[Home] [Headlines] [Latest Articles] [Latest Comments] [Post] [Mail] [Sign-in] [Setup] [Help] [Register]
Status: Not Logged In; Sign In
Computers-Hacking Title: Super-cookie crumbles: Verizon vows to kill off hated zombie stalkers Verizon has backed down over its fingerprinting of subscribers using so-called immortal "super cookies." In 2012, the US mobile telco started injecting unique identifying headers (UIDHs) into every HTTP request users made to websites via the Verizon network. This allowed sneaky ad agencies to recognize people as they moved from site to site, and display ads supposedly tailored to individuals' interests. Deleting all your cookies from your web browser, or using something like Chrome's incognito mode, will not kill off the header – because it is inserted automatically by the carrier. Customers could "opt out" of the system, but the The per-subscriber headers caused a stink among privacy warriors, due to the blanket nature of the injection and that it was impossible to remove it. Campaigners at the EFF objected to the mandatory nature of the headers. AT&T was testing a similar system, and dropped that when it was exposed. Now Verizon has said that this time "opt-out" really means opt-out: it's going to stop injecting UIDHs into subscribers' web traffic if they switch off the system in their account settings. Previously, if you opted out, stats about where you've been online were withheld from advertisers, but as we've seen with Turn, that didn't stop determined networks. "Verizon takes customer privacy seriously and it is a central consideration as we develop new products and services. As the mobile advertising ecosystem evolves, and our advertising business grows, delivering solutions with best-in-class privacy protections remains our focus," the company told El Reg in a statement on Friday. "We listen to our customers and provide them the ability to opt out of our advertising programs. We have begun working to expand the opt-out to include the identifier referred to as the UIDH, and expect that to be available soon. As a reminder, Verizon never shares customer information with third parties as part of our advertising programs." Post Comment Private Reply Ignore Thread Top • Page Up • Full Thread • Page Down • Bottom/Latest "We listen to our customers and provide them the ability to opt out of our advertising programs. We have begun working to expand the opt-out to include the identifier referred to as the UIDH, and expect that to be available soon. As a reminder, Verizon never shares customer information with third parties as part of our advertising programs." Bald-faced lies. This is the same kind of header info as the reflected-xss header I described to you. These headers are just simple text commands sent by the server to the browser just before the actual web page (the HTML,/HTML part) gets sent to it. And Verizon, known scumbags that they are, got away with this for years. I recall when they pulled their data "bug" trick. For Galaxy S3 phones on Verizon, they included a "bug" not present in the original Samsung product, i.e. they created this bug on Samsung's nice clean S3 design. The bug caused their phones to use 3G data all the time, no matter how you set it to use WiFi when available. Verizon undoubtedly profited in the tens of millions of dollars for people be forced to pay data overages as a result. Finally, like this escapade, Verizon got caught redhanded and didn't even apologize for defrauding their customers deliberately and they issued a fix for it. I really loathe Verizon even though I do use their cell towers.
Top • Page Up • Full Thread • Page Down • Bottom/Latest |
|
[Home] [Headlines] [Latest Articles] [Latest Comments] [Post] [Mail] [Sign-in] [Setup] [Help] [Register]
|