Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Stops Using 'Super Cookies' To Track Cellphone Data

Posted by timothy on from the turns-out-people-hate-that dept.

jriding (1076733) writes AT&T Mobility, the nation's second-largest cellular provider, says it's no longer attaching hidden Internet tracking codes to data transmitted from its users' smartphones. The practice made it nearly impossible to shield its subscribers' identities online. Would be nice to hear something similar from Verizon.

60 comments

  1. Correction by sunderland56 · · Score: 4, Insightful

    AT&T *claims* to have stopped using internal tracking codes.

    Whether or not you believe one of the top 3 most evil corporations on the planet is up to you.

    1. Re:Correction by DaMattster · · Score: 1

      AT&T *claims* to have stopped using internal tracking codes.

      Whether or not you believe one of the top 3 most evil corporations on the planet is up to you.

      I wouldn't believe anything any of the large telecom companies say with the possible exception of T-Mobile. And even with T-Mobile, I'm likely to have a healthy dose of skepticism.

    2. Re:Correction by kesuki · · Score: 2

      no, they 'claim' the have stopped doing it with CELLPHONE data. everything else is still fair game as far as i read it. cellphones already are tracking devices so super cookies are redundant.

      --
      https://www.gnu.org/philosophy/free-sw.html
    3. Re:Correction by Anonymous Coward · · Score: 1

      proper translation: "we found another way to do the same thing"

    4. Re:Correction by meerling · · Score: 4, Funny

      They have, honest.
      Now they use their new ultra secret tracking brownies.

    5. Re:Correction by Anonymous Coward · · Score: 0

      AT&T *claims* to have stopped using internal tracking codes.

      Let's find out: http://lessonslearned.org/sniff

    6. Re: Correction by Anonymous Coward · · Score: 1

      Just check for yourself here: http://lessonslearned.org/sniff

      I verified my AT&T phone is no longer including the cookies.

    7. Re: Correction by Anonymous Coward · · Score: 0

      ....... phone is no longer including the cookies.

      How about brownies?

    8. Re:Correction by l0n3s0m3phr34k · · Score: 1

      LOL they stopped using *that particular implementation*, will probably wait a few months, then roll it out again under a different name and just keep more of a lid on it this time.

    9. Re:Correction by Anonymous Coward · · Score: 0

      If they found a better way to track your ass i can still believe in the idea that they stopped using tracking cookies...

    10. Re:Correction by Anonymous Coward · · Score: 0

      At&t isn't anywhere near the top 3 most evil corporations on the planet.

      maybe somewhere in the top 20 or 40 at best. worst..

      i mean hell they don't even kill people to make their money. unlike so many others.

    11. Re:Correction by Anonymous Coward · · Score: 0

      Who's being naive now , Kay?

    12. Re:Correction by Anonymous Coward · · Score: 0

      You could just check your headers yourself. It's 100% verifiable on the user end.

    13. Re:Correction by Anonymous Coward · · Score: 0

      I sometimes think the way you do, but I think if put it things into perspective, the many companies that do things like poison the environment, abuse children, and maim and kill workers are probably slightly higher on the "evil corporations" scale ;)

      Still, it's no joke that they enthusiastically treat our information and privacy with such callousness and carelessness.

    14. Re:Correction by Anonymous Coward · · Score: 0

      Does this mean that I'm still tracked if I browse in 'Desktop Mode'?

  2. Somehow I doubt by rbgaynor · · Score: 1

    "Would be nice to hear something similar from Verizon" Somehow I doubt we will hear them now...

    --
    "Good things don't end with eum, they end with mania or teria." - H. Simpson
  3. Why even report on it? by Anonymous Coward · · Score: 0

    It isn't verifiable. Trusting a corporation not to use and monetize information that you will never be able to prove it has isn't a rational act.

    You are tracked in all things when you use a cellphone, period.

    1. Re:Why even report on it? by fustakrakich · · Score: 1

      Why even report on it?...
      It isn't verifiable.

      Not much else to talk about right now. You know, except maybe the weather... Is it raining where you are?

      --
      “He’s not deformed, he’s just drunk!”
    2. Re:Why even report on it? by cduffy · · Score: 1

      How isn't it verifiable? The whole thing that made this extra, extra evil was that they were deanonymizing their clients for everyone to see. Run a web server? Access it from your phone, see if your subscriber ID is still there in a header.

  4. Evenhanded Responses by Tokolosh · · Score: 4, Insightful

    Six comments so far, and all very nice to AT&T. I would have expected more hating.

    I'll try: fuck 'em.

    --
    Prove anything by multiplying Huge Number times Tiny Number
    1. Re:Evenhanded Responses by reboot246 · · Score: 2

      I'm afraid to criticize AT&T. They know my every word and thought, plus they know where I am. :)

    2. Re:Evenhanded Responses by fustakrakich · · Score: 1

      Did it work?

      --
      “He’s not deformed, he’s just drunk!”
  5. before giving ATT kudos.. by rogoshen1 · · Score: 5, Insightful

    The pattern more than likely will be something like this:
    1. get called out for bullshit, anti-consumer practice
    2. Throw out PR spin about how they care about their customers, and don't do said practice
    3. Finally admit to the practice, promise to stop
    4. Wait a length of time until the practice becomes more 'industry standard', and the furor has died down
    5. re implement under a new name

    This tracking garbage is probably far too lucrative -- both to law enforcement (well they see themselves as law enforcement) and advertisers to ever really pass up.

    Now that the genie is out of the bottle, it's not going back in.

  6. hmm by Anonymous Coward · · Score: 0

    This probably means they're just letting someone else on to their network to do it instead. So it would be true that AT&T isn't doing it, they're just letting someone else do it instead.

    1. Re:hmm by koan · · Score: 1

      The same way the NSA ships data to the 5 eyes and lets them do the things they can't.

      --
      "If any question why we died, Tell them because our fathers lied."
    2. Re:hmm by Anonymous Coward · · Score: 0

      Yeah...the NSA doesn't actually "ship" data to any of the scumbag countries participating in this program. The countries participating in the program are contributing their information to the NSA, not the other way around.

      I mean really, do you think an American spy-hut conducting a global surveillance program of the Internet is actually sharing everything they've got with other member nations, a complete blank check? They're fucking spies. US government spies. Spies who have already been demonstrated to be lying through their teeth so many times that they've probably worn them down to the gums from the filth.

  7. Hear something similar from Verizon? Riiight. by jthill · · Score: 4, Informative

    They believe being "compelled" to carry traffic with the content of which theydecide to disagree is a violation of their first amendment rights.

    If you're like me, you flat-out rejected that statement, on sight. Right? There is simply no way that statement isn't some overhyped overheated drama? Clickbait or karma whoring or somebody nursing a grudge?

    By denying Internet service providers their editorial discretion and by compelling them to convey content providers’ messages with which they may disagree, the Order violates broadband providers’ First Amendment rights

    --
    As always, all IMO. Insert "I think" everywhere grammatically possible.
    1. Re:Hear something similar from Verizon? Riiight. by Paradise+Pete · · Score: 2

      That is amazing. I was sure your link would go to some rant-filled blog, but those are Verizon's actual words in the court filing. Unbelievable.

  8. Putting ourselves in such awkward position ... by Taco+Cowboy · · Score: 5, Insightful

    Reading the TFA

    AT&T Mobility, the nation's second-largest cellular provider, says it's no longer attaching hidden Internet tracking codes to data transmitted from its users' smartphones. The practice made it nearly impossible to shield its subscribers' identities online
     
     
    Would be nice to hear something similar from Verizon

    really makes me cringe!

    First of all, why on earth we, the users, putting ourselves at the mercy of companies such as Verizon or AT&T?

    I mean, WE PAID THEM to do the "data carrier job" for us, or in other words, they are not our boss

    Why are we letting them having the power to inserting "super cookies" (or whatever fuck else they can come up with) inside the datastreams that we paid them to carry?

    So many people making so much noise about FREE SERVICES search engines / social sites such as Google or FB for "tracking" them, where the hell are those people when PAID SERVICES such as AT&T and/or Verizon doing the same thing to them??

    Why are we giving away so much of our own rights??

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:Putting ourselves in such awkward position ... by Shakrai · · Score: 2

      You're asking the wrong questions. Here's a better one: Why can't we have a discussion about making https mandatory? At least for websites deployed on IPV6 where there's no address limitations resulting in a need to use virtual hosting. What compelling reason is there to transmit data in clear text?

      Yes, I know that there's nothing technical that stops the telco's from doing MITM attacks, but I highly doubt they would be stupid enough to do this. Many jurisdictions have laws against such behavior and even in those that don't they be assuming an enormous civil liability if certain data (banking credentials) was captured and later compromised.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:Putting ourselves in such awkward position ... by Anonymous Coward · · Score: 1

      Really? You "highly doubt" that the same telco's who are practically bending over backwards to track their own users and sell that shit to the NSA would be "stupid" enough for an MITM attack?

      What you call "stupid" the NSA calls "making their job a hell of a lot easier." What do you think the purpose was behind AT&T sabotaging TLS encryption for e-mail? A MITM attack. You think you're using an encrypted connection but you're actually sending everything in glorious, easily-mined plain text. Well, not any more...supposedly. As other posters have already put it, AT&T announcing that they're no longer injecting tracking IDs into web traffic just means that they've found a less conspicuous way of doing the same thing. They're just testing the waters. They know that the majority of computer users are pretty much apathetic to the whole NSA scandal, they're trying to see how much they can get away with.

      Hell, Verizon started their own tech "news" site where you're not ALLOWED to post anything about the NSA, Edward Snowden, Wikileaks et. al. They're also doing the same form of tracking and they have no plans to stop whatsoever. You think AT&T is going to stand for Verizon having an advantage over them in the customer tracking department? It's worth too much money to them. They don't even need the unique ID's, it's already been demonstrated by researchers that about 81% of TOR users (100% in a "laboratory" setting where there wasn't any other noise or traffic)...just by making clever use of software like Cisco's Netflow. Like I said, it'd make their jobs easier, but clearly from how quickly AT&T dropped their plans, they have a backup plan for spying on you without it. I'm guessing the only reason Verizon hasn't reversed course yet is that they're still trying to figure it out themselves.

      Not like they need to, the NSA has their own simple methods too. Methods like buying ads from Google that come with a bonus helping of super-cookie to keep track of TOR users.

    3. Re:Putting ourselves in such awkward position ... by Shakrai · · Score: 2, Insightful

      Really? You "highly doubt" that the same telco's who are practically bending over backwards to track their own users and sell that shit to the NSA would be "stupid" enough for an MITM attack?

      Spare me the NSA paranoia; this is all about dollars and cents. That's what it all comes down to with any for-profit corporation. Do you seriously think that a Fortune 100 company is stupid enough to mess with encrypted sessions that will contain credentials for financial accounts? HIPAA protected medical information? Communications between attorneys and their clients? Secured sessions for defense contractors and Government employees working with Top Secret data?

      Take the tin-foil hat off long enough to contemplate the fact that Google is being spanked for the incidental capture of plaintext wi-fi packets. What do you suppose happens to the telco company that captures any of the data I've mentioned and subsequently loses it to black hats or a disgruntled employee? They'd be on the hook for millions of dollars worth of civil damages and whatever fines the alphabet soup of regulatory agencies decided to impose upon them. Do you seriously think they'd run that risk for the sake of some incidental ad revenue?

      Moreover, the only way they could even do it would be to install trusted certificates on the phones that they sell. How long do you suppose that would fly under the radar before being discovered? Do you really think Google or Apple would go along with it? Use some common sense man....

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    4. Re:Putting ourselves in such awkward position ... by Anonymous Coward · · Score: 0

      Yeah...the name Edward Snowden ring any bells?

      It's not paranoia if they really ARE watching you. How about you take that tin-foil you're offering, roll up a nice, big jagged ball and shove it up the same well-used orifice you shat this comment out of, fuckstick?

    5. Re:Putting ourselves in such awkward position ... by Anonymous Coward · · Score: 0

      Please, do share the part of Snowden's disclosures wherein telco's are conducting MITM attacks for the benefit of the NSA.

      *crickets*

      Thought so.

    6. Re:Putting ourselves in such awkward position ... by davester666 · · Score: 2

      what do you mean? AT&T owns Cricket, which has just been found to alter the data sent from your email program to your email provider, stripping out STARTTLS so that instead of having a secure method to send your password and email, it is sent in the clear.

      These companies have to be smacked down by the FCC and told that they ARE just dumb pipes. Their job is to transport our data back and forth, and that is ALL. Not log it, not sell it, not slow it down, not alter it, nothing but transport. And it doesn't matter if the data is sent via a hardline or wirelessly.

      --
      Sleep your way to a whiter smile...date a dentist!
    7. Re:Putting ourselves in such awkward position ... by davester666 · · Score: 2

      Yes. Yes they would. Cricket, a subsidiary of AT&T has been altering email connections to strip out STARTTLS, so your email traffic, and possibly also your password, is sent via plain text instead of being encrypted. And LOTS of very private communications are sent via email.

      If AT&T can make a buck by wrecking your encryption, they will.

      --
      Sleep your way to a whiter smile...date a dentist!
    8. Re:Putting ourselves in such awkward position ... by Anonymous Coward · · Score: 0

      Just get mac addresses facilitated by browser and operating system id and that's it or is it? They can still remotely embed single pixel cameras in your monitor screen and video record you in front of your favorite movie or add layers onscreen to view your desktops if you are worth their time and effort. Add a couple GPS coordinates and they are locked on ready with their drone warriers. Hell, sometimes they do that just for entertainment with a hot cup of java in their other hand. And that fly you see on the wall (in the middle of a frigid winter), not really a fly, I'm afraid I feel compelled to tell you..

      We are living in dangerously omniscient, omnipresent and omnipotent times for sure. It is the incredible length and depth of secrecy that is really amazing. Corporations wanting sovereignty so they can skip over the taxes, pass the due process and presumption of innocence, play government against government and embark on their own to conquer the world.. that's the pretty scary part along with the neverending stream of people with no end to the depth of blackness in their stares who seem to have no problem fascilitating these corporations' wishes.. guessing they will read whatever crosses the teleprompter or else.

      If Isaac Azimov were still alive, I'm guessing he'd be saying, "I hate to say I told you so."

    9. Re:Putting ourselves in such awkward position ... by Anonymous Coward · · Score: 1

      Ad hominem attack is ad hominem

    10. Re:Putting ourselves in such awkward position ... by Anonymous Coward · · Score: 0

      You're asking the wrong questions. Here's a better one: Why can't we have a discussion about making https mandatory?

      So, forcing people to use something they do not need for 99% of their communications ? Why ?

      Its quite retarded that there are lots of simple informational websites that advertise themselves as HTTP, but than force the connection to HTTPS. And for what ? Everyone visiting sees the same and there is nothing personal involved.

      Take slashdot for instance. Do you think that what you read and are posting here warrants secrecy ? Why ? If not, why than should slashdot force SLL connections upon us ?

      Nope, the "SSL everywhere" movement is fishy to me. As if something else is involved. Like perhaps being able to identify specific computers by the information exchanged when setting up the SLL connection (aka: a new style of cookie) ...

    11. Re:Putting ourselves in such awkward position ... by jbmartin6 · · Score: 1

      Or perhaps a discussion about making TLS mandatory on all TCP sockets. We're heading that way anyway, eventually, or so it seems to me.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    12. Re:Putting ourselves in such awkward position ... by tepples · · Score: 1

      Slashdot redirects all connections by non-subscribers in the other direction: from HTTPS to HTTP.

    13. Re:Putting ourselves in such awkward position ... by tepples · · Score: 1

      What compelling reason is there to transmit data in clear text?

      Even if StartSSL offers personal S/MIME and TLS certificates without charge, and even if all hostnames have a distinct IPv6 address, the "manual dance" of certificate renewal involves a substantial recurring overhead cost in labor. It can't be set on auto-renew like hosting.

    14. Re:Putting ourselves in such awkward position ... by sjames · · Score: 2

      The service has become important enough that opting out is hard yet there aren't enough competitors and there's not enough freedom to switch to keep them honest. Meanwhile, consumer regulation and privacy in particular is practically non-existent in telecommunications.

      Force them to harmonize their standards so all phones can work on all networks, ban them from locking phones. require open bootloaders, force them to allow free switching of SIMs. All of that is to make sure customers can flee bad policy decisions (like super cookies). While we're at it, legally separate payment for the phone from payment for services and kill termination fees.

      Even with that, privacy and pricing regulations will be needed since due to spectrum limitations, the number of carrier networks is naturally limited. There's only so many towers that can be in a given area before they step on each other too badly.

      On the political side, the big corporations long ago shoved their hands so far up both party's asses they can use them as sock puppets.

    15. Re:Putting ourselves in such awkward position ... by sjames · · Score: 3, Interesting

      You're forgetting, the last time those very same telcos engaged in mass law-breaking on the behalf of the NSA, they got blanket immunity as a reward. Those who didn't cooperate got contracts terminated and a 'coincidental' string of denials on the regulatory front.

      It may be dirty and crooked but not stupid to go ahead and do the MITM attack secure in the knowledge that at the end of the day their customers will be forced to eat the losses and have nowhere else to go for their telecommunications if anything goes bad.

      You only get spanked if you don't cut the NSA in on the haul. That is NOT paranoia, it's a summary of recent history.

      Moreover, the only way they could even do it would be to install trusted certificates on the phones that they sell. How long do you suppose that would fly under the radar before being discovered? Do you really think Google or Apple would go along with it? Use some common sense man....

      The telcos have considerable latitude with the extra crap they bundle onto the phones. Do you really think Apple would rather not sell iFruits in the U.S. than agree to allow a few mandatory extras from the telcos?

    16. Re:Putting ourselves in such awkward position ... by sjames · · Score: 1

      Given everything they have done, how can you even imagine they would hesitate to do that?

      Bad people do bad things. Doubly so when the 'person' is of the legally incorporated multi-national variety.

      The better argument against GP is the almost purely ad-hominem attack.

    17. Re:Putting ourselves in such awkward position ... by Anonymous Coward · · Score: 1

      Unfortunately, they are required by law to log and retain all the data.

  9. I think they just switched by koan · · Score: 1

    To a different way of doing it.

    --
    "If any question why we died, Tell them because our fathers lied."
  10. Maybe they feel guilty by Anonymous Coward · · Score: 0

    Maybe llllllllllll lllllll starting to feel dirty lllllllll llllllll on the world [which is not lllllll] or llllllllllll they are just llllllllll the cookie dough and llllllllllll cost effectively subbing out the bakery to llllllll llll llllllllll lllllllllll lll.

  11. TFA misses the point by real+gumby · · Score: 3, Insightful

    The way to end this is not to say, "Would be nice to hear something similar from Verizon" like it's some sort of game.

    TFA (and the summary) are silent on the real question is which is, "What right do they have to fuck with my traffic?"

    It's like they are asking to be reclassified as a Title II common carrier.

    1. Re:TFA misses the point by Anonymous Coward · · Score: 0

      The way to end this is not to say, "Would be nice to hear something similar from Verizon" like it's some sort of game.

      TFA (and the summary) are silent on the real question is which is, "What right do they have to fuck with my traffic?"

      It's like they are asking to be reclassified as a Title II common carrier.

      Wouldn't that mean the RIAA and MPAA can sue the ISPs head-on? There wouldn't be a Verizon or AT&T left after roughly 5 years after the ISPs have been reclassified if this is the case.

      Captcha: unfair - Yep, it would be unfair from AT&T's standpoint if they get sued into chapter 11.

    2. Re:TFA misses the point by Winkkin · · Score: 1

      I think the network provider has every right to monitor the traffic on their network to insure the quality of the system. That entails capturing certain information on practically every transmission. They probably don't need information on every packet, but designing complete capture is probably easier. Tagging is perfectly understandable.

  12. Re:First Aristocrats Joke! by Anonymous Coward · · Score: 0

    You suck at trolling.

    As for AT&T they've found something better than super cookies. I wonder what it is?! :o

  13. Idiotic by alexborges · · Score: 1

    Of course. By now, they dont need cookies: they have all the data they need already through simple transparent snort and span ports.... man oh man....

    --
    NO SIG
    1. Re:Idiotic by l0n3s0m3phr34k · · Score: 1

      all the net traffic gets routed through a proxy already, so yeah. So many time Google would complain that my IP when logging on to gmail had suddenly gone from Oklahoma to California (where one of their exit nodes are). Quite annoying.

  14. So... Now what are they using??? by Anonymous Coward · · Score: 0

    The paranoid geek in me wants to know "So... If they have stopped using 'Super Cookies,' what are they using now?"

  15. Really? by Anonymous Coward · · Score: 0

    ... By denying Internet service providers their editorial discretion and by compelling them to convey content providers’ messages with which they may disagree, the Order violates broadband providers’ First Amendment rights

    Translation: Repeating a fact I dislike destroys my freedom of speech.

    Corollary translation: Exercising my freedom of speech means hiding the truth.

    What CEO and lawyer had the stupidity to put this on the public record? Do corporations now feel so entitled that they can impose arbitrary censorship? Do they think the government (and consumers) owe their business interests unlimited protection?

    This is why it's wrong for a corporation to be called a person.

  16. Can you here me now Verizon by Anonymous Coward · · Score: 0

    Nothing more.

  17. Trackability by Winkkin · · Score: 1

    Maybe people doesn't realize that the machine minds that monitor packet traffic have gotten so good at what they do, they just don't need the keys to keep track of all of it. Take the other piece of news today that Google, is getting out of the "Pay" business for digital download content. That was just their method of familiarizing their algorithm writers with the financial transaction process. Now the computers do their masters snooping without needing the non-core business of barter.