Verizon Wireless injects mobile tracking identifier

Christopher Sewerd In the News

Just as you feel that users are able to get a grip of their own privacy, there comes along a story that throws a huge spanner in the works and reaffirms just how little control we have over our own data usage. US telecom carrier, Verizon Wireless has, it appears, been secretly inserting a header on to all mobile data communications that tracks user activity for advertising purposes.

When users of the Verizon Wireless mobile data service access any website, a special marker that is being dubbed a “supercookie” is injected to track user access. The technical term for the process is known as a Unique Identifier Token Header (UIDH) and the crux of that term is the “Unique Identifier”. This allows Verizon Wireless to track individuals based directly on their specific mobile device.

Direct advertising in a similar manner is nothing new, in fact cookies themselves are a way of direct targeting and can be used by advertisers to remember certain details about your interests, views or buying habits, one of the main criticisms of the Verizon Wireless system is the inability for users to opt-out of being a part of it.

Incognito modeWith features such as Incognito mode on Chrome, InPrivate mode on Internet Explorer and the ability to send Do Not Track requests, users have become accustom to having some control over their privacy in recent times. As part of the Verizon Wireless system, users have no control over the injection of the markers and while they do offer an option to opt-out of tracking it is not as clear cut as they would like to make you think.

Verizon have backed the system up by explaining they did allow users to opt-out of the program, however they refuse to go in to detail about this specific aspect and as can often be seen with any opt-out programme, the wording and understanding is made extremely difficult, especially for the layman who may be convinced that keeping such an option enabled is the correct or better course of action.

Although the opt-out feature should be considered a positive step and it may even be argued that customers should read terms carefully before agreeing or disagreeing, the tale takes an even stranger twist in that even if a user opted out of being part of the system, it does not remove the header injection technique, it merely removes the sharing of demographic information with advertisers. With such a system it is in reality impossible to opt-out fully.

Cookies as we are used to on desktop systems, while often claimed do not exist on mobile devices, do, but on a much smaller scale and one that is less robust when it comes to advertisers targeting you directly. With “web” access possible via both mobile browsers and apps, the fragmented nature of mobile tracking has long been the bane of advertisers and those who look to profit from direct targeting. Due to this inability to target easily and consistently, the solution from Verizon Wireless appears to be taking flight with AT&T reportedly testing their own similar system, although not for direct marketing as yet.

One of the major problems behind the system is it introduces a name badge type system that identifies you to every third party website you visit over the standard HTTP protocol and the usual privacy settings of your browser do nothing to stop this. As the header is added after your request leaves your device it is impossible to prevent using standard methods and allows the possibility for third parties to track you.

While HTTPS is on the increase and combats the issue it is still far from website-wide, at the moment the only way to completely defend against such header modification without your knowledge is to sign up for a VPN service that will encrypt all of the data coming in and out of your device thus avoiding any such HTTP web header injection.

As we learn more about the ways commercial companies are happy to circumvent standard procedure for privacy and add additional revenue streams on top of the already expensive packages you pay for, the argument for making use of a Virtual Private Network is ever increasing.

Cookie image courtesy of Suat Eman at