Ad Company Using Verizon Tracking Header To Recreate Deleted Cookies

itwbennett writes The story began a few months ago when it was reported that both Verizon and AT&T were injecting unique identifiers in the Web requests of their mobile customers. AT&T has since stopped using the system, but Verizon continues. Now, Stanford computer scientist Jonathan Mayer has found that one advertising company called Turn, which tracks users across the Web when they visit major sites including Facebook, Twitter, Yahoo, BlueKai, AppNexus, Walmart and WebMD, uses the Verizon UIDH to respawn its own tracking cookies.

lumascape

if you haven't ever waded thru pcap traffic of adfraud, you may not be familiar with this steaming shitpile.

http://www.lumapartners.com/wordpress/wp-content/uploads/2012/04/Display-LUMAscape_2012-04-05.jpg

turn, bluekai, and appnexus are all companies in the lumascape group.

Re:Easy fix

[DarkOx]

I wonder if we could fuck with this services though by creating a Mozilla addon that inserts this header and fills it with some random garbage on each request. If enough people used it maybe we could DOS their database by filling it with UUID seen only once?

Re:Only iOS?

[JohnFen]

There are only three possible explanations for this: the two phones were using different carriers, or they were being tested in different geographical locations, or the cell carrier itself is making the distinction for some weird reason. The header injection itself is totally unrelated to the phone, the operating system, or what the software on the phone does.