AT&T, Verizon Using 'Perma-Cookies' to Track Customer Web Activity
Both Verizon and AT&T appear to be engaging in some unsavory customer tracking techniques, using unique identifying numbers to deliver targeted advertisements to customers in what's called "Relevant Advertising." As outlined by Wired, Verizon is altering the web traffic of its customers by inserting a Unique Identifier Header or UIDH, a temporary serial number that lets advertisers identify Verizon users on the web.
According to Jacob Hoffman-Andrews of the Electronic Frontier Foundation, the UIDH serves as a "perma-cookie" that can be read by any web server to "build a profile" of internet habits. Verizon users cannot turn off the UIDH, but opting out of the Relevant Mobile Advertising Program prevents the information from being used to create targeted ads.
Verizon has been using Relevant Advertising techniques for two years, but the tracking has gone largely unnoticed until recently, when extra data from Verizon customers was noticed. AT&T appears to be engaging in similar tracking activities, and is testing its own Relevant Advertising system.
According to Forbes, AT&T is testing a similar code insertion program that will allow websites to track AT&T customers. Like Verizon, AT&T has plans to make the tracking codes temporary as a "privacy-protective measure," but according to one of the researchers that discovered the tracking, Kenneth White, the codes that AT&T is sending to some customers are persistent.
AT&T does not currently have a mobile Relevant Advertising program. We are considering such a program, and any program we would offer would maintain our fundamental commitment to customer privacy," read a statement from AT&T. "For instance, we are testing a numeric code that changes every 24 hours on mobile devices to use in programs where we serve ads to the mobile device. This daily rotation on the numeric code would help protect the privacy of our customers. Customers also could opt out of any future AT&T program that might use this numeric code."
Unlike Verizon, AT&T will not include the unique identifier code in the IP packets of customers who have opted out of the company's Relevant Advertising program.
Both Verizon and AT&T customers can check whether their devices are sending identifying codes by visiting a website created by aforementioned security researcher Kenneth White. Verizon customers appear to be unable to opt out entirely, but AT&T customers can visit the following website on their mobile devices (while connected to the AT&T network) to turn off Relevant Advertising: http://18.104.22.168/mobileoptout/.