Verizon Wireless has been subtly altering the web traffic of its wireless customers for the past two years inserting a string of about 50 letters numbers and characters into data flowing between these customers and the websites they visit.
The company one the country s largest wireless carriers providing cell phone service for about 123 million subscribers calls this a Unique Identifier Header or UIDH. It s a kind of short term serial number that advertisers can use to identify you on the web and it s the lynchpin of the company s internet advertising program. But critics say that it s also a reckless misuse of Verizon s power as an internet service provider something that could be used as a trump card to obviate established privacy tools such as private browsing sessions or do not track features.
Jacob Hoffman Andrews a technologist with the Electronic Frontier Foundation wants Verizon to stop using the UIDH. ISPs are trusted connectors of users and they shouldn t be modifying our traffic on its way to the Internet he says. He calls the UIDH a perma cookie because it can be read by any web server that you visit and used to build a profile of your internet habits.
According to Verizon spokeswoman Debra Lewis there s no way to turn it off. She says that Verizon doesn t use the UIDH to create customer profiles and if you opt out of the company s Relevant Mobile Advertising program (you can do this by logging into your Verizon account here) then Verizon and its advertising partners won t be using it to create targeted ads. But that s beside the point says Hoffman Andrews. Because Verizon is broadcasting this unique identifier to every website ad networks could start using it to build a profile of your web activity even without your consent.
The fact that the UIDH was around for two years before getting any serious attention is a testament to the murky and challenging nature of privacy on today s internet. Verizon has made no secret of its ambitions to cash in on the mobile advertising market. But the technical details of how it is doing this have been hard to uncover.
You can test to see if your mobile device is broadcasting a UIDH on this website run by Kenneth White a security researcher. (Go to the site and if there is nothing displayed after the line your UID is reporting then you are not displaying a UIDH.) White says that the majority of Verizon Wireless customers who test their devices on his site display the perma cookie. But not everyone does.
Verizon couldn t explain why some of our Verizon phones here at WIRED didn t display it when we tested. White thinks that may be because the router side software used to insert the header may not be available on all of Verizon s sprawling national network. If you connect via Wi Fi or a virtual private network or are talking to a site via SSL then the UIDH will not display either.
It s difficult for even outside websites to realize what is happening here. The UIDH headers weren t discovered until someone configured web traffic to log all headers and then noticed the extra data coming from Verizon customers. That person an EFF member then reported it to the digital rights organization. It s gone relatively unremarked by the security privacy and broader technical community in part because it s so hard to observe says Hoffman Andrews.
Robert McMillan Wired
More from WiredAmerican Schools Are Training Kids for a World That Doesn t ExistWhy Your Cat Thinks You re a Huge Unpredictable Ape21 Awesomely Well Designed Products We re Dying to OwnThe Murderous Sometimes Sexy History of the MermaidWhy You Always Seem to Choose the Slowest Line
No comments:
Post a Comment