Verizon Wireless token tracker triggers tech transparency tempest
Users say opt out a feature in name only
Verizon Wireless is monitoring users' mobile internet traffic, using a token slapped onto web requests, to facilitate targeted advertising even if a user has opted out.
The unique identifier token header (UIDH) was launched two years ago, and has caused an uproar in tech circles after it was re-discovered Thursday by Electronic Frontier Foundation staffer Jacob Hoffman-Andrews.
The Relevant Mobile Advertising program, under which the UDIH was used, allowed a restaurant to advertised to locals only or for retail websites to promote to previous visitors, according to Verizon Wireless.
The UIDH refreshes each week would provide targeted ads under Verizon's Precision Market Insights from partipating advertisers which could request location and market-segment information.
Last rant/recap: disable cookies, disable flash, change locations, & IPs—this VZN über-tracker persists. UID is sent to EVERY site I touch.— Kenn White (@kennwhite) October 23, 2014
It used subscribers' postal address, device types and language preferences to build profiles along with gender, age and hobby and personal interests, Verizon said on its website.
"This information might include your gender, age range, and interests (i.e. sports fan, frequent diner, or pet owner)," it said.
"In addition, we will use an anonymous, unique identifier we create when you register on our websites. This may allow an advertiser to use information they have about your visits to online websites to deliver marketing messages to mobile devices on our network. We do not share information that identifies you personally outside of Verizon as part of this program.
Some of this information was "obtained from other companies", it said.
I don't know how I missed this: Verizon is rewriting your HTTP requests to insert a permacookie? Terrible. http://t.co/MBDGZaLKNs— Jacob H-A (@j4cob) October 22, 2014
UIDH sent to all websites, despite users opt-out, some say.
Crypto bod Kenn White was one of many users to claim the UID persistent on web requests after users deliberately opted out, in some cases after several months.
"Confirmed on new test server: Verizon injects device-level tracking headers to all sites I visit, despite opt out," White said on Twitter.
Verizon Wireless has been contacted for comment.
A company spokeswoman told Advertising Age earlier this year that the UIDH was "privacy safe" and that it had done "everything and more" in "communicating often and clearly" about the program. "So there are never any surprises," she said.
Sponsored: Becoming a Pragmatic Security Leader