Verizon Finally Buckles, Will Allow A Total Opt Out From Sneaky Super Cookies
from the that-only-took-two-years-and-four-months dept
It took a while, but Verizon appears to finally have gotten the message that consumers don't like companies fiddling with their traffic and ignoring all of their privacy preferences (weird, right?). The wireless carrier has taken heat for several months now for its practicing of embedding all wireless user traffic with a unique identifier traffic header (or UIDH). That header was intended to help Verizon track user online behavior via its own programs, but because it's transmitted for everyone to see, the potential for abuse was high and -- despite Verizon's claims to the contrary -- it pretty quickly wound up being abused.One of the biggest problems with the program (aside from modifying user traffic to begin with) was that if a user opted out of Verizon's program, they were only able to opt out of personalized ad delivery -- not the embedding of the UIDH. After months of staying largely mute on the subject, Verizon has issued a statement saying that its opt-out service will actually work -- sometime "soon":
"Verizon takes customer privacy seriously and it is a central consideration as we develop new products and services. As the mobile advertising ecosystem evolves, and our advertising business grows, delivering solutions with best-in-class privacy protections remains our focus. We listen to our customers and provide them the ability to opt out of our advertising programs. We have begun working to expand the opt-out to include the identifier referred to as the UIDH, and expect that to be available soon. As a reminder, Verizon never shares customer information with third parties as part of our advertising programs."Again, you're not "taking customer privacy seriously" when you develop and use a system that not only makes all of their privacy choices completely irrelevant, but broadcasts their online behavior for any unethical nitwit to abuse. That would, by fairly strict definition, be not taking consumer privacy seriously.
While not engaging in this practice at all (or requiring that users opt in) would be a preferred solution, functional opt out would at least be an improvement, though it still raises questions about what kind of privacy protections need to be in place to prevent us from playing Whac-a-Mole with an endless parade of bad ideas just like this one. Back in 2008, Verizon stated that the wireless industry didn't really need consumer privacy protections because public shame would keep them honest; though it's worth repeating that this program was in play for two years before security researchers even noticed it. It stumbled forth another four months before Verizon finally stated it would do something about it -- eventually.
Verizon's decision came a day after the company received a letter from the Committee on Commerce, Science and Transportation asking for more details on the program. So while the company's hoping to avoid tougher consumer protections (like oh, any location data privacy protections whatsoever or Title II), it's once again proving quite clearly why we actually need someone guarding the privacy henhouse with notably sharper teeth.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: opt-out, privacy, super cookies, uidh, zombie cookies
Companies: turn, verizon
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Sure you can opt out...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
To top it all off. Verizon makes this backstabbery opt out, instead of it being opt in. So I'm getting backstabbed by default, and I'm paying money for this privilege.
For a company that claims to take customer privacy very seriously. I feel like we had to twist Verizon's arm to the point where we almost broke it, before Verizon allowed customers the privilege to opt out of having their privacy violated.
This is one more reason why words coming from mega corporates have absolutely no meaning or value to me. Every time I see their lips move, I automatically assume I'm being lied to.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Translation
"Verizon wants you to construe this remark about privacy to mean that we care about privacy, and privacy is considered in a small but unprovable way as we develop new products and services for which the primary concern is how much revenue they generate. As we figure out how to wring more and more advertising revenue out of sneakily providing your eyeballs to third parties, we'll talk about protecting your privacy maybe about as well as, but not more than any other mobile service provider. We listen when our customers complain enough that our shenanigans end up in the media, and we trot out a hypothetical and teeny tiny band-aid that we can point to so we can say we're responding to them without lying but without actually making any real changes. Oh, we haven't actually done anything. That band-aid is a promise we won't be obligated to keep and we hope that when we don't keep it no one will be paying attention anymore. As a reminder, Verizon never shares customer information with third parties as part of our advertising programs, because they can figure that part out by themselves."
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Just like Do Not Track header....
Verizon was pushing the Opt-Out only means opting out of targeted advertising, the marketers were pushing the view that Do Not Track didn't _actually_ mean _do_not_track_, it _really_ meant just don't serve targeted ads.
Until the FCC, or some other government agency starts punishing companies for these shenanigans, it's just going to keep on happening.
Of course, we shouldn't be too quick to claim victory, as I still haven't seen just _HOW_ people will be able to opt-out, and if it will _actually_ work the way normal people expect it to.
(p.s. For those of you who would suggest that _market_forces_ will keep companies honest, you are either disingenuous or you haven't been paying attention. Most users don't have a choice, or if there is one, all of the other choices are doing the same thing. A profitable race to the bottom that only regulation [good consumer protecting regulation] can address. )
[ link to this | view in chronology ]
I hardly call that "buckling"
[ link to this | view in chronology ]
It relates perfectly to our discussions on encryption and "golden keys". Government wants a backdoor to an encryption scheme? That's a backdoor for everyone else, too - and they'll find it and use it. It might be some advertiser trying to track you to make a buck. It might be an organized crime doing identity theft. It might be a hostile government's intelligence service.
[ link to this | view in chronology ]
Addendum
[ link to this | view in chronology ]
Is this Newspeak or something?
Huh. I thought they were an ISP/Telco, or at least something like that. Why are all you Verizon users signing up to an advertising business? That's just wierd.
[ link to this | view in chronology ]