Verizon's Sneaky Zombie Cookies Now Being Used Across The Entire AOL Ad Empire
from the snoopvertising dept
Poor Verizon. Telco executives for years have sat in their board rooms bored by the billions to be made on telecom and transit, jealously eyeing Facebook and Google ad revenue, and desperately dreaming of being seen as more than just a dull old phone company. That's why the telecom giant recently paid $4.4 billion to acquire AOL, and is now throwing tens of millions at a new Internet video service aimed squarely at Millennials (hey kids, why get Internet video right from the source or a disruptive content company when you can get it from the phone company?).And, lucky you, the same kind of greasy principles that have guided the company's legacy telecom networks are being applied to this brave, new, hipper advertising frontier. You'll recall that the company was widely criticized for manipulating user traffic streams to insert "zombie cookies," or unique identifier traffic headers that track user behavior online and can be abused by third parties. Only discovered by researchers two years after being implemented, it only took Verizon another six months of sustained criticism to finally let users opt out of being watched.
With AOL now part of the Verizon family, it's rather unsurprising to learn that Verizon's now extending the use of these stealth trackers across the entirety of the AOL ad empire:
"Verizon said in a little-noticed announcement that it will soon begin sharing the profiles with AOL’s ad network, which in turn monitors users across a large swath of the Internet. That means AOL’s ad network will be able to match millions of Internet users to their real-world details gathered by Verizon, including — “your gender, age range and interests."...AOL will also be able to use data from Verizon’s identifier to track the apps that mobile users open, what sites they visit, and for how long."So not only is Verizon now using its AOL acquisition to expand its plan to modify traffic to watch people, the telco's still opting users in by default and bouncing this traffic around the Internet unencrypted so it can be abused by third parties. Verizon of course insisted this could never happen, right before it did. But whereas you might see this as a dramatic expansion of a horrible precedent, Verizon thinks you shouldn't worry because this is all occurring under the roof of one giant, happy, Verizon family:
"I think in some ways it’s more privacy protective because it’s all within one company,” said Verizon’s Zacharia. “We are going to be sharing segment information with AOL so that customers can receive more personalized advertising."Are you comforted yet? It seems like only a matter of time before freshly-Verizon-owned media properties (The Huffington Post, Engadget, TechCrunch et al) pen furious missives informing us that this Verizon snoopvertisement-dominated Internet is a step in the right direction. It's worth reminding Verizon users that they can opt out of having their traffic modified and tracked via the Verizon privacy portal or by calling 866-211-0874. Of course this should be disabled by default if not outlawed all together, but hey -- at least we're all part of one big, loving Verizon family, right?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: advertising, media, privacy, zombie cookie
Companies: aol, verizon
Reader Comments
Subscribe: RSS
View by: Time | Thread
Rue the day ISPs start blocking VPN usage.
[ link to this | view in chronology ]
"I have altered the deal, pray that I do not alter it further."
[ link to this | view in chronology ]
quote
[ link to this | view in chronology ]
So what's wrong with being tracked all over the net?
[ link to this | view in chronology ]
Re: So what's wrong with being tracked all over the net?
I like the way you think. *rolls eyes*
Tell you what. Why don't you create a blog or news site for us to go that reveals the evils of the tech world and Big Google? Then everyone that wants to can go over there and no body has to argue.
[ link to this | view in chronology ]
Re: Re: So what's wrong with being tracked all over the net?
Yeah, but only if he also turns off commenting in order to protect our 1st Amendment rights. There is no way I can support a website that denies our freedom of speech by allowing us to comment on items that they post!
[ link to this | view in chronology ]
Don't blame others for your choices or innaction
If you're still being tracked by Google, then clearly it's because you don't care enough to stop them from doing so.
[ link to this | view in chronology ]
Advertising is now something bestowed upon us.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
https everywhere!
[ link to this | view in chronology ]
Re: https everywhere!
They don't need to inject anything. They own the infrastructure. They can GRE tunnel the traffic to the endpoint and put the data into a header, so the GRE tunnel end-point/receiver can grab the information and display ads based on that information, while still allowing SSL traffic to flow without an issue. May require a little extra work, but may be worth the effort to keep the money rolling in. Of course, why even do that, since they already have a database showing your entry point, so they can just set up AOL's ad network to query the database and pull your information directly, maybe caching all the users coming from a particular IP address and some sort of mechanism in-between to make sure that each user is identified.
Should be pretty easy if they already own the end-point...
The trick is adding that capability to non-Verizon users.
[ link to this | view in chronology ]
Re: Re: https everywhere!
I'm sorry but I think you are wrong about what GRE is capable of doing (how much do you really know about GRE ?). GRE header is either 24 or 28 bytes. Those bytes store protocol information. 16 bytes out of those store next protocol details, then is version and checksum. There are 28 bits of reserved data but 22 of them must be zero according to RFC-2784. And 6 bits is way too little to store anything there. So unless Arista, Juniper and Cisco have custom builds of EOS, JunOS and IOS for Verizon only (with in-house developed mGRE protocol), that won't change. And that's not even considering GRE tunnel establishing times, keepalives, etc. So I can't really imagine how GRE would be used for what you are suggesting.
You say Verizon can "grab information" out of an SSL connection - what "information" are you referring to ? Source and destination IPs ? Those details are always available, you do not need GRE for that. Let's not forget that the source IPv4 is almost certainly a NAT-ed one ...
Anyway, if you think that any kind of useful information can be extracted out, or injected into an existing SSL connection, then everyone who uses credit cards over the Internet is in big trouble.
[ link to this | view in chronology ]
Re: Re: Re: https everywhere!
Never said that, nor did I imply it. Wow. You gotta love bashing down strawmen, you seem to be really good at it.
As for GRE tunnels, if you own the backbone, you can create tunnels and add whatever headers you want to the transmission. But you don't even need to do that...you can just send the information out-of-band.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
(a) not surprising and (b) meanwhile, back at AOL
(b) AOL is still allegedly an ISP, however in their rush to become...well, whatever it is that they think they want to be when they grow up...they've completely neglected the fundamentals of network operations. Their email service is now on the dismal level at Yahoo's -- that is, it's apparently run by illiterate, ignorant, incompetent, worthless morons who have never read an RFC and who have no interest and/or ability in making it work with the entire rest of the Internet.
[ link to this | view in chronology ]
Explains the locked-down phones.
And, of course, you can't unload all of the modules and such to eliminate the root cause(s) either. All the more reason to stick with Developer Models where possible.
--#
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Kick in the but I needed
[ link to this | view in chronology ]
'hum' this, Verizon!
OMG.
[ link to this | view in chronology ]
[ link to this | view in chronology ]