Verizon offers silver bullet for immortal 'supercookies'
Privacy experts pushed Verizon Wireless to suspend its required use of 'supercookies' – automatically regenerating data tracking cookies that create advertising profiles of its customers.
Supercookie: the delicious-sounding, diabolical way mobile companies can track smart phone Web browsing almost unilaterally.
Chances are if you had a Verizon Wireless phone, the company branded you with a customer code that let the company track your Internet wanderings for advertising purposes. Its persistent tracking made it easy for third parties to follow along, as well.
Thanks to privacy watchdogs, that will change.
After pressure from privacy advocacy groups, Verizon Wireless released a statement to the New York Times saying it will soon make supercookies opt-out for all smart phone customers.
"Verizon takes customer privacy seriously and it is a central consideration as we develop new products and services," Verizon spokeswoman Debra Lewis says in the statement. "We have begun working to expand the opt-out to include the identifier referred to as the UIDH [unique ID headers], and expect that to be available soon. As a reminder, Verizon never shares customer information with third parties as part of our advertising programs."
Previously, Verizon and its data partner, digital marketing company Turn, used two ways to mine customer data for advertising purposes. The first is an opt-in marketing program that gives customers rewards for voluntarily giving information about themselves. The second is the supercookie method, or UIDH. In this method, each customer is given an anonymous tracking code that follows Web browsing activities, while feeding that information back to Verizon for advertising purposes. What is especially controversial about Verizon’s methods: it was revealed its digital marketing partner Turn, was regenerating customer’s UIDH even if the customer deleted their cookies. In essence, it was impossible to not be tracked.
Though Verizon is now bending to pressure to tone down these immortal cookies, initially the carrier defended the practice, saying the UIDH were changed often to protect customer privacy and that information was never shared with third party advertisers.
However, advocacy groups pointed out hackers could exploit these persistent trackers.
Even with this change, privacy advocates say Verizon should make the program “opt-in” instead of “opt-out” as customers may not understand the implications of the program.
Verizon was the only carrier still using this method of data tracking. AT&T previously used supercookies, but stopped back in November. Wireless companies, which have jurisdiction over the 62 percent of Americans who have smart phones with Internet, are not governed by federal privacy regulations.