Jump to content


Concern Arises Over Verizon's New Sneaky 'Stealth Cookie'


  • Please log in to reply
11 replies to this topic

#1 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,029 posts

Posted 29 October 2014 - 12:47 AM

Quote

Concern Arises Over Verizon's New Sneaky 'Stealth Cookie': Verizon Wireless has started taking heat from privacy advocates for altering their customers' traffic and inserting unique identifiers that users have no control over


Quote

Verizon Wireless has started taking heat from privacy advocates for altering their customers' traffic and inserting unique identifiers that users have no control over. We've already explored how over the last two years Verizon has been ramping up data collection on its wireless customers via programs like Verizon Selects and their Relevant Mobile Ad department, which track your personal information and web habits for more tailored advertisements (that data's also sold to third parties).


Posted Image

Curiously, while Verizon has been tracking users' online activity for two years, it was only last week that people started noticing that Verizon was using a controversial sort of "super cookie" that modifies user traffic to uniquely identify users. This Unique Identifier Header, or UIDH, broadcasts your identity across the web -- and remains -- and can be abused -- even if you opt-out of Verizon's programs.

That's a huge problem, notes Stanford lawyer and computer scientist Jonathan Mayer, who writes that broadcasting that unique identifier is rather ham fisted
http://www.dslreport...h-Cookie-131034

Source: https://www.reddit.c...stealth/clm7ret

Quote


Verizon isn't the only carrier doing it. @kennwhite noted on his sniff page the following carriers his tool will identify: AT&T, Verizon, Sprint, Bell Canada, & Vodacom.
You can check to confirm if your device's requests are being injected at http://lessonslearned.org/sniff[1]

**Edit: It has been confirmed that T-Mobile doesn't inject UID into http traffic. Note that these carriers can only inject into HTTP traffic, so any site that uses HTTPS will be protected from this. Larger sites like Amazon, Facebook, Yahoo all use HTTPS, effectively protecting you from this nonsense.

So glad I moved to T-Mobile two years ago.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#2 OFFLINE   ebrke

ebrke

    Board Bigwig

  • Forum MVP
  • 2,828 posts

Posted 29 October 2014 - 02:33 PM

My quiet retirement and very small family (along with financial considerations) stopped me from investing in a smart phone--I don't even have a data plan with the "dumb" phone I do have.  While I think every once in a while that a smart phone might be handy, I read something like this and figure I'm fine just the way I am.
Posted Image

#3 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,029 posts

Posted 29 October 2014 - 10:44 PM

Well all of the companies do not do this. Out of the big 4, T-Mobile is the only one who isnt doing this. I wonder if that is because they are the only company not american owned.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#4 OFFLINE   Capt.Crow

Capt.Crow

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,237 posts

Posted 30 October 2014 - 04:48 PM

T-mobile .......Would that be anything to do with Telefonica,   They seem to have the best servers . At times I have to route through Holland
Linux counter no . 393441

#5 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,029 posts

Posted 31 October 2014 - 01:18 AM

I moved to tmobile from Att last year and I couldn't be happier. As I buy unlock, nexus phones I was able to take advantage of Tmobile's no contract bring your own device plan. I pay $50 a month for unlimited talk/text and 3gb of data which is fine as I am on wifi 98% of the time.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#6 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,029 posts

Posted 31 October 2014 - 01:22 AM

T-Mobile is also Deutsche Telekom in Europe

Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#7 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 22,548 posts

Posted 31 October 2014 - 11:03 AM

I went to lessonslearned.org/sniff and there is nothing in the broadcast UID:

So it is not something being universally done. I tried with both Safari and Google Chrome on iOS 8 on my iPhone 6 and it showed:

1. date tested
2. the brower/agent was correct
3. showed do not track enabled on both
4. broadcast UID was empty
5. and showed the IP address correctly
Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#8 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,029 posts

Posted 31 October 2014 - 11:18 AM

Hmm, that is odd.  DSL Reports is usually pretty good at reporting on issues.

It must be selective as you said or perhaps something else. I dunno
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#9 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 22,548 posts

Posted 31 October 2014 - 12:26 PM

Or Verizon Wireless has changed due to pressure. ;)
Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#10 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,029 posts

Posted 31 October 2014 - 12:33 PM

Perhaps but I really doubt it.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#11 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 22,548 posts

Posted 31 October 2014 - 12:35 PM

Well, I tried it in two browsers on my iPhone 6, and no broadcast UID listed on that website.
Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#12 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,029 posts

Posted 31 October 2014 - 02:36 PM

I dunno then..
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users