Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fixing Verizon's Supercookie

Posted by Soulskill on from the c-is-for-cookie,-cookie-is-for-whoever-verizon-says dept.

New submitter ferro lad sends a story about Verizon's so-called supercookie, a unique identifier they add to web traffic going across their network to help advertisers target their ads better. A new article at Slate demonstrates how Verizon could fix the identifier so that ad companies would have a harder time misusing it — something they've already been shown to do. "...with just a tiny amount of effort, Verizon could maintain its current business while substantially preventing the misuse of its UID headers." Of course, for privacy-conscious users, the ability to get rid of them altogether would be preferable. Fortunately, Verizon now says users will soon have the ability to opt out of the identifiers. Previously, users could opt out of having their data shared with advertisers, but the unique identifier itself remained with their web traffic. It's not a complete solution — the tracking should be opt-in to begin with — but it's a step in the right direction.

2 of 111 comments (clear)

  1. Re:Windows Phone by Bugler412 · · Score: 4, Informative

    nope, that only disables the advertising ID in the phone used by apps as an identifier. Does nothing for the "supercookie" that Verizon inserts into the traffic, much like a man in the middle attack, at the network level. Easily and personally verified.

  2. Re:Windows Phone by gstoddart · · Score: 4, Informative

    Are you clueless or something?

    Verizon's controversial technology basically involves attaching tracking numbers whenever customers view Web pages. Generally, to visit a Web page, my computer (or phone, tablet, etc.) sends a request message to the website with that page. Think of this like a very (very!) fast version of sending a letter through the mail, requesting some information.

    Now imagine if the Postal Service assigned an identification number to me, and every time I sent one of those letters, a postal worker opened up the envelope and stamped the ID number inside. That is more or less what Verizon has been doing: Every time a Verizon Wireless customer requests a Web page, Verizon rewrites the request in transit to include a tracking number identifying the customer.

    There is no way to disable this, and certainly not with your damned Windows phone.

    Verizon is directly injecting this crap into your request, on their servers, independent of what YOU do.

    Basically Verizon are acting like a bunch of greedy assholes, and setting every request you make to be something uniquely identifiable as you.

    --
    Lost at C:>. Found at C.