Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF Hints At Lawsuit Against Verizon For Its Stealth Cookies

Posted by timothy on from the as-well-they-might dept.

An anonymous reader writes A few weeks ago I noted how security researchers had discovered that Verizon has been injecting a unique new 'stealth cookie' identifier into all user traffic that tracks user online behavior, even if the consumer opts out. Using a unique Identifier Header, or UIDH, Verizon's ham-fisted system broadcasts your identity all across the web — and remains intact and open to third-party abuse — even if you opt-out of Verizon's behavioral ad programs. Now the Electronic Frontier Foundation has filed a complaint with the FCC and has strongly indicated that they're considering legal action against Verizon for violating consumer privacy laws.

13 of 81 comments (clear)

  1. how about lets give a good link by Kazman20 · · Score: 5, Informative

    here's the link to the actual EFF press release/post, not some random board post linking to it. https://www.eff.org/deeplinks/...

  2. It's so cute... by sconeu · · Score: 4, Funny

    It's so cute when they think that laws apply to $BIG_CORPORATIONS

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    1. Re:It's so cute... by Anonymous Coward · · Score: 5, Insightful

      It's doubly cute when they've done it before and won. :)

    2. Re:It's so cute... by LessThanObvious · · Score: 4, Insightful

      The EFF doesn't mess around, good for them. I almost wish my Verizon phone did that tracking. I'd love to be included in that class action. I'd have to make a copy of the $10 check I'd get in two years so I could frame it. I pay Verizon well over a $100 a month. If they think they need to sell out their users privacy on top of that revenue then screw them.

  3. Re:AT&T doing same but here's the opt-out link by cheater512 · · Score: 4, Funny

    Its surprising more people don't do this. 205.234.28.93 is easily remembered and just rolls off the tip of your tongue.

  4. Not a simple carrier of bytes ? by Alain+Williams · · Score: 3, Interesting

    If Verison is fiddling with the packets going back & forth does it not lose its 'data carrier' status and become one with the end user ? So: if Disney/... sues an end user for downloading it's lastest film: then Verison should be part of the lawsuit as well and liable to pay Disney for the ''theft of its IP''.

    .Verison cannot have it both ways, it either copies bytes and the user is 100% responsible or it fiddles with them and so is aware of the content and is thus vicariously liable for any wrong doing.

  5. Wait, what? by canadiannomad · · Score: 5, Interesting

    Just reading through the EFF page on this and it sounds like they got a patent on setting a header to track... Wow. That just sounds, ... , I don't know, but :(

    --
    Hmm, the humour and sarcasm seem to have been be lost on you.
  6. slashdot censorship Soviet Union stye! by Browzer · · Score: 4, Interesting

    While viewing stories in "0 Abbreviated and 0 Hidden" mode I noticed threads where the parent comment was missing but the replys are still there!

    Censorship Soviet Union style (pre photoshop) http://en.wikipedia.org/wiki/C...

  7. So, what happens ... by PPH · · Score: 3, Interesting

    ... if my web browser already uses the X-UIDH header label? If Verizon monkeys with it, they could be breaking some app. And get charged with tampering. Never mind that I just set it to:

    X-UIDH: Go suck an egg.

    And if only a few people directed their web traffic through a simple proxy that rewrites the X-UIDH header, we could really screw with Verizon's plans.

    --
    Have gnu, will travel.
  8. So, what happens ... by Anonymous Coward · · Score: 5, Interesting

    I tried this. They delete your header and replace it with a new one.

    IANAL, but I think this violates wire tapping laws, copyright laws, and trespass of chattel laws. Under copyright and trespass of chattel laws you don't need to prove actual damages. If you can claim a "per incident" bases, the money could add up quickly.

    It also looks like it violates their own terms of use and privacy policy pages.

    What would be interesting is to use their arbitration clauses against them. They say that the arbitrator has all the powers of a court, so you should be able to ask for relief as both money and an injunction that they add this header to "your" connections. If the arbitrator cannot rule this way, then they lose their protection against class action suits.

  9. EFF -- picking ACLU's ball and running by mi · · Score: 3

    Good to see somebody doing, what ACLU used to do...

    --
    In Soviet Washington the swamp drains you.
  10. What about intercepting and hacking my data? by Kludge · · Score: 5, Interesting

    Is this not an illegal man-in-the-middle intercept and hack of my data?
    I created (via my web browser) the http header and request. My device sent that http header and request to another computer with whom I want to communicate. Someone (ATT, Verizon) intercept my data, read it, hack it, and send it along. How is this not completely illegal.

  11. Re:The code rotates randomly every week by Shados · · Score: 3, Insightful

    It still gives you a unique identifier (even if its encrypted, its deterministic enough to be used as an ID even if you can't decrypt it) that lets you uniquely identify a household for a period of time. Combined with other more legit tracking methods, you can do some deliciously evil things with it...