AT&T Stops Using 'Super Cookies' To Track Cellphone Data

← Back to Stories (view on slashdot.org)

AT&T Stops Using 'Super Cookies' To Track Cellphone Data

Posted by timothy on Saturday November 15, 2014 @10:35AM from the turns-out-people-hate-that dept.

jriding (1076733) writes AT&T Mobility, the nation's second-largest cellular provider, says it's no longer attaching hidden Internet tracking codes to data transmitted from its users' smartphones. The practice made it nearly impossible to shield its subscribers' identities online. Would be nice to hear something similar from Verizon.

16 of 60 comments (clear)

Min score:

Reason:

Sort:

Correction by sunderland56 · 2014-11-15 10:41 · Score: 4, Insightful

AT&T *claims* to have stopped using internal tracking codes.
Whether or not you believe one of the top 3 most evil corporations on the planet is up to you.
1. Re:Correction by kesuki · 2014-11-15 10:48 · Score: 2
  
  no, they 'claim' the have stopped doing it with CELLPHONE data. everything else is still fair game as far as i read it. cellphones already are tracking devices so super cookies are redundant.
  
  --
  https://www.gnu.org/philosophy/free-sw.html
2. Re:Correction by meerling · 2014-11-15 11:50 · Score: 4, Funny
  
  They have, honest.
  Now they use their new ultra secret tracking brownies.
Evenhanded Responses by Tokolosh · 2014-11-15 11:03 · Score: 4, Insightful

Six comments so far, and all very nice to AT&T. I would have expected more hating.
I'll try: fuck 'em.

--
Prove anything by multiplying Huge Number times Tiny Number
1. Re:Evenhanded Responses by reboot246 · 2014-11-15 11:11 · Score: 2
  
  I'm afraid to criticize AT&T. They know my every word and thought, plus they know where I am. :)
before giving ATT kudos.. by rogoshen1 · 2014-11-15 11:10 · Score: 5, Insightful

The pattern more than likely will be something like this:
1. get called out for bullshit, anti-consumer practice
2. Throw out PR spin about how they care about their customers, and don't do said practice
3. Finally admit to the practice, promise to stop
4. Wait a length of time until the practice becomes more 'industry standard', and the furor has died down
5. re implement under a new name
This tracking garbage is probably far too lucrative -- both to law enforcement (well they see themselves as law enforcement) and advertisers to ever really pass up.
Now that the genie is out of the bottle, it's not going back in.
Hear something similar from Verizon? Riiight. by jthill · 2014-11-15 11:34 · Score: 4, Informative

They believe being "compelled" to carry traffic with the content of which theydecide to disagree is a violation of their first amendment rights.
If you're like me, you flat-out rejected that statement, on sight. Right? There is simply no way that statement isn't some overhyped overheated drama? Clickbait or karma whoring or somebody nursing a grudge?

By denying Internet service providers their editorial discretion and by compelling them to convey content providers’ messages with which they may disagree, the Order violates broadband providers’ First Amendment rights

--
As always, all IMO. Insert "I think" everywhere grammatically possible.
1. Re:Hear something similar from Verizon? Riiight. by Paradise+Pete · 2014-11-15 13:45 · Score: 2
  
  That is amazing. I was sure your link would go to some rant-filled blog, but those are Verizon's actual words in the court filing. Unbelievable.
Putting ourselves in such awkward position ... by Taco+Cowboy · 2014-11-15 12:08 · Score: 5, Insightful

Reading the TFA

AT&T Mobility, the nation's second-largest cellular provider, says it's no longer attaching hidden Internet tracking codes to data transmitted from its users' smartphones. The practice made it nearly impossible to shield its subscribers' identities online

Would be nice to hear something similar from Verizon

really makes me cringe!
First of all, why on earth we, the users, putting ourselves at the mercy of companies such as Verizon or AT&T?
I mean, WE PAID THEM to do the "data carrier job" for us, or in other words, they are not our boss
Why are we letting them having the power to inserting "super cookies" (or whatever fuck else they can come up with) inside the datastreams that we paid them to carry?
So many people making so much noise about FREE SERVICES search engines / social sites such as Google or FB for "tracking" them, where the hell are those people when PAID SERVICES such as AT&T and/or Verizon doing the same thing to them??
Why are we giving away so much of our own rights??

--
Muchas Gracias, Señor Edward Snowden !
1. Re:Putting ourselves in such awkward position ... by Shakrai · 2014-11-15 13:45 · Score: 2
  
  You're asking the wrong questions. Here's a better one: Why can't we have a discussion about making https mandatory? At least for websites deployed on IPV6 where there's no address limitations resulting in a need to use virtual hosting. What compelling reason is there to transmit data in clear text?
  Yes, I know that there's nothing technical that stops the telco's from doing MITM attacks, but I highly doubt they would be stupid enough to do this. Many jurisdictions have laws against such behavior and even in those that don't they be assuming an enormous civil liability if certain data (banking credentials) was captured and later compromised.
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
2. Re:Putting ourselves in such awkward position ... by Shakrai · 2014-11-15 14:32 · Score: 2, Insightful
  
  Really? You "highly doubt" that the same telco's who are practically bending over backwards to track their own users and sell that shit to the NSA would be "stupid" enough for an MITM attack?
  Spare me the NSA paranoia; this is all about dollars and cents. That's what it all comes down to with any for-profit corporation. Do you seriously think that a Fortune 100 company is stupid enough to mess with encrypted sessions that will contain credentials for financial accounts? HIPAA protected medical information? Communications between attorneys and their clients? Secured sessions for defense contractors and Government employees working with Top Secret data?
  Take the tin-foil hat off long enough to contemplate the fact that Google is being spanked for the incidental capture of plaintext wi-fi packets. What do you suppose happens to the telco company that captures any of the data I've mentioned and subsequently loses it to black hats or a disgruntled employee? They'd be on the hook for millions of dollars worth of civil damages and whatever fines the alphabet soup of regulatory agencies decided to impose upon them. Do you seriously think they'd run that risk for the sake of some incidental ad revenue?
  Moreover, the only way they could even do it would be to install trusted certificates on the phones that they sell. How long do you suppose that would fly under the radar before being discovered? Do you really think Google or Apple would go along with it? Use some common sense man....
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
3. Re:Putting ourselves in such awkward position ... by davester666 · 2014-11-15 15:31 · Score: 2
  
  what do you mean? AT&T owns Cricket, which has just been found to alter the data sent from your email program to your email provider, stripping out STARTTLS so that instead of having a secure method to send your password and email, it is sent in the clear.
  These companies have to be smacked down by the FCC and told that they ARE just dumb pipes. Their job is to transport our data back and forth, and that is ALL. Not log it, not sell it, not slow it down, not alter it, nothing but transport. And it doesn't matter if the data is sent via a hardline or wirelessly.
  
  --
  Sleep your way to a whiter smile...date a dentist!
4. Re:Putting ourselves in such awkward position ... by davester666 · 2014-11-15 15:34 · Score: 2
  
  Yes. Yes they would. Cricket, a subsidiary of AT&T has been altering email connections to strip out STARTTLS, so your email traffic, and possibly also your password, is sent via plain text instead of being encrypted. And LOTS of very private communications are sent via email.
  If AT&T can make a buck by wrecking your encryption, they will.
  
  --
  Sleep your way to a whiter smile...date a dentist!
5. Re:Putting ourselves in such awkward position ... by sjames · 2014-11-16 04:15 · Score: 2
  
  The service has become important enough that opting out is hard yet there aren't enough competitors and there's not enough freedom to switch to keep them honest. Meanwhile, consumer regulation and privacy in particular is practically non-existent in telecommunications.
  Force them to harmonize their standards so all phones can work on all networks, ban them from locking phones. require open bootloaders, force them to allow free switching of SIMs. All of that is to make sure customers can flee bad policy decisions (like super cookies). While we're at it, legally separate payment for the phone from payment for services and kill termination fees.
  Even with that, privacy and pricing regulations will be needed since due to spectrum limitations, the number of carrier networks is naturally limited. There's only so many towers that can be in a given area before they step on each other too badly.
  On the political side, the big corporations long ago shoved their hands so far up both party's asses they can use them as sock puppets.
6. Re:Putting ourselves in such awkward position ... by sjames · 2014-11-16 04:33 · Score: 3, Interesting
  
  You're forgetting, the last time those very same telcos engaged in mass law-breaking on the behalf of the NSA, they got blanket immunity as a reward. Those who didn't cooperate got contracts terminated and a 'coincidental' string of denials on the regulatory front.
  It may be dirty and crooked but not stupid to go ahead and do the MITM attack secure in the knowledge that at the end of the day their customers will be forced to eat the losses and have nowhere else to go for their telecommunications if anything goes bad.
  You only get spanked if you don't cut the NSA in on the haul. That is NOT paranoia, it's a summary of recent history.
  
  Moreover, the only way they could even do it would be to install trusted certificates on the phones that they sell. How long do you suppose that would fly under the radar before being discovered? Do you really think Google or Apple would go along with it? Use some common sense man....
  The telcos have considerable latitude with the extra crap they bundle onto the phones. Do you really think Apple would rather not sell iFruits in the U.S. than agree to allow a few mandatory extras from the telcos?
TFA misses the point by real+gumby · 2014-11-15 14:44 · Score: 3, Insightful

The way to end this is not to say, "Would be nice to hear something similar from Verizon" like it's some sort of game.
TFA (and the summary) are silent on the real question is which is, "What right do they have to fuck with my traffic?"
It's like they are asking to be reclassified as a Title II common carrier.