Verizon?s undeletable ?supercookies? track users? web activities - GoFuckYourself.com

wehateporn · 11-04-2014, 05:03 AM

The profits made by Google and Facebook from trading users? choices and habits to ad companies are prompting other communication giants such as Verizon, to collect data on their customers, mostly without their knowledge.

Verizon Wireless has been actively implementing its new advertising program called Precision Market Insights (reportedly started in 2012), which tracks web activities of approximately 106 million Verizon customers when they are web surfing from portable devices, the Electronic Frontier Foundation reports.

The tracker registers which sites people visit and how much time they spend there, and even what apps they use on their smartphones and how exactly.

The most interesting is the way Verizon collects the valuable data ? by forcibly installing ?perma-cookies? that track people?s activities on the web on personal devices, reports Wired. And since the header gets injected at the network level, any device could be infected, even if it belongs to those who have never been Verizon customers.

The tracker, called X-UIDH, is injected on a device in an HTTP header, which is then being sent to every unencrypted website a Verizon customer visits from a his smartphone or media tablet. These ?supercookies? allow advertising companies that pay for the Verizon service to put together a comprehensive dossier on every web surfer?s browsing habits - without Verizon customers? knowledge.

The cookie was identified the X-UIDH header. It remains invisible to the user and cannot be disabled or changed via browser settings. The X-UIDH header bypasses built-in browser privacy mechanisms, ignoring such modes as Do Not Track, Incognito, Private Browsing or Limit Ad Tracking settings in both iOS and Android.

Also, Verizon ?supercookies? can?t be turned off, so no web browser privacy mode or clearing cookies will help you to get rid of them. That means that even when cookies are cleared out of a device, the intact X-UIDH with the known profile of a user gives an ad company a chance to quickly restore the necessary cookies on a user?s device and continue to ?guide? his requests for goods and services.

Because X-UIDH is shared with all unencrypted sites visited by Verizon customers, it gives advertisers more data that only cookies get. On top of all, X-UIDH is installed into all used mobile apps that send HTTP requests, thus correlating users' behavior on the web and in using apps.

However, according to AdAge: ?Corporate and government subscribers are excluded from the new marketing solution.?

Verizon maintains that third parties that are not members of the Verizon?s Precision Market Insights advertising program cannot use the supercookie to track Verizon customers.

?The way it?s built, it wouldn?t be able to be used for that,? company spokeswoman Adria Tomaszewski said.

But web security specialists warn that ?de-anonymizing? a user has become commonplace these days, so once a personal profile with a unique ID code gets to advertisers and data brokers, it is relatively straightforward to link the X-UIDH personal profile with a customer.

For intelligence agencies such as America?s NSA, reportedly using cookies to track down individuals as The Washington Post reported last year, the X-UIDH service could become an invaluable source of personal information on citizens.

There are several solutions that would prevent X-UIDH from modifying your traffic and they all imply encryption, as the ?ad virus? can only operate on a plaintext traffic, an attempt to modify an encrypted data flow would simply break the whole connection.

Full protection is guaranteed by a virtual private network (VPN) technology or Tor, but you can also try to surf safely using an encrypted proxy or HTTPS.

If you want to know whether your mobile device is already infected ? go to Amibeingtracked.com right from it and pass an injected header test.

http://rt.com/usa/202035-att-verizon-supercookies-web/

arock10 · 11-04-2014, 06:35 AM

I'm thinking they are about to get hit with some backlash

Barry-xlovecam · 11-04-2014, 06:49 AM

Quote:

4. HTTP blocking, like Adblock Plus or Privacy Badger, would still be effective.

http://webpolicy.org/2014/10/24/how-...-header-works/

So who is the "enemy" -- you reap what you sow ...

~Ray · 11-04-2014, 07:20 AM

Not surprising at all.

~Ray
www.hardlinks.org

PAR · 11-04-2014, 07:47 AM

Before people jump up and down they may want to learn a little more about UIDH.
http://www.faqs.org/patents/app/20130318346

It is used by most if not all mobile carriers.

L-Pink · 11-04-2014, 08:30 AM

So you're saying I shouldn't have searched for "Aussie chick blows her dog" on my cell phone last week?

Best-In-BC · 11-04-2014, 08:31 AM

lol, shity

PAR · 11-04-2014, 08:43 AM

Quote:

Originally Posted by L-Pink

So you're saying I shouldn't have searched for "Aussie chick blows her dog" on my cell phone last week?

LoL no you should search that 1000 times a day...

People should also understand that the "supercookie" is just an easier method than tracking you by your phones IMEI or MSN ID # ... The both the IMEI and MSN have more power than just tracking your data.

MrTrollkien · 11-07-2014, 09:02 PM

Another NSA program.

blinki bill · 11-08-2014, 02:01 AM

Anither reason to why folks should wake up to the fact that you HAVE to use vpn...

rowan · 11-08-2014, 05:57 AM

I capture all HTTP headers on one site that has a high incidence of extended human interaction, in order to research fraud prevention.

In about 5 months it has captured 6402 unique X-UIDH device IDs.

There are other headers that also seem to present a unique device ID. Some of the values even look like they could be phone numbers.

This is just a regular site. I'm not a part of any ad network.

Barry-xlovecam · 11-08-2014, 06:18 AM

Quote:

Originally Posted by rowan

In about 5 months it has captured 6402 unique X-UIDH device IDs.

There are other headers that also seem to present a unique device ID. Some of the values even look like they could be phone numbers.

-- ostensibly to track advertising. Interesting ...

last click · 11-08-2014, 10:25 AM

nice read thanks for sharing

WDF · 11-08-2014, 11:05 AM

Google, Face Book, etc. has been tracking your web activity for years to better target you with ads.

Most cellphone users are clueless to how easy it is to track them. With the proper equipment you can listen to them and intercept text messages also. Lots of intel is gathered this way, of course they can't use that in court but they do not need to when they catch a criminal act as it happens.

Information/Data has significant value if you know what to do with it and/or how to use it.

rowan · 11-08-2014, 10:33 PM

Quick scan of the header logs, these are some of the more obscure headers... (they appear for a tiny fraction of a percent of the total visitors)

X-jinny.cid:
X_UP_CALLING_LINE_ID:
X_UP_SUBNO:
X-London-GUID:
x-wsb-billing:
X-Newrelic-Id:
imsi:
x-uidh:
x-nokia-imsi:
X-UP-NAI:
X-Nokia-IMSI:
X-IMSI:
X-Up-Calling-Line-Id:
X-Nokia-MSISDN:
x-imsi:
X-Unique-Identifier:
X-MSP-CLID:
X-msisdn:
X-WAP-Network-Client-MSISDN:

etc, etc.

All these headers have values that appear to be unique IDs, in some cases possibly a phone number.

11-04-2014, 05:03 AM	#1
wehateporn Promoting Debate on GFY Industry Role: Join Date: Apr 2007 Posts: 27,173	Verizon?s undeletable ?supercookies? track users? web activities The profits made by Google and Facebook from trading users? choices and habits to ad companies are prompting other communication giants such as Verizon, to collect data on their customers, mostly without their knowledge. Verizon Wireless has been actively implementing its new advertising program called Precision Market Insights (reportedly started in 2012), which tracks web activities of approximately 106 million Verizon customers when they are web surfing from portable devices, the Electronic Frontier Foundation reports. The tracker registers which sites people visit and how much time they spend there, and even what apps they use on their smartphones and how exactly. The most interesting is the way Verizon collects the valuable data ? by forcibly installing ?perma-cookies? that track people?s activities on the web on personal devices, reports Wired. And since the header gets injected at the network level, any device could be infected, even if it belongs to those who have never been Verizon customers. The tracker, called X-UIDH, is injected on a device in an HTTP header, which is then being sent to every unencrypted website a Verizon customer visits from a his smartphone or media tablet. These ?supercookies? allow advertising companies that pay for the Verizon service to put together a comprehensive dossier on every web surfer?s browsing habits - without Verizon customers? knowledge. The cookie was identified the X-UIDH header. It remains invisible to the user and cannot be disabled or changed via browser settings. The X-UIDH header bypasses built-in browser privacy mechanisms, ignoring such modes as Do Not Track, Incognito, Private Browsing or Limit Ad Tracking settings in both iOS and Android. Also, Verizon ?supercookies? can?t be turned off, so no web browser privacy mode or clearing cookies will help you to get rid of them. That means that even when cookies are cleared out of a device, the intact X-UIDH with the known profile of a user gives an ad company a chance to quickly restore the necessary cookies on a user?s device and continue to ?guide? his requests for goods and services. Because X-UIDH is shared with all unencrypted sites visited by Verizon customers, it gives advertisers more data that only cookies get. On top of all, X-UIDH is installed into all used mobile apps that send HTTP requests, thus correlating users' behavior on the web and in using apps. However, according to AdAge: ?Corporate and government subscribers are excluded from the new marketing solution.? Verizon maintains that third parties that are not members of the Verizon?s Precision Market Insights advertising program cannot use the supercookie to track Verizon customers. ?The way it?s built, it wouldn?t be able to be used for that,? company spokeswoman Adria Tomaszewski said. But web security specialists warn that ?de-anonymizing? a user has become commonplace these days, so once a personal profile with a unique ID code gets to advertisers and data brokers, it is relatively straightforward to link the X-UIDH personal profile with a customer. For intelligence agencies such as America?s NSA, reportedly using cookies to track down individuals as The Washington Post reported last year, the X-UIDH service could become an invaluable source of personal information on citizens. There are several solutions that would prevent X-UIDH from modifying your traffic and they all imply encryption, as the ?ad virus? can only operate on a plaintext traffic, an attempt to modify an encrypted data flow would simply break the whole connection. Full protection is guaranteed by a virtual private network (VPN) technology or Tor, but you can also try to surf safely using an encrypted proxy or HTTPS. If you want to know whether your mobile device is already infected ? go to Amibeingtracked.com right from it and pass an injected header test. http://rt.com/usa/202035-att-verizon-supercookies-web/ __________________ Sexy Girls Teasing

11-04-2014, 06:35 AM	#2
arock10 Confirmed User Join Date: Jan 2006 Posts: 6,218	I'm thinking they are about to get hit with some backlash __________________ Sup

11-04-2014, 07:20 AM	#4
~Ray visit hardlinks.org Industry Role: Join Date: Jun 2003 Location: Las Vegas , Nv >>> [email protected] or icq 94994627 anytime Posts: 18,362	Not surprising at all. ~Ray www.hardlinks.org __________________ Adult Backlinks for Adult Websites - Testimonials Available

11-04-2014, 08:31 AM	#7
Best-In-BC Confirmed User Join Date: Jun 2002 Posts: 9,506	lol, shity __________________ Vacares - Web Hosting, Domains, O365, Security & More Unparked domains burning a hole in your pocket? 5 Simple Ways to Make Easy $$$ from Unused Domains

11-08-2014, 11:05 AM	#14
WDF Confirmed User Industry Role: Join Date: Jan 2013 Location: Nashville,TN. Music City U.S.A. Posts: 2,248	Google, Face Book, etc. has been tracking your web activity for years to better target you with ads. Most cellphone users are clueless to how easy it is to track them. With the proper equipment you can listen to them and intercept text messages also. Lots of intel is gathered this way, of course they can't use that in court but they do not need to when they catch a criminal act as it happens. Information/Data has significant value if you know what to do with it and/or how to use it. __________________ Please HELP

11-04-2014, 07:47 AM	#5
PAR Confirmed User Industry Role: Join Date: May 2005 Posts: 1,835	Before people jump up and down they may want to learn a little more about UIDH. http://www.faqs.org/patents/app/20130318346 It is used by most if not all mobile carriers.

11-04-2014, 08:30 AM	#6
L-Pink working on my tan Industry Role: Join Date: Mar 2005 Location: Florida/Kentucky Posts: 39,151	So you're saying I shouldn't have searched for "Aussie chick blows her dog" on my cell phone last week?

11-07-2014, 09:02 PM	#9
MrTrollkien So Fucking Banned Industry Role: Join Date: Mar 2014 Location: Germany Posts: 2,360	Another NSA program.

11-08-2014, 02:01 AM	#10
blinki bill Confirmed User Join Date: Oct 2006 Location: solar system, earth Posts: 123	Anither reason to why folks should wake up to the fact that you HAVE to use vpn...

11-08-2014, 05:57 AM	#11
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,393	I capture all HTTP headers on one site that has a high incidence of extended human interaction, in order to research fraud prevention. In about 5 months it has captured 6402 unique X-UIDH device IDs. There are other headers that also seem to present a unique device ID. Some of the values even look like they could be phone numbers. This is just a regular site. I'm not a part of any ad network.

11-08-2014, 10:25 AM	#13
last click Confirmed User Industry Role: Join Date: Oct 2014 Posts: 249	nice read thanks for sharing

11-08-2014, 10:33 PM	#15
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,393	Quick scan of the header logs, these are some of the more obscure headers... (they appear for a tiny fraction of a percent of the total visitors) X-jinny.cid: X_UP_CALLING_LINE_ID: X_UP_SUBNO: X-London-GUID: x-wsb-billing: X-Newrelic-Id: imsi: x-uidh: x-nokia-imsi: X-UP-NAI: X-Nokia-IMSI: X-IMSI: X-Up-Calling-Line-Id: X-Nokia-MSISDN: x-imsi: X-Unique-Identifier: X-MSP-CLID: X-msisdn: X-WAP-Network-Client-MSISDN: etc, etc. All these headers have values that appear to be unique IDs, in some cases possibly a phone number.