on your phone, turn off wifi, browse:

http://lessonslearned.org/sniff

Verizon May Soon Get to Enjoy a Lawsuit Over Its Sneaky Use of Perma-Cookies


Over the last few years, Verizon has been ramping up its behavioral tracking efforts via programs like Verizon Selects (https://www.verizonwireless.com/support/faqs/AccountManagement/verizon-selects.html) and its Relevant Mobile Ad (https://www.verizonwireless.com/support/faqs/AccountManagement/mobile_ads.html) system, which track wireless and wireline subscriber web behavior to deliver tailored ads and sell your information to third parties. Unknown until a few weeks ago however was the fact that as part of this initiative, Verizon has started using what many are calling controversial "stealth," "super" or "perma" cookies that track a user's online behavior covertly, without users being able to disable them via browser settings.

Lawyer and Stanford computer scientist Jonathan Mayer offered up an excellent analysis (http://webpolicy.org/2014/10/24/how-verizons-advertising-header-works/?utm_content=buffer83090&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer) noting that Verizon was actively modifying its users' traffic to embed a unique identifier traffic header, or X-UIDH. This header is then read by marketing partners (or hey, anybody, since it's stamped on all of your traffic) who can then build a handy profile of you. It's a rather ham-fisted approach, argues Mayer, who notes that while you can opt-out of Verizon selling your data, you can't opt out of having your traffic embedded with the unique identifier. He also offered up a handy graphic detailing precisely how these headers work:
https://i.imgur.com/uFwtcfU.png (https://imgur.com/uFwtcfU)
As the story grew the last few weeks, ProPublica noted (http://www.propublica.org/article/somebodys-already-using-verizons-id-to-track-users) that Twitter's mobile advertising arm is already one of several clients using Verizon's "header enrichment" system, though Twitter didn't much want to talk about it. Several tools like this one (http://lessonslearned.org/sniff) have popped up since, allowing users to test their wireless connections (note it doesn't work if your cellular device is connected to Wi-Fi, and may be masked by the use of Google Mobile Chrome, Opera Mini, or if viewed through apps like Flipboard).

Kashmir Hill at Forbes also has a great article exploring the ramifications of the system (http://www.forbes.com/sites/kashmirhill/2014/10/29/the-privacy-lowdown-on-verizon-and-atts-permacookies/) and asked Verizon and AT&T (who has started trials of a similar system) what consumer protections are in place. Both companies proclaimed that the characters in their headers are rotated on a weekly and daily basis to protect user information. But as we've noted time and time again, there's really no such thing as an anonymized data set (https://www.techdirt.com/articles/20090327/1118574277.shtml), and security consultant Ken White argues that only part of the data in the headers is modified, if at all:

"White has been tracked for the past 6 days across 550 miles with a persistent code from both Verizon and AT&T. He has a smartphone with Verizon service and a hotspot with AT&T service. In AT&T’s case, the code has four parts; only one part changes, he says. “It’s like if you were identified by a birth month, a birth year, a birth day, and a zip code, and they remove one of those things,” said White. You’d still be able to reasonably track that person with the other three. Verizon’s code meanwhile hasn’t changed for him, and it’s been almost a week."

https://www.techdirt.com/articles/20141105/11315029057/verizon-may-soon-get-to-enjoy-lawsuit-over-their-sneaky-use-perma-cookies.shtml

As always, Corporate-Americans, sooner or later, fuck things up for Human-Americans.