For the last several months, cybersecurity experts have been warning Verizon Wireless that it was putting the privacy of its customers at risk. The computer codes the company uses to tag and follow its mobile subscribers around the web, they said, could make those consumers vulnerable to covert tracking and profiling.
It looks as if there was reason to worry.
This month Jonathan Mayer, a lawyer and computer science graduate student at Stanford University, reported on his blog that Turn, an advertising software company, was using Verizon’s unique customer codes to regenerate its own tracking tags after consumers had chosen to delete what is called a cookie — a little bit of code that can stick with your web browser after you have visited a site. In effect, Turn found a way to keep tracking visitors even after they tried to delete their digital footprints.
The episode shined a spotlight on a privacy issue that is particularly pronounced at Verizon. The company’s customer codes, called unique ID headers, have troubled some data security and privacy experts who say Verizon has introduced a persistent, hidden tracking mechanism into apps and browsers that third parties could easily exploit.
While Internet users can choose to delete their regular cookies, Verizon Wireless users cannot delete the company’s so-called supercookies.
–
Some leading data-privacy and security experts contend that Verizon’s use of unique and persistent customer ID tags makes its subscribers vulnerable to covert online tracking by third parties.
Harold Feld, a senior vice president at Public Knowledge, a nonprofit group that focuses on information policy, said Verizon’s use of supercookies highlighted the need for stronger privacy laws regulating wireless Internet services.
The practice has given ammunition to supporters of net neutrality — the idea that the Internet should be a level playing field for companies of all sizes — who have lobbied the F.C.C. to reclassify broadband providers as common carriers.
If that happens, it could prohibit carriers like Verizon from selling intelligence about its customers for ad-targeting purposes.
“Stuff like this is worse than what Google or Facebook or anyone else does,” Mr. Feld said. “I can avoid Google and Facebook, in theory at least. But if the network operator is going to spy on me, there is nothing I can do about it.”
