Verizon Tracking Users in Nefarious Way

Verizon is clearly out to compete with AT&T. Just not the competition I want.

Verizon Injecting Perma-Cookies to Track Mobile Customers, Bypassing Privacy Controls

Verizon Wireless has been silently modifying its users' web traffic on its network to inject a cookie-like tracker.

This tracker, included in an HTTP header called X-UIDH, is sent to every unencrypted website a Verizon customer visits from a mobile device. It allows third-party advertisers and websites to assemble a deep, permanent profile of visitors' web browsing habits without their consent.

Also unlike a cookie, Verizon's header is nearly invisible to the user and can't be seen or changed in the device's browser settings. If a user clears their cookies, the X-UIDH header remains unchanged.

This is an abusive violation of customer trust. A nationwide “quit Verizon” campaign resulting in customer loss seems very appropriate—and wow, this is a juicy opportunity for full page ads for a marketing “switch” campaign for a company like T-Mobile to take up.

It also seems like a great PR opportunity for the company that claims to take customer privacy to heart: Apple. Tim, you can stop this stuff, you have the clout. How does this kind of tracking dovetail with Apple Pay anyway?

Think about the real-time whereabouts tracking involved here with all that *unencrypted* web traffic: every time a web site is accessed, that cookie is there (the tracking doesn’t work with SSL/TLS apparently). What a juicy target for nationwide monitoring (and not just this country), built right into every Verizon user’s phone or whatever. WiFi packets sniffed over the air too—yikes.