This time by a major cellular telephone company: Verizon.
…it has emerged that Verizon Wireless has been silently tracking around 100 million mobile customers using a supercookie that can’t be opted out of.
This is an especially nefarious invasion: the “cookie” lets Verizon track your movements on the Web—every page. And they then peddle that information to any advertiser willing to pay up.
Indeed, “supercookie” is a bit of a misnomer. Cookies store stuff on your computer that Web sites that you visit use when you revisit them. Often, it’s useful and beneficial information: how you like that Web site presented, for instance, or login information (beneficial only if it’s a convenience to read an article, and not giving access to your financial or other personal information to that site), and so on.
This thing, instead, enters the stream of information being exchanged between your browser and the Web site and
injects a new HTTP header every time you visit a website. Not just Verizon websites—any web resource that is accessed via Verizon’s network (i.e. everything). This header, called X-UIDH, contains a unique identifier that’s tied to your Verizon account. Your web browser (or any other app on your phone that uses HTTP) always receives this header with your unique ID—there’s nothing you can do to stop it.
Three things make this even worse than it sounds.
- they didn’t tell you about it
- you can’t block it or even opt out
- not only Verizon can use the resulting information—any third party can access it
Verizon says it’s only on their cellular network, only using your Web accesses via your cell phone. So far.
It’s unconscionable that a major company would pull such a stunt; although it’s sadly common. It’s unlikely that Verizon will stop this invasion. It’s necessary, then, to get onto your newly elected and minted Congressman and…encourage…him or her to look into this and to legislate to protect our privacy.