More like this

Security

Super-cookie crumbles: Verizon vows to kill off hated zombie stalkers

This time opt-out actually means opt-out, we're told

Verizon has backed down over its fingerprinting of subscribers using so-called immortal "super cookies."

In 2012, the US mobile telco started injecting unique identifying headers (UIDHs) into every HTTP request users made to websites via the Verizon network. This allowed sneaky ad agencies to recognize people as they moved from site to site, and display ads supposedly tailored to individuals' interests.

Deleting all your cookies from your web browser, or using something like Chrome's incognito mode, will not kill off the header – because it is inserted automatically by the carrier.

Customers could "opt out" of the system, but the X-UIDH code would still be injected, allowing smart networks – like Turn in San Francisco – to follow people around the web regardless. The ad agency stopped doing that about a week ago.

The per-subscriber headers caused a stink among privacy warriors, due to the blanket nature of the injection and that it was impossible to remove it. Campaigners at the EFF objected to the mandatory nature of the headers.

AT&T was testing a similar system, and dropped that when it was exposed.

Now Verizon has said that this time "opt-out" really means opt-out: it's going to stop injecting UIDHs into subscribers' web traffic if they switch off the system in their account settings.

Previously, if you opted out, stats about where you've been online were withheld from advertisers, but as we've seen with Turn, that didn't stop determined networks.

"Verizon takes customer privacy seriously and it is a central consideration as we develop new products and services. As the mobile advertising ecosystem evolves, and our advertising business grows, delivering solutions with best-in-class privacy protections remains our focus," the company told El Reg in a statement on Friday.

"We listen to our customers and provide them the ability to opt out of our advertising programs. We have begun working to expand the opt-out to include the identifier referred to as the UIDH, and expect that to be available soon. As a reminder, Verizon never shares customer information with third parties as part of our advertising programs." ®

Sponsored: The world has changed, has your IAM strategy?