Two And A Half Years Later, Verizon Finally Lets People Opt Out Of Its Stealth Zombie Cookie
from the that-took-a-while dept
Back in 2008, Verizon proclaimed that we didn’t need additional consumer privacy protections (or opt in requirements, or net neutrality rules) because consumers would keep the company honest. “The extensive oversight provided by literally hundreds of thousands of sophisticated online users would help ensure effective enforcement of good practices and protect consumers,” Verizon said at the time. Six years later and Verizon found itself at the heart of a massive privacy scandal after it began covertly injecting unique user-tracking headers into wireless data packets.
The headers not only allow Verizon to ignore browser privacy settings to track online behavior, it allows third parties to do so as well (something Verizon initially denied). Worse, perhaps, while users could opt out of the personalized ads delivered by the system, they couldn’t actually opt out of having their online behavior tracked. Initially, Verizon responded to the controversy by repeatedly downplaying it, but as it became clear regulators and lawyers were contemplating action, Verizon stated in February that it would finally let users opt out.
As of last week, Verizon’s mobile advertising FAQ now states that users can choose whether they want to let Verizon manipulate their traffic and spy on them:
“Verizon Wireless has updated its systems so that we will stop inserting the UIDH after a customer opts out of the Relevant Mobile Advertising program or activates a line that is ineligible for the advertising program. Government and enterprise lines are examples of ineligible lines. The UIDH will still appear for a short period of time after a customer opts out of the Relevant Mobile Advertising program or activates an ineligible line. If a customer chooses to participate in Verizon Selects, the UIDH will be present even if the customer has also opted out of the RMA program.”
Users can either opt out of the company’s snoopvertising via the privacy settings at the Verizon website, or by calling 866-211-0874.
So was Verizon right in that the public would keep the company honest? While that did ultimately happen here, it’s worth noting that it took the nation’s best security researchers two years to even notice that Verizon was embedding the headers. It took Verizon another six months (and a pretty merciless and sustained beating from the media and privacy advocates) before it finally allowed users to opt out of the traffic manipulation. And, while groups like the EFF would prefer the system be opt in, this is likely where Verizon’s latest privacy scandal gets put to bed.
It makes you wonder just how long it will take the public to discover Verizon’s next great innovation in snoopvertising?
Filed Under: advertising, privacy, stealth cookie, uidh, user tracking, zombie cookie
Companies: verizon
Comments on “Two And A Half Years Later, Verizon Finally Lets People Opt Out Of Its Stealth Zombie Cookie”
There's a catch to the "opt-out"
You can’t opt out using the toll-free number if the login to your Verizon Wireless account uses capital letters in the password. When I called 866-211-0874, it demanded my account password.
And, of course, there is no web-based opt-out on the VZW web site.
So for me to pot out, I have to change my password first.
Re: There's a catch to the "opt-out"
And, of course, there is no web-based opt-out on the VZW web site.
It’s linked from the story.
https://login.verizonwireless.com/amserver/UI/Login?realm=vzw&goto=https%3A%2F%2Fwbillpay.verizonwireless.com%3A443%2Fvzw%2Fsecure%2FsetPrivacy.action
This really makes a good point.
“…Government and enterprise lines are examples of ineligible lines. …”
Says it quite clearly, doesn’t it? –
One set of rules for the government and its corporate owners;
One for the riff-raff who just can’t be trusted.
Re: This really makes a good point.
“The UIDH will still appear for a short period of time after a customer opts out of the Relevant Mobile Advertising program or activates an ineligible line. If a customer chooses to participate in Verizon Selects, the UIDH will be present even if the customer has also opted out of the RMA program.”
That says even more…. for a “short period of time” government and corporate lines will also be tracked… and it’ll all get turned back on again if someone enables Verizon Selects.
Makes me think it’s almost worth using the tracking header myself to look for recently activated corporate and government handsets 🙂
They changed the Privacy Policy Opt-Out page.
There is no longer even a mention of the X-UIDH opt out there. The last time I looked, it listed the toll-free opt-out number (that requires a password to use) and a link to sign up for Verizon Selects (which uses the X-UIDH).
That’s it.
Re: Kicking and screaming the whole way
“Sure we’ll let you opt out of our intrusive spying program… should you manage to find the contact information, change your password, call a number that may or may not be listed, and provide the secret code of the day(which changes every 24 hours, and is likewise never listed), and lastly personally meet our CEO or CFO and give them the double-secret handshake.
Once you’ve done all that, we will be glad to opt you out of the system, and the process should only take a couple of month to get through the system.”
Re: They changed the Privacy Policy Opt-Out page.
There is no longer even a mention of the X-UIDH opt out there.
“This program uses a unique identifier, also known as a Unique Identifier Header or UIDH, that is inserted into certain web traffic to deliver ads to your mobile device… The UIDH discussed above will stop being inserted in web traffic from your device after you opt out of the Relevant Mobile Advertising program.”
Re: They changed the Privacy Policy Opt-Out page.
It’s worth noting that some people tell me the portion needed to opt out doesn’t show up if you ad blocker enabled on the page…
Re: Re: Turned off the uBlock...
… and the UIDH info displays.
Thanks!
It was the government, not consumer threat
Verizon couldn’t care less what regular people think, and they didn’t change this policy because of the massive outcry over it. They changed the policy because it became clear that the government was starting to look for scalps. While the former undeniably led to the latter, it was the latter that actually mattered. If all that happened was vitriol from the masses, nothing would have changed at all.
Verizon was wrong when it said that public pushback would keep them honest.
Re: It was the government, not consumer threat
Verizon was lying when it said that public pushback would keep them honest
Fixed.
The Principle of Opt-Out
If it’s opt-out, it’s abusive.
Nobody in the history of ever has needed to deceptively force people to do something that they really wanted to do; that’s reserved exclusively for things that nobody wants. Whether it’s telemarketing or spyware or spam or anything else doesn’t matter: the principle holds.
Prediction: in eight months, Verizon will quietly reset all the opt-out preferences to “no”. Fifteen months later when that’s discovered, they’ll deny it. Four months after that they’ll call it a “glitch”. Seven months after that they’ll say that the opt-out “expired”. A year after that they’ll make everybody do this song-and-dance again. And why not? It’s not like their executives will be prosecuted and tossed in federal prison for this: if anything, they’ll get bonuses.
Have they actually done this or are they just saying they are?
Considering how long they have been lying about this to people’s faces are you really just going to take them at their word on this?
Re: Re:
Many people have reported that the UIDH header has been removed following their opting out, so it looks like they’re really doing it. As always, you can test your own situation by going to a site like amibeingtracked.com.
Opt-out vs. opt-in.
I’ve noticed that I’ve become conditioned in our tickbox-rife world. Whenever I see an opt-in option, I expect it’s either the Right Thing To Do, or something that generally benefits me.
[ ] Can we use your usage data (anonymized) to improve the product?
[ ] Do you want access to the command-line console?
[ ] Can we send you our newsletter? (Might contain spam. Only to you.)
Whenever I see opt-out options, generally they tend to be of dubious benefit to me.
[X] Can we sell your personal data to our affiliates?
[X] Can we use your likeness to endorse our products?
[X] YES! Please track down all my FACEBOOK friends and send them spam! Say it’s from me!
And I remember how Windows Genuine Advantage which didn’t even announce itself or give an opt-out choice was exactly the sort of thing you didn’t want on your computer.
Verizon may have had better results with opt-in.
[ ] YES! I totally want Verizon’s stealth zombie cookie!
Plain and simple
This is like telling a stalker that you’ve ‘opted-out’ of being stalked.
I’m pretty positive that if it were an ‘opt-in’ option that nobody would do it – which speaks loud and clear on how pervasive it really is.
Been replaced
If 6 months or 2 yrs from now it’s discovered that the Supercookies had been replaced by something even more undetectable (DPI,etc).. color me very very unsurprised.
No Opt-out for Prepaid
Verizon Prepaid customers can not use the web based form to opt out.
I was already opted out
I followed the link to the privacy settings and was surprised to see that I was already opted out of this program. I guess it’s possible that someone else on my account opted out, but based on who they are that strikes me as awfully unlikely.
Oh boy
Our benevolent Verizon overlords allowing us to not be spied on? How kind of them.