AT&T, Verizon Use ‘Perma-Cookies’ To Track Phone Web Browsing

Verizon Wireless and AT&T are inserting header codes into mobile traffic data that enables them to track customers' browsing activities over LTE, 4G and 3G networks, according to an online security expert. The "unique identifier header," or UIDH, can be used to understand customer Web habits and deliver more targeted advertising to them.

AT&T said it is only testing the use of UIDHs, and is not currently running a mobile-relevant advertising program that would use such ID-tracked information. Verizon Wireless, which did not respond to our phone calls or e-mails, has been using the tracking codes for two years, according to a report in Wired.

Described as a "perma-cookie," the UIDH is a long string of characters that is inserted into users' mobile Web traffic without their knowledge. Crypto-security expert Kenneth White discovered the use of these codes and has developed a Web page that enables mobile users to test whether their traffic is being labeled in that way.

1M Hits to 'Sniffer' Page

Since news of the discovery was first reported in the media, White's "sniffer" testing page has received nearly one million hits, according to an update White posted Tuesday on Twitter. In an earlier tweet, he noted, "It's almost as if there's interest in mobile providers not being creepy and broadcasting tracking beacons to the world."

ProPublica reported today that the hidden code is also being used by MoPub, a mobile advertising-focused company acquired by Twitter last year. The article linked to a Twitter developer page with information on how UIDHs can be used in apps development.

According to the earlier report in Wired, there is no way for mobile phone users to prevent the insertion of UIDHs into their browsing traffic. A Verizon spokesperson told Wired that if customers choose to opt out, the codes wouldn't be used...

Comments are closed.

AT&T, Verizon Use ‘Perma-Cookies’ To Track Phone Web Browsing

Verizon Wireless and AT&T are inserting header codes into mobile traffic data that enables them to track customers' browsing activities over LTE, 4G and 3G networks, according to an online security expert. The "unique identifier header," or UIDH, can be used to understand customer Web habits and deliver more targeted advertising to them.

AT&T said it is only testing the use of UIDHs, and is not currently running a mobile-relevant advertising program that would use such ID-tracked information. Verizon Wireless, which did not respond to our phone calls or e-mails, has been using the tracking codes for two years, according to a report in Wired.

Described as a "perma-cookie," the UIDH is a long string of characters that is inserted into users' mobile Web traffic without their knowledge. Crypto-security expert Kenneth White discovered the use of these codes and has developed a Web page that enables mobile users to test whether their traffic is being labeled in that way.

1M Hits to 'Sniffer' Page

Since news of the discovery was first reported in the media, White's "sniffer" testing page has received nearly one million hits, according to an update White posted Tuesday on Twitter. In an earlier tweet, he noted, "It's almost as if there's interest in mobile providers not being creepy and broadcasting tracking beacons to the world."

ProPublica reported today that the hidden code is also being used by MoPub, a mobile advertising-focused company acquired by Twitter last year. The article linked to a Twitter developer page with information on how UIDHs can be used in apps development.

According to the earlier report in Wired, there is no way for mobile phone users to prevent the insertion of UIDHs into their browsing traffic. A Verizon spokesperson told Wired that if customers choose to opt out, the codes wouldn't be used...

Comments are closed.