securitybreach Posted October 29, 2014 Share Posted October 29, 2014 Concern Arises Over Verizon's New Sneaky 'Stealth Cookie': Verizon Wireless has started taking heat from privacy advocates for altering their customers' traffic and inserting unique identifiers that users have no control over Verizon Wireless has started taking heat from privacy advocates for altering their customers' traffic and inserting unique identifiers that users have no control over. We've already explored how over the last two years Verizon has been ramping up data collection on its wireless customers via programs like Verizon Selects and their Relevant Mobile Ad department, which track your personal information and web habits for more tailored advertisements (that data's also sold to third parties). Curiously, while Verizon has been tracking users' online activity for two years, it was only last week that people started noticing that Verizon was using a controversial sort of "super cookie" that modifies user traffic to uniquely identify users. This Unique Identifier Header, or UIDH, broadcasts your identity across the web -- and remains -- and can be abused -- even if you opt-out of Verizon's programs. That's a huge problem, notes Stanford lawyer and computer scientist Jonathan Mayer, who writes that broadcasting that unique identifier is rather ham fisted http://www.dslreport...h-Cookie-131034 Source: https://www.reddit.c...stealth/clm7ret Verizon isn't the only carrier doing it. @kennwhite noted on his sniff page the following carriers his tool will identify: AT&T, Verizon, Sprint, Bell Canada, & Vodacom. You can check to confirm if your device's requests are being injected at http://lessonslearned.org/sniff[1] **Edit: It has been confirmed that T-Mobile doesn't inject UID into http traffic. Note that these carriers can only inject into HTTP traffic, so any site that uses HTTPS will be protected from this. Larger sites like Amazon, Facebook, Yahoo all use HTTPS, effectively protecting you from this nonsense. So glad I moved to T-Mobile two years ago. 2 Quote Link to comment Share on other sites More sharing options...
ebrke Posted October 29, 2014 Share Posted October 29, 2014 My quiet retirement and very small family (along with financial considerations) stopped me from investing in a smart phone--I don't even have a data plan with the "dumb" phone I do have. While I think every once in a while that a smart phone might be handy, I read something like this and figure I'm fine just the way I am. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 30, 2014 Author Share Posted October 30, 2014 Well all of the companies do not do this. Out of the big 4, T-Mobile is the only one who isnt doing this. I wonder if that is because they are the only company not american owned. Quote Link to comment Share on other sites More sharing options...
Capt.Crow Posted October 30, 2014 Share Posted October 30, 2014 T-mobile .......Would that be anything to do with Telefonica, They seem to have the best servers . At times I have to route through Holland Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 31, 2014 Author Share Posted October 31, 2014 I moved to tmobile from Att last year and I couldn't be happier. As I buy unlock, nexus phones I was able to take advantage of Tmobile's no contract bring your own device plan. I pay $50 a month for unlimited talk/text and 3gb of data which is fine as I am on wifi 98% of the time. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 31, 2014 Author Share Posted October 31, 2014 T-Mobile is also Deutsche Telekom in Europe 1 Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted October 31, 2014 Share Posted October 31, 2014 I went to lessonslearned.org/sniff and there is nothing in the broadcast UID: So it is not something being universally done. I tried with both Safari and Google Chrome on iOS 8 on my iPhone 6 and it showed: 1. date tested 2. the brower/agent was correct 3. showed do not track enabled on both 4. broadcast UID was empty 5. and showed the IP address correctly Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 31, 2014 Author Share Posted October 31, 2014 Hmm, that is odd. DSL Reports is usually pretty good at reporting on issues. It must be selective as you said or perhaps something else. I dunno Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted October 31, 2014 Share Posted October 31, 2014 Or Verizon Wireless has changed due to pressure. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 31, 2014 Author Share Posted October 31, 2014 Perhaps but I really doubt it. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted October 31, 2014 Share Posted October 31, 2014 Well, I tried it in two browsers on my iPhone 6, and no broadcast UID listed on that website. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 31, 2014 Author Share Posted October 31, 2014 I dunno then.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.