Mark Stockley writes:
Verizon Wireless has been caught with their hand in the cookie jar, so to speak.
It emerged last week that the cellular provider has been adding a unique identifier to its cell phone customers’ web traffic – the identifier can be used to track a user’s actions in exactly the same way as a cookie can but, unlike a cookie, it can’t be deleted.
An HTTP header containing a device-specific ID is tacked onto outgoing web traffic as it passes through Verizon’s network, after it has left their users’ phones and before it hits the internet.
Read more on Graham Cluley.
Unsurprisingly, Verizon denies a privacy problem. Over on eWeek, Todd Weiss reports:
Adria Tomaszewski, a Verizon Wireless spokeswoman, told eWEEK in an Oct. 28 email reply to an inquiry that the UIDH data has been in use since late 2012 and that the information “accompanies users’ Internet data requests transmitted over our wireless network.”
The UIDH data is dynamic and changes often on user devices, and can be used to authenticate subscribers as well as help “to associate devices with targeted ad campaigns for the Relevant Mobile Advertising program to the extent a customer has not opted-out of the program,” wrote Tomaszewski.”We do not use the UIDH to create customer profiles,” she wrote. “Verizon Wireless does not use the UIDH to track where customers go on the Web. And, information about Web browsing is not part of the relevant mobile advertising program.”