When information came out earlier this month that some mobile carriers were injecting unique identifying “supercookies” into their users’ Web traffic, privacy groups and users were angered. The practice, used by Verizon and AT&T, enables advertisers to track users’ behavior and assemble information on their activities. Now, AT&T says it has ended the practice.
AT&T officials told ProPublica that the company has phased out the practice of using the identifiers on its network. The identifier is actually an HTTP header and there is no real mechanism for a user to turn it off. Officials at the EFF said that the practice is a boon for advertisers and a mess for users.
“Like a cookie, this header uniquely identifies users to the websites they visit. Verizon adds the header at the network level, between the user’s device and the servers with which the user interacts. Unlike a cookie, the header is tied to a data plan, so anyone who browses the web through a hotspot, or shares a computer that uses cellular data, gets the same X-UIDH header as everyone else using that hotspot or computer. That means advertisers may build a profile that reveals private browsing activity to coworkers, friends, or family through targeted advertising,” Jacob Hoffman-Andrews of the EFF wrote.
“Also unlike a cookie, Verizon’s header is nearly invisible to the user and can’t be seen or changed in the device’s browser settings. If a user clears their cookies, the X-UIDH header remains unchanged. Worse, ad networks can immediately assign new cookies and link them to the cleared cookies using the unchanged X-UIDH value.”
Kenn White, a security researcher who is involved in the TrueCrypt audit and other projects, has built a site that will test visitors’ phones and determine whether the device is sending the controversial header. White said late last week that the data from the site shows a significant drop in the number of AT&T customers sending the ID in their headers.
“Data over past 8 days on http://lessonslearned.org/sniff show AT&T tracking IDs down significantly,” he said.