Verizon's Sneaky Zombie Cookies Now Being Used Across The Entire AOL Ad Empire

from the snoopvertising dept

Poor Verizon. Telco executives for years have sat in their board rooms bored by the billions to be made on telecom and transit, jealously eyeing Facebook and Google ad revenue, and desperately dreaming of being seen as more than just a dull old phone company. That's why the telecom giant recently paid $4.4 billion to acquire AOL, and is now throwing tens of millions at a new Internet video service aimed squarely at Millennials (hey kids, why get Internet video right from the source or a disruptive content company when you can get it from the phone company?).

And, lucky you, the same kind of greasy principles that have guided the company's legacy telecom networks are being applied to this brave, new, hipper advertising frontier. You'll recall that the company was widely criticized for manipulating user traffic streams to insert "zombie cookies," or unique identifier traffic headers that track user behavior online and can be abused by third parties. Only discovered by researchers two years after being implemented, it only took Verizon another six months of sustained criticism to finally let users opt out of being watched.

With AOL now part of the Verizon family, it's rather unsurprising to learn that Verizon's now extending the use of these stealth trackers across the entirety of the AOL ad empire:
"Verizon said in a little-noticed announcement that it will soon begin sharing the profiles with AOL’s ad network, which in turn monitors users across a large swath of the Internet. That means AOL’s ad network will be able to match millions of Internet users to their real-world details gathered by Verizon, including — “your gender, age range and interests."...AOL will also be able to use data from Verizon’s identifier to track the apps that mobile users open, what sites they visit, and for how long."
So not only is Verizon now using its AOL acquisition to expand its plan to modify traffic to watch people, the telco's still opting users in by default and bouncing this traffic around the Internet unencrypted so it can be abused by third parties. Verizon of course insisted this could never happen, right before it did. But whereas you might see this as a dramatic expansion of a horrible precedent, Verizon thinks you shouldn't worry because this is all occurring under the roof of one giant, happy, Verizon family:
"I think in some ways it’s more privacy protective because it’s all within one company,” said Verizon’s Zacharia. “We are going to be sharing segment information with AOL so that customers can receive more personalized advertising."
Are you comforted yet? It seems like only a matter of time before freshly-Verizon-owned media properties (The Huffington Post, Engadget, TechCrunch et al) pen furious missives informing us that this Verizon snoopvertisement-dominated Internet is a step in the right direction. It's worth reminding Verizon users that they can opt out of having their traffic modified and tracked via the Verizon privacy portal or by calling 866-211-0874. Of course this should be disabled by default if not outlawed all together, but hey -- at least we're all part of one big, loving Verizon family, right?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: advertising, media, privacy, zombie cookie
Companies: aol, verizon


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Violynne (profile), 6 Oct 2015 @ 11:49am

    Just another reason why my web usage has dropped significantly in the past few years.

    Rue the day ISPs start blocking VPN usage.

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 6 Oct 2015 @ 12:17pm

    In the words of a classic villain...

    "I have altered the deal, pray that I do not alter it further."

    link to this | view in thread ]

  3. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 6 Oct 2015 @ 12:20pm

    So what's wrong with being tracked all over the net?

    It's Google's "business model"! ... OH, forgot: here at Techdirt, tracking is only bad when non-Google.

    link to this | view in thread ]

  4. identicon
    Anomynuos Crowad, 6 Oct 2015 @ 12:26pm

    so that customers can receive more personalized advertising


    Advertising is now something bestowed upon us.

    link to this | view in thread ]

  5. identicon
    David, 6 Oct 2015 @ 12:58pm

    https everywhere!

    They can't inject cookies in that, at least not yet.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 6 Oct 2015 @ 1:35pm

    Re: So what's wrong with being tracked all over the net?

    So, instead of talking about some tracking cookies, they should avoid being hypocritical and not talk about them at all?
    I like the way you think. *rolls eyes*

    Tell you what. Why don't you create a blog or news site for us to go that reveals the evils of the tech world and Big Google? Then everyone that wants to can go over there and no body has to argue.

    link to this | view in thread ]

  7. identicon
    Nota, 6 Oct 2015 @ 1:37pm

    Oh lovely. More of Verizon's unblockable tracking. Good part of the reason I don't use their service. At least with Google I can block the various tracking domains and use non-Google search engines.

    link to this | view in thread ]

  8. identicon
    mcinsand, 6 Oct 2015 @ 1:54pm

    quote

    Was that from Brian Roberts?

    link to this | view in thread ]

  9. identicon
    any moose cow word, 6 Oct 2015 @ 1:59pm

    Re:

    It's more thrust upon us, like an alien anal probe. But hey, it's now customized to fit you. So, it's somehow less painful and intrusive, right?

    link to this | view in thread ]

  10. identicon
    any moose cow word, 6 Oct 2015 @ 2:05pm

    What if the user is on a MVNO that resells Verizon services? Does Verizon tag these phones too, or just there own customers?

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 6 Oct 2015 @ 2:09pm

    (a) not surprising and (b) meanwhile, back at AOL

    (a) If you do a little research, you'll find that AOL's advertising arm got its start by engaging in prolific spamming with a side order of spyware. Yes, really. So expecting the slimy filth with that background to suddenly evolve principles and ethics is really dramatically overestimating their integrity and underestimating their greed.

    (b) AOL is still allegedly an ISP, however in their rush to become...well, whatever it is that they think they want to be when they grow up...they've completely neglected the fundamentals of network operations. Their email service is now on the dismal level at Yahoo's -- that is, it's apparently run by illiterate, ignorant, incompetent, worthless morons who have never read an RFC and who have no interest and/or ability in making it work with the entire rest of the Internet.

    link to this | view in thread ]

  12. icon
    Christopher (profile), 6 Oct 2015 @ 2:51pm

    Explains the locked-down phones.

    If you own a locked-down VZW phone -- and by locked down I mean no root access possible via encrypted bootloader -- there's nothing you can do to avoid it. The APN configuration that's made possible by Android is removed by VZW... so you can't route your mobile traffic to an on-system proxy to protect yourself.

    And, of course, you can't unload all of the modules and such to eliminate the root cause(s) either. All the more reason to stick with Developer Models where possible.

    --#

    link to this | view in thread ]

  13. icon
    ltlw0lf (profile), 6 Oct 2015 @ 3:22pm

    Re: Re: So what's wrong with being tracked all over the net?

    Tell you what. Why don't you create a blog or news site for us to go that reveals the evils of the tech world and Big Google? Then everyone that wants to can go over there and no body has to argue.

    Yeah, but only if he also turns off commenting in order to protect our 1st Amendment rights. There is no way I can support a website that denies our freedom of speech by allowing us to comment on items that they post!

    link to this | view in thread ]

  14. icon
    ltlw0lf (profile), 6 Oct 2015 @ 3:30pm

    Re: https everywhere!

    They can't inject cookies in that, at least not yet.

    They don't need to inject anything. They own the infrastructure. They can GRE tunnel the traffic to the endpoint and put the data into a header, so the GRE tunnel end-point/receiver can grab the information and display ads based on that information, while still allowing SSL traffic to flow without an issue. May require a little extra work, but may be worth the effort to keep the money rolling in. Of course, why even do that, since they already have a database showing your entry point, so they can just set up AOL's ad network to query the database and pull your information directly, maybe caching all the users coming from a particular IP address and some sort of mechanism in-between to make sure that each user is identified.

    Should be pretty easy if they already own the end-point...

    The trick is adding that capability to non-Verizon users.

    link to this | view in thread ]

  15. identicon
    Tommy T., 6 Oct 2015 @ 7:20pm

    Re: Re: https everywhere!

    @ltlw0lf:

    I'm sorry but I think you are wrong about what GRE is capable of doing (how much do you really know about GRE ?). GRE header is either 24 or 28 bytes. Those bytes store protocol information. 16 bytes out of those store next protocol details, then is version and checksum. There are 28 bits of reserved data but 22 of them must be zero according to RFC-2784. And 6 bits is way too little to store anything there. So unless Arista, Juniper and Cisco have custom builds of EOS, JunOS and IOS for Verizon only (with in-house developed mGRE protocol), that won't change. And that's not even considering GRE tunnel establishing times, keepalives, etc. So I can't really imagine how GRE would be used for what you are suggesting.

    You say Verizon can "grab information" out of an SSL connection - what "information" are you referring to ? Source and destination IPs ? Those details are always available, you do not need GRE for that. Let's not forget that the source IPv4 is almost certainly a NAT-ed one ...

    Anyway, if you think that any kind of useful information can be extracted out, or injected into an existing SSL connection, then everyone who uses credit cards over the Internet is in big trouble.

    link to this | view in thread ]

  16. icon
    That One Guy (profile), 6 Oct 2015 @ 8:34pm

    Don't blame others for your choices or innaction

    Adblock, Ghostery, NoScript, and any number of others.

    If you're still being tracked by Google, then clearly it's because you don't care enough to stop them from doing so.

    link to this | view in thread ]

  17. icon
    Ninja (profile), 7 Oct 2015 @ 7:10am

    Question: considering other isps may be doing it but haven't been caught yet, how can you counter such cookies?

    link to this | view in thread ]

  18. icon
    Ninja (profile), 7 Oct 2015 @ 7:13am

    Re:

    Other than https as suggested above (since we still need to surf unencrypted sites).

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 7 Oct 2015 @ 9:04am

    AOL has been creating and distributing malware for YEARS then assigning 'blame' on Russia and China whilst pocketing the proceeds. This is just the vicious bank robber commiting a minor parking offence.

    link to this | view in thread ]

  20. identicon
    Ashamed, 7 Oct 2015 @ 11:47am

    Kick in the but I needed

    I am not proud to admit it, but still have an active AOL email account. It should die already.

    link to this | view in thread ]

  21. icon
    ltlw0lf (profile), 7 Oct 2015 @ 12:55pm

    Re: Re: Re: https everywhere!

    You say Verizon can "grab information" out of an SSL connection

    Never said that, nor did I imply it. Wow. You gotta love bashing down strawmen, you seem to be really good at it.

    As for GRE tunnels, if you own the backbone, you can create tunnels and add whatever headers you want to the transmission. But you don't even need to do that...you can just send the information out-of-band.

    link to this | view in thread ]

  22. identicon
    RabidWolf, 7 Oct 2015 @ 12:56pm

    'hum' this, Verizon!

    I today received via SnailMail© a PR mailing about 'hum', Verizon's new AAA wannabe, at 'only' $14.99/month. Hook up some equipment 'included at no extra cost' for roadside assistance, and life will be wonderful!! $180/year (twice a single-user AAA membership) for Verizon to scam and scan you to your grave!!

    OMG.

    link to this | view in thread ]

  23. identicon
    phils, 7 Oct 2015 @ 1:15pm

    What! Is AOL still around?

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.