AT&T Quietly Backs Away From Its Use of Sneaky Super Cookies
from the you're-the-product----and-the-guinea-pig dept
As we noted a few weeks ago, Verizon and AT&T recently began utilizing a controversial new snoopvertising method that involves meddling with user traffic to insert a unique identifier traffic header, or X-UIDH. This header is then read by marketing partners to track your behavior around the Internet, which Verizon and AT&T then hope to sell to marketers and other third parties. In addition to the fact they're modifying user traffic, these headers can also be read by third parties -- even if customers opt out from carrier-specific programs.After the practice received heat from security experts and groups like the EFF, AT&T has since announced they're backing away from the practice. AT&T insists that unlike Verizon (who has been using this technology commercially for two years with clients like Twitter), AT&T's implementation was only a trial. That trial is now complete, insists AT&T, and while they may return to the practice -- AT&T promises it will be somehow modified so user information isn't broadcast and opting out actually works:
"AT&T says it has stopped its controversial practice of adding a hidden, undeletable tracking number to its mobile customers' Internet activity. "It has been phased off our network," said Emily J. Edmonds, an AT&T spokeswoman....AT&T said it used the tracking numbers as part of a test, which it has now completed. Edmonds said AT&T may still launch a program to sell data collected by its tracking number, but that if and when it does, "customers will be able to opt out of the ad program and not have the numeric code inserted on their device."The EFF confirms that the appearance of the header has indeed declined on AT&T's network. But while AT&T appears to have smelled the looming lawsuit on the wind, Verizon so far has stood tough on their use of the technology. Verizon says that the company's program continues but as with any program, Verizon is "constantly evaluating." Years ago when Verizon was fighting tougher privacy rules, the company proclaimed that "public shame" would keep them honest.
This particular privacy abuse took two years for savvy network engineers and security consultants to even spot, and so far there's no indication that two weeks of public scolding have done anything to thwart Verizon's ambitions. Cue the class actions and regulatory wrist slaps.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: permacookies, privacy, super cookies, tracking
Companies: at&t, verizon
Reader Comments
Subscribe: RSS
View by: Time | Thread
I have an idea. How about these companies use an opt in policy instead, wouldn't that solve a ton of problems.
[ link to this | view in chronology ]
Hahahahaha - yeah, right. They have no shame.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Such idiots. It is so far from even basic standards of security that using it with immediately identifying data such as a phone number should be punishable by law...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Or just make it opt-in. You'd be surprised how many people will say no to being tracked, even if their data is 'anonymised'. Oh, wait...
[ link to this | view in chronology ]
They still want this
There doesn't seem to have been much progress since then thankfully, although I haven't checked the HTTP2 working group to see if their "open proxy" proposal has been put forward there.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Cant wait till they start selling privacy as a comodity instead of a right, no money, no budget, oh well, bodes well for the rich
[ link to this | view in chronology ]
Better than Verizon
Means that Verizon does not, in fact, offer its customers an opportunity to opt out. That means that on this point, for the time being, Verizon is the greater evil.
[ link to this | view in chronology ]
Re: Better than Verizon
"Sure, you've got an on/off switch right there. You use it to indicate your wishes as to whether the light should be on or off."
[ link to this | view in chronology ]
[ link to this | view in chronology ]