I once wrote a bit of code to randomly change specific cookie data strings a few characters at a time every fifteen minutes to get around another company doing this. I should resurrect it and sell it for a few bucks.
PROOF the undead STALK Verizon users: Admen caught using 'perma-cookie'
Researchers have spotted an advertising agency using Verizon’s indestructible cookies to silently track people across the internet. Back in 2012, Verizon started injecting a "unique identifier token header" (UIDH) into each HTTP request sent through its mobile data network; these identifiers are unique to each subscriber and …
COMMENTS
-
Thursday 15th January 2015 20:58 GMT Eddy Ito
So if I add several headers that look just like Verizon's UIDH, will they scrape it off when they add their own or will it just be extra? I'm just curious to know if it's possible to send a HTTP request out with a dozen different UIDH headers and up the noise to signal ratio. I suppose it's possible to configure a device to use a proxy or vpn that scrapes the header. Hmm, anybody think folks would pay for a header scraping service?
-
Thursday 15th January 2015 21:28 GMT Adze
Probably... if they didn't have to do anything more than "Monkey see app, monkey press app, monkey like app, monkey rate app 3 stars, would have been 5 if free"
For the supersimian, OpenVPN is still free if memory serves and has a free Android & IOS app - choose your OpenVPN host and attendent proxy and, while I can't burden this with any proof, your UIDH worries could well be over.
-
Thursday 15th January 2015 21:43 GMT Anonymous Coward
Maybe we need a "Je suis UIDH" campaign where loads of people generate spurious UIDH headers and Verizon subscribers publish their headers anonymously so that others can copy them and reduce their value to advertisers?
If the guids in cookies are no longer globally unique then they are useless to trackers like Turn.
I for one would be more than happy to help out, anonymously!
-
Friday 16th January 2015 13:21 GMT Charles 9
"For the supersimian, OpenVPN is still free if memory serves and has a free Android & IOS app"
Any host not owned by you is likely to be backdoored by whoever government runs the country the server's hosted in. As for making your own, that can be tricky. I'd love to use the one built into my home router, but it only supports TAP mode, and TAP support on Android 4 and up is only possible through a convoluted method that, frankly, doesn't work yet with the router.
-
-
Thursday 15th January 2015 22:17 GMT Daggerchild
From the length of it I'd say it's maybe digitally encrypted and signed (or at least checksummed) so they know when it's corrupted or faked. Of course I may be giving them too much credit..
But you *can* probably still use it to impersonate others, as far as the Evil Overlords tracking you are concerned.
-
-
-
Thursday 15th January 2015 21:20 GMT Haku
Re: I know the article specifically stated Verizon Mobile
Take your pick from the many many sites that offer this service:
-
-
-
Friday 16th January 2015 07:33 GMT Mike Bell
Re: How about a new UIDH
There already is such a header in existence: Do Not Track
I have this set whenever I use various browsers, but the ad men just ignore it. Microsoft didn't help by setting the header by default in a version of Internet Explorer. That annoyed the ad men greatly, to the extent that they will have nothing to do with it.
-
Thursday 15th January 2015 23:27 GMT elDog
The Verizon UIDH is added to the content headers
After the HTTP request was completely built within the browser/client. I would imagine that any smart (dumb) reader of your HTTP requests would simply ignore fake ones injected during legitimate surfing and pick up the one illegitimately (and probably illegally) by your ISP.
FWIW, I've submitted comments via http://amibeingtracked.com/ to Verizon Wireless and the FCC and separately to VZW during a bill payment discussion. I say For What Its Worth because the corporations can't admit that what they're doing is wrong without getting slapped with lawsuits.
I also use a proxy service (PrivateInternetAccess) which should prevent this type of behavior but might introduce its own flavor of tracking... Just sayin'.
-
Friday 16th January 2015 01:53 GMT Anonymous Coward
Ad industry behaviour
"When he tried it, the cookie reappeared and the opt-out cookie had been deleted."
Frankly they're actually their own worst enemy, and their behaviour is the best possible advertisement for adblocking imaginable. It doesn't fix the basic privacy issue, but at least it makes their tracking an irrelevance.
I wonder when they'll start lobbying to have adblocking classified as terrorism and banned.
-
-
Friday 16th January 2015 03:06 GMT Charles 9
Re: Thius is one of the best arguments...
Unless, of course, Verizon MITM's everything that goes through its network, meaning you're screwed no matter what you do. As I understand it, the injection occurs at their which is why you can't remove it (since it occurs at an upstream point beyond your control). The only reasons tunnelled connections aren't tagged is because Verizon's servers can't MITM them and recognize them for what they are.
-
-
Friday 16th January 2015 03:17 GMT skeptical i
Hangin's too good for 'em.
re: "Turn absolutely respects a consumer’s opt-out preference when expressed in the only way the online ad industry is sure to recognize[.]”
Hire Keanu Reeves and Bruce Willis to dive through the matrix to Turn's offices and reduce them, their machines, and their cloud to a smoldering hulk before frog-marching the perps responsible for this idea to the public square to be tarred and feathered? (The managers and CEOs, not necessarily the worker bees punching out the code.)
This "if you use our service, we can do with you what we like" sense of entitlement has really gone too far.