back to article EFF: VPNs will crumble Verizon's creepy supercookie stalkers

The Electronic Frontier Foundation says Verizon's silent supercookies, which always follow subscribers around the internet, are being abused by creepy advertisers to push targeted ads. The EFF says people should start using encrypted VPNs by default to claw back their privacy, because opting out of the system is not enough. …

  1. Nate Amsden Silver badge

    might it be easy

    to make a firefox (or other browser plugin) to get rid of this header? or perhaps just bake it directly into the browser. Enough users would benefit from it anyway.

    1. Anonymous Coward
      Anonymous Coward

      Re: might it be easy

      Nope.

      They add in the header on-the-fly while your web-request is going through their servers on the way to the destination (website). So this is not something you can stop with a browser plug-in or anything else on the client, exept a VPN.

      Mind you, the VPN provider 'could' in theory do the same (or worse), as your data is passing through their servers. Therefore it's important to use a VPN provider that you trust (many of them don't even show who is behind it or even what country they operate from, some are even sponsored by the CIA). Personally I use Citizenvpn because they seem to care about this.

      1. Mark 65

        Re: might it be easy

        Maybe more HTTPS could be the way. I'm assuming you cannot modify that header without MITM the interaction between user and website and thus that would form an interception of communication etc even though, arguably so does the current wrongdoings.

    2. Tom Chiverton 1

      Re: might it be easy

      Better - everyone installs a plugin that adds a unique random UIDH header to their requests, even if they are not on the evil network.

  2. Mark 85 Silver badge

    Simples....

    Don't use cellular to web browse. Or is that not an option in many places? I have to wonder if, since you using Verizon if they're not also tracking via their system and the web destination is kept on their servers.

  3. Gene Cash Silver badge

    Even simpler

    Don't use Verizon or AT&T. They've got the crappiest service and worst contracts anyway. Voting with your wallet is the only thing they understand.

    Edit: How is this not already a class-action by some opportunistic lawyers? I don't live in the Land Of The Litigious for nothing, ya know!

    1. Charles 9 Silver badge

      Re: Even simpler

      "Edit: How is this not already a class-action by some opportunistic lawyers? I don't live in the Land Of The Litigious for nothing, ya know!"

      Because both Verizon and AT&T have lawyers of their own, and there's not specific law that states, "Thou shalt not track thy customers."

    2. Anonymous Coward
      Anonymous Coward

      Re: Even simpler

      "Don't use Verizon or AT&T."

      Is there much other choice for left-ponders? Serious question; for the rest of us reading the comments on US mobile on here, you're often left with the impression that these two are about all there is.

      It's rare you find companies that could give our own BT lessons in mendacity, but Verizon and AT&T seem to be in a class of their own. I also seem to recall Rogers injecting their own ads into users web pages a few years ago; nice providers you have!

      1. Charles 9 Silver badge

        Re: Even simpler

        About the only reliable options left after Verizon and AT&T are T-Mobile and Sprint. T-Mobile's the most reasonable at this time: they use GSM-based phones, provide some nice perks albeit with less coverage area, and are pretty much forced to focus on customers (since they need to steal who they can from the big two).

        Having said that, how long do you think before the big two find some way to track you in spite of VPNs?

    3. Mad Hacker
      FAIL

      Re: Even simpler

      You say: Don't use Verizon or AT&T. They've got the crappiest service

      What?! In the U.S. they are the only ones with good coverage. They have the best service. (You didn't mean customer service right?)

  4. Anonymous Coward
    Anonymous Coward

    I guess.....

    ..that this would be illegal in the EU. Is that correct?

  5. Hud Dunlap
    Paris Hilton

    Cellular Only?

    Or can they do it on land line connections or wi-fi. Can pretty much means they will.

  6. Binnacle

    do-not-track possibly solves the issue

    I've had the "do not track" setting active on my iPhone since it was introduced. Three different UIDH sites show no evidence of the header when my phone accesses them via the Verizon data network, so perhaps Verizon observes this header and suppresses their perma-cookie header. Either that or the UIDH header is not injected for 3G-only phones, which is what I have.

  7. JCitizen
    Coffee/keyboard

    Avast offers SecureLine VPN..

    I thought that offer was a little excessive, but now I see why. Of course ALWIL Software would probably track you too, but no more than most cookies do out there anyway. I'd have to read their EULA to see how invasive they are.

  8. oneeye

    privacy app,that works on ios,& osx

    On Sprint in US,the tracking to deliver relevant ads is an opt in and NOT default. Also there is an app for android that Google removed shortly after granting them access to playstore. Do a search for "Disconnect" and the apk. Is downloadable from their site. It does block some ads,and that was why they got the boot,but not all ads. Just the worst ad platforms. They have their app in Apple's store as that was their debut. I have used it,and it works ok,but can be a little problematic at times. You will know you have the official site if their blog page has the article about Google banning the app,after having allowed it first.

  9. GordonD

    Treat it like the disease it is

    This kind of privacy invasion is like a disease.

    To take the analogy a little further, the best solution is to not go near the source of infection ( quit Verizon).

    If you have to expose yourself, for whatever reason, a VPN is the Sanyo biohazard suit; protects against pretty much all injection attacks of this kind; pretty good against related diseases like NSA, FBI, etc.

    There are other defences, an anonymising proxy for example might help; some are like general spectrum antibiotics, they strip out all unknown evil headers and maybe even some evil cookies; others are disease specific so they only provide protection once the disease has been recognised. SSL proxies are almost as good as a VPN in this context.

    TOR, while of great value generally, is pretty much useless in this context.

  10. RW

    Marketing = organized lying

    Marketers are de facto professional liars. They lie to potential customers about the goods and services they advertise, they lie to the people who hire them, and they lie to themselves about the effectiveness of their antics.

    I use Adblock+ so I see few ads, but in my twenty year history on the web, I can't recall making a single purchase as a result of an ad, even during the many years before AB+ .Amazon manages to make a few hits via their internal system of recommendations. Quite astonishing that so many people would work so hard to snoop on so many others without anything significant eventuating in consequence.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022