – they should instead use opt out methods endorsed by the advertisers.  Of course those only work for “participating” companies and doesn’t stop them from collecting and selling your data – they only agree to stop targeting ads to you.

In the end, the power of a bright spotlight is effective in keeping at least one small piece of your privacy.