Fixing Verizon's Supercookie

New submitter ferro lad sends a story about Verizon's so-called supercookie, a unique identifier they add to web traffic going across their network to help advertisers target their ads better. A new article at Slate demonstrates how Verizon could fix the identifier so that ad companies would have a harder time misusing it — something they've already been shown to do. "...with just a tiny amount of effort, Verizon could maintain its current business while substantially preventing the misuse of its UID headers." Of course, for privacy-conscious users, the ability to get rid of them altogether would be preferable. Fortunately, Verizon now says users will soon have the ability to opt out of the identifiers. Previously, users could opt out of having their data shared with advertisers, but the unique identifier itself remained with their web traffic. It's not a complete solution — the tracking should be opt-in to begin with — but it's a step in the right direction.

On tracking

[fustakrakich]

There is no such thing as 'opt in'. That is a total fantasy. Your traffic is always being tracked by cookies, government spies, whatever. Even https exists to serve this purpose. Certificates are just another cookie.

Re:On tracking

[mcrbids]

Your traffic is always being tracked by cookies, government spies, whatever.

Please stop with the "sky is falling" routine - it only makes the problem worse and the stakes are too high to just throw your hands up in the air and give up in blissful ignorance.

Even https exists to serve this purpose. Certificates are just another cookie.

I suspect that, at a basic level, you have a fundamental misunderstanding as to what a "certificate" is and does.

1) A cookie is an identifier that allows you to tie numerous http(s) sessions together by domain. It can thus be used to track you by having many sites contain images or content from a common domain. (EG: doubleclick.com)

2) A certificate is used to negotiate a private session with a single domain. It's provided by the server and validated by the client to set up an encrypted connection. It allows you, the user, to verify that you are connected with the correct domain and *not* a nefarious person. The use of HTTPS and certificates foils the Verizon "supercookie" as they have no meaningful way to pierce the encryption provided between you and, say, Google.com.

VPN.

[Guspaz]

Spend $5 or $10 a month on a VPN or a VPS and encrypt all your web traffic. As soon as your ISP is actively inspecting and modifying your traffic, it can't be trusted.

You shouldn't have to do this, true, but it's a solution to the present problem.

Re:VPN.

[Archangel+Michael]

The NSA has a budget somewhere on the order of 40-80 billion dollars per year. No normal individual can stand up to that level of attack.

Nor should they. The government should be protecting citizen's rights, not invading them. But that is what you get when you keep voting for Republicrats.

A good Net Neutrality thing for law

[MerlynEmrys67]

I don't care that you traffic shape my traffic -> But it is immoral and should be illegal to change it. Why do we allow ISPs like this to change the traffic flowing through their systems to the destination.
I am not talking about adding an MPLS tag that gets inserted on insertion into the provider and stripped before it leaves the other side, I am talking adjusting my traffic to add content to the L4+ content. The ISP should only adjust things at L3 and below. Everything above that should never be touched (Ok - Large scale NAT I can live with - Lets move that to L5+)