Slashdot Mirror
Verizon Injects Unique IDs Into HTTP Traffic
An anonymous reader writes: Verizon Wireless, the nation's largest wireless carrier, is now also a real-time data broker. According to a security researcher at Stanford, Big Red has been adding a unique identifier to web traffic. The purpose of the identifier is advertisement targeting, which is bad enough. But the design of the system also functions as a 'supercookie' for any website that a subscriber visits. "Any website can easily track a user, regardless of cookie blocking and other privacy protections. No relationship with Verizon is required. ...while Verizon offers privacy settings, they don’t prevent sending the X-UIDH header. All they do, seemingly, is prevent Verizon from selling information about a user."
Just like they said they would.
Fucking scumbags.
They should offer this to the user as an option, where the user has to pay less when tracking is enabled. Otherwise this is abuse of market power to make users agree to being tracked.
Don't use Verizon as your ISP?
Knowledge Brings Fear
They can't inject into secure traffic. HTTPS solves this problem too.
I wonder... if we wrote addons for popular browsers that would inject bogus X-UIDH headers into every request, whether we could make this kind of inappropriate privacy intrusion prohibitively expensive. If it works as he surmises, maybe we can overwhelm Verizon's ad exchange platform with meaningless data.
So your theory is that, now that women have been "integrated" in the military, male soldier's sexual needs have been met?
It little behooves the best of us to comment on the rest of us.
As a sysadmin, you should know that it is easy and cheap to rent a VPS (Virtual Private Server). Then, run squid on the server, or do some fancy routing to send all your web traffic out via a VPN to your VPS. Since most VPS services offer a minimum of 1TB of monthy data, there should not be any excess data usage charges.
The real "Libtards" are the Libertarians!
Judging by the sexual harassment reports, I'm guessing no. They must be cutting back on cycling soldiers through SE Asia.
Two of my imaginary friends reproduced once
Not just sexual harassment. It's safer for a supermodel to walk down MLK in your favorite large city naked than a homely woman to walk from one end of Fort Hood to the other, wearing ACUs after dark.
When soldiering becomes less of a duty and more of a way to delay starting out your life of dismal poverty, you start making the wrong kind of army.
.
FTFY.
And lose access to several websites. Slashdot, for example, redirects HTTPS hits to HTTP for non-subscribers because ad networks have been slow to implement HTTPS. And a lot of shared web hosts don't support HTTPS because their policies haven't been updated in the six months since the last major Server Name Indication-ignorant desktop web browser (IE on Windows XP) reached end of support in April. But HTTPS support is the second biggest reason I stopped going to TV Tropes in favor of All The Tropes (after licensing).
Well, they could put a proxy between but you'd get warnings about bad certificates. They could tell you to add theirs as a trusted cert, but at that some point nobody can stop someone else from putting a gun to their own head and pulling the trigger if they are that intent on bypassing the SSL security.
Worse yet, they could preload that cert into the phone's ROM image and not let you remove it.
For all users other than subscribers and karma-capped users who have checked "Disable Advertising", Slashdot is funded by advertisements. Using an HTTP ad network from an HTTPS site would be blocked as mixed content, and HTTPS support among ad networks is very new. AdSense, for example, didn't support HTTPS until September of last year.