Verizon?s undeletable ?supercookies? track users? web activities

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • wehateporn
    Promoting Debate on GFY
    • Apr 2007
    • 27176

    #1

    Verizon?s undeletable ?supercookies? track users? web activities


    The profits made by Google and Facebook from trading users? choices and habits to ad companies are prompting other communication giants such as Verizon, to collect data on their customers, mostly without their knowledge.

    Verizon Wireless has been actively implementing its new advertising program called Precision Market Insights (reportedly started in 2012), which tracks web activities of approximately 106 million Verizon customers when they are web surfing from portable devices, the Electronic Frontier Foundation reports.

    The tracker registers which sites people visit and how much time they spend there, and even what apps they use on their smartphones and how exactly.

    The most interesting is the way Verizon collects the valuable data ? by forcibly installing ?perma-cookies? that track people?s activities on the web on personal devices, reports Wired. And since the header gets injected at the network level, any device could be infected, even if it belongs to those who have never been Verizon customers.

    The tracker, called X-UIDH, is injected on a device in an HTTP header, which is then being sent to every unencrypted website a Verizon customer visits from a his smartphone or media tablet. These ?supercookies? allow advertising companies that pay for the Verizon service to put together a comprehensive dossier on every web surfer?s browsing habits - without Verizon customers? knowledge.

    The cookie was identified the X-UIDH header. It remains invisible to the user and cannot be disabled or changed via browser settings. The X-UIDH header bypasses built-in browser privacy mechanisms, ignoring such modes as Do Not Track, Incognito, Private Browsing or Limit Ad Tracking settings in both iOS and Android.

    Also, Verizon ?supercookies? can?t be turned off, so no web browser privacy mode or clearing cookies will help you to get rid of them. That means that even when cookies are cleared out of a device, the intact X-UIDH with the known profile of a user gives an ad company a chance to quickly restore the necessary cookies on a user?s device and continue to ?guide? his requests for goods and services.

    Because X-UIDH is shared with all unencrypted sites visited by Verizon customers, it gives advertisers more data that only cookies get. On top of all, X-UIDH is installed into all used mobile apps that send HTTP requests, thus correlating users' behavior on the web and in using apps.

    However, according to AdAge: ?Corporate and government subscribers are excluded from the new marketing solution.?

    Verizon maintains that third parties that are not members of the Verizon?s Precision Market Insights advertising program cannot use the supercookie to track Verizon customers.

    ?The way it?s built, it wouldn?t be able to be used for that,? company spokeswoman Adria Tomaszewski said.

    But web security specialists warn that ?de-anonymizing? a user has become commonplace these days, so once a personal profile with a unique ID code gets to advertisers and data brokers, it is relatively straightforward to link the X-UIDH personal profile with a customer.

    For intelligence agencies such as America?s NSA, reportedly using cookies to track down individuals as The Washington Post reported last year, the X-UIDH service could become an invaluable source of personal information on citizens.

    There are several solutions that would prevent X-UIDH from modifying your traffic and they all imply encryption, as the ?ad virus? can only operate on a plaintext traffic, an attempt to modify an encrypted data flow would simply break the whole connection.

    Full protection is guaranteed by a virtual private network (VPN) technology or Tor, but you can also try to surf safely using an encrypted proxy or HTTPS.

    If you want to know whether your mobile device is already infected ? go to Amibeingtracked.com right from it and pass an injected header test.

    http://rt.com/usa/202035-att-verizon-supercookies-web/
  • arock10
    Confirmed User
    • Jan 2006
    • 6217

    #2
    I'm thinking they are about to get hit with some backlash
    Sup

    Comment

    • Barry-xlovecam
      It's 42
      • Jun 2010
      • 18083

      #3
      4. HTTP blocking, like Adblock Plus or Privacy Badger, would still be effective.

      http://webpolicy.org/2014/10/24/how-...-header-works/

      So who is the "enemy" -- you reap what you sow ...

      Comment

      • ~Ray
        visit hardlinks.org
        • Jun 2003
        • 18361

        #4
        Not surprising at all.

        ~Ray
        www.hardlinks.org
        Adult Backlinks for Adult Websites - Testimonials Available

        Comment

        • PAR
          Confirmed User
          • May 2005
          • 1835

          #5
          Before people jump up and down they may want to learn a little more about UIDH.
          http://www.faqs.org/patents/app/20130318346

          It is used by most if not all mobile carriers.

          Comment

          • L-Pink
            working on my tan
            • Mar 2005
            • 39151

            #6
            So you're saying I shouldn't have searched for "Aussie chick blows her dog" on my cell phone last week?

            Comment

            • Best-In-BC
              Confirmed User
              • Jun 2002
              • 9511

              #7
              lol, shity
              Vacares - Web Hosting, Domains, O365, Security & More
              Unparked domains burning a hole in your pocket? 5 Simple Ways to Make Easy $$$ from Unused Domains

              Comment

              • PAR
                Confirmed User
                • May 2005
                • 1835

                #8
                Originally posted by L-Pink
                So you're saying I shouldn't have searched for "Aussie chick blows her dog" on my cell phone last week?
                LoL no you should search that 1000 times a day...

                People should also understand that the "supercookie" is just an easier method than tracking you by your phones IMEI or MSN ID # ... The both the IMEI and MSN have more power than just tracking your data.

                Comment

                • MrTrollkien
                  So Fucking Banned
                  • Mar 2014
                  • 2360

                  #9
                  Another NSA program.

                  Comment

                  • blinki bill
                    Confirmed User
                    • Oct 2006
                    • 123

                    #10
                    Anither reason to why folks should wake up to the fact that you HAVE to use vpn...

                    Comment

                    • rowan
                      Too lazy to set a custom title
                      • Mar 2002
                      • 17393

                      #11
                      I capture all HTTP headers on one site that has a high incidence of extended human interaction, in order to research fraud prevention.

                      In about 5 months it has captured 6402 unique X-UIDH device IDs.

                      There are other headers that also seem to present a unique device ID. Some of the values even look like they could be phone numbers.

                      This is just a regular site. I'm not a part of any ad network.

                      Comment

                      • Barry-xlovecam
                        It's 42
                        • Jun 2010
                        • 18083

                        #12
                        Originally posted by rowan

                        In about 5 months it has captured 6402 unique X-UIDH device IDs.

                        There are other headers that also seem to present a unique device ID. Some of the values even look like they could be phone numbers.
                        -- ostensibly to track advertising. Interesting ...

                        Comment

                        • last click
                          Confirmed User
                          • Oct 2014
                          • 249

                          #13
                          nice read thanks for sharing

                          Comment

                          • WDF
                            Confirmed User
                            • Jan 2013
                            • 2248

                            #14
                            Google, Face Book, etc. has been tracking your web activity for years to better target you with ads.

                            Most cellphone users are clueless to how easy it is to track them. With the proper equipment you can listen to them and intercept text messages also. Lots of intel is gathered this way, of course they can't use that in court but they do not need to when they catch a criminal act as it happens.

                            Information/Data has significant value if you know what to do with it and/or how to use it.
                            Please HELP

                            Comment

                            • rowan
                              Too lazy to set a custom title
                              • Mar 2002
                              • 17393

                              #15
                              Quick scan of the header logs, these are some of the more obscure headers... (they appear for a tiny fraction of a percent of the total visitors)

                              X-jinny.cid:
                              X_UP_CALLING_LINE_ID:
                              X_UP_SUBNO:
                              X-London-GUID:
                              x-wsb-billing:
                              X-Newrelic-Id:
                              imsi:
                              x-uidh:
                              x-nokia-imsi:
                              X-UP-NAI:
                              X-Nokia-IMSI:
                              X-IMSI:
                              X-Up-Calling-Line-Id:
                              X-Nokia-MSISDN:
                              x-imsi:
                              X-Unique-Identifier:
                              X-MSP-CLID:
                              X-msisdn:
                              X-WAP-Network-Client-MSISDN:

                              etc, etc.

                              All these headers have values that appear to be unique IDs, in some cases possibly a phone number.

                              Comment

                              Working...