Verizon’s mobile ‘supercookies’ seen as threat to privacy

“For the last several months, cybersecurity experts have been warning Verizon Wireless that it was putting the privacy of its customers at risk,” Natasha Singer and Brian X. Chen report for The New York Times. “The computer codes the company uses to tag and follow its mobile subscribers around the web, they said, could make those consumers vulnerable to covert tracking and profiling.”

“It looks as if there was reason to worry,” Singer and Chen report. “This month Jonathan Mayer, a lawyer and computer science graduate student at Stanford University, reported on his blog that Turn, an advertising software company, was using Verizon’s unique customer codes to regenerate its own tracking tags after consumers had chosen to delete what is called a cookie — a little bit of code that can stick with your web browser after you have visited a site. In effect, Turn found a way to keep tracking visitors even after they tried to delete their digital footprints.”

“The episode shined a spotlight on a privacy issue that is particularly pronounced at Verizon. The company’s customer codes, called unique ID headers, have troubled some data security and privacy experts who say Verizon has introduced a persistent, hidden tracking mechanism into apps and browsers that third parties could easily exploit,” Singer and Chen report. “While Internet users can choose to delete their regular cookies, Verizon Wireless users cannot delete the company’s so-called supercookies.”

Read more in the full article here.

[Thanks to MacDailyNews Reader “David G.” for the heads up.]


    1. If you read the article:
      “AT&T experimented last year with a similar ad-targeting program, which involved inserting a unique numeric code into a subscriber’s web requests. But after scrutiny in the news media, AT&T said it was halting its program, at least until it came up with a better approach.”

  1. I’ve often wondered why it is that if someone throws a bag of garbage in my front yard it is a criminal offense, but my PERSONAL computer can be littered with digital trash such as this and it is perfectly legal? WTF it’s getting really ridiculous isn’t it?

    1. Manufacturers of Windows PCs actually make you pay to keep the garbage off of your new computer. But then, after you connect to the web, lots of other garbage jumps on.

      I had a used Windows PC for a while until I could buy another Mac. I regularly ran two packages to identify and delete malware, and they never failed to find stuff. Macs are not perfect – for instance, I would really like to have better control over Safari cookies than just the three options (all, nothing, or most), but Macs are a lot better than Windows PCs.

      Hey, Apple…how about a way to enable a user to retain a selected list of cookies? That way, I could push one button to clean out all other cookies while protecting the ones that I actually need/use. Cookie management in Safari is currently very, very poor.

      1. Careful there, Mel. You just identified another huge Apple software shortcoming. The MDN want you to ignore all the bugs and user-unfriendly crap that Apple has foisted on its unsuspecting users and instead discuss vaporware like iPad Pros and ARM Macs or pretend that the forthcoming Apple Watch will suddenly become a must-have fashion statement for a generation of people who don’t wear anything on their wrists.

        Cookies suck almost as bad as Apple’s constant phoning home your usage information.

  2. Time for a class action suit against Verizon and Turn and any other company violating our constitutional rights. The Verizon Executives that allowed this need to go to jail and the Company needs to be broken up and sold to honest competitors.

    1. Well, pointing at the Constitution in cases like this is a bit more difficult. Let us review:

      The Fourth Amendment To The US Constitution

      “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

      The assumption generally is that this is referring to privacy from the government in its various forms. Then there are the specifics in the amendment. The phrase that might apply to being tracked would be “secure in their persons”. Applying that to surfing the Internet and making phone calls makes TOTAL sense to me. But obviously there are certain people who disagree.

      I personally would enjoy beating on Verizon with a lawsuit. But the more specific document that would apply would be their Terms of Service agreement. If it says in there that they can pass your identity around with your travels on the web, then oh well. (I haven’t read it).

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.