dslreports logo
 story category
EFF Hints at Lawsuit Against Verizon For Its Stealth Cookies

A few weeks ago I noted how security researchers had discovered that Verizon has been injecting a unique new "stealth cookie" identifier into all user traffic that tracks user online behavior, even if the consumer opts out. Using a unique Identifier Header, or UIDH, Verizon's ham-fisted system broadcasts your identity all across the web -- and remains intact and open to third-party abuse -- even if you opt-out of Verizon's behavioral ad programs.

Click for full size
Now the Electronic Frontier Foundation has filed a complaint with the FCC and has strongly indicated that they're considering legal action against Verizon for violating consumer privacy laws:
quote:
We're also concerned that Verizon's failure to permit its users to opt out of X-UIDH may be a violation of the federal law that requires phone companies to maintain the confidentiality of their customers' data. Only two months ago, the wireline sector of Verizon's business was hit with a $7.4 million fine by the Federal Communications Commission after it was caught using its "customers' personal information for thousands of marketing campaigns without even giving them the choice to opt out." With this header, it looks like Verizon lets its customers opt out of the marketing side of the program, but not from the disclosure of their browsing habits.
AT&T is exploring a similar service, but insists the program is in trial-mode only. The interesting bit is despite the number of savvy folks out there, Verizon appears to have been using this technology for the better part of two years without anyone noticing.

Most recommended from 29 comments


rradina
join:2000-08-08
Chesterfield, MO

3 recommendations

rradina

Member

Only works with HTTP?

The injection should only work with HTTP. If you use HTTPS, Verizon shouldn't be able to decrypt the packets to inject a stealth cookie.

If your favorite sites support it, this is just another reason to use HTTPS.