Verizon Allows Opt Out of UIDH Mobile Supercookie

Verizon fios gateway flaw

Verizon Wireless has made a change that now allows customers to opt out of the ad-targeting program that relies on the so-called supercookie identifier that was inserted into Web requests users send. The use of the identifier, known as a UIDH, drew the ire of privacy advocates and users when it was exposed last year.

The UIDH (unique identifier header) is different than normal cookies in a number of ways, most importantly in that users typically aren’t aware of its existence and have no real way to delete it. Verizon uses the identifier to send information about users to advertisers as part of its Relevant Mobile Advertising and other programs.

“For RMA and Verizon Selects, our ad partners use the UIDH as an anonymous identifier. When the ad partners see the identifier, they can determine that the device is part of a group an advertiser is trying to reach and then serve the right advertisement,” the company says in an FAQ about the UIDH.

When the use of the UIDH by Verizon came to light last year, privacy advocates decried the practice.

“Like a cookie, this header uniquely identifies users to the websites they visit. Verizon adds the header at the network level, between the user’s device and the servers with which the user interacts. Unlike a cookie, the header is tied to a data plan, so anyone who browses the web through a hotspot, or shares a computer that uses cellular data, gets the same X-UIDH header as everyone else using that hotspot or computer. That means advertisers may build a profile that reveals private browsing activity to coworkers, friends, or family through targeted advertising,” Jacob Hoffman-Andrews of the EFF wrote at the time. 

AT&T used a similar tracking identifier, but stopped the practice last fall. Verizon is now giving users the ability to opt of the RMA ad program that uses the UIDH, but it is not discontinuing its use altogether.

“Verizon Wireless has updated its systems so that we will stop inserting the UIDH after a customer opts out of the Relevant Mobile Advertising program or activates a line that is ineligible for the advertising program. Government and enterprise lines are examples of ineligible lines. The UIDH will still appear for a short period of time after a customer opts out of the Relevant Mobile Advertising program or activates an ineligible line,” the company said in its FAQ

However, the company said it will still use the UIDH for customers who are part of its Verizon Selects ad program.

“If a customer chooses to participate in Verizon Selects, the UIDH will be present even if the customer has also opted out of the RMA program,” the company says.

Suggested articles

Discussion

  • Tom Betz on

    There is no web-based opt-out available; and when you call the phone number Verizon Wireless provides, (866) 211-0874, it demands your account password. On your phone. If you use capital letters in your password, you are SOL.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.