Verizon has been tracking and serving the identities of its wireless customers to advertisers. Verizon uses a Unique ID Header to do this. They have gotten away with it for two years, and now security analysts are furious.
Verizon’s UIDH Prama-Cookie
Verizon Wireless is able to modify the traffic of people using their service. They inject a UIDH into every HTTP request that they receive. The header is unique to each Verizon customer, so this means that Verizon can give the identities of Verizon customers to advertisers. This happens as they are using a Verizon connection to visit unencrypted websites. The only way for Verizon customers to secure their personal data is to use a personal VPN to hide who they really are.
Any Verizon customer on their wireless service cannot open any unencrypted website without being flagged by Verizon. The company can track each HTTP request back to a specific customer because the customer’s unique UIDH is inserted into every request that is sent by each customer. Verizon operates the network, making it very easy for them to monitor all the web activities of their subscribers. And even worse, the websites that these subscribers use can use the same technology to track the people who visit them, too.
The UDIH is in effect a supercookie, which we already know can be very dangerous. Supercookies defeat privacy tools that help users block cookies that endanger their privacy. This means that despite all the precautions that users are taking to keep hackers and scammers off their backs, they are placed right back in the arms of thieves. Their ISP, who they are paying for Internet service, is stripping down their Internet security to make a few bucks more off of their already paying customers. Even with all the privacy settings that Verizon provides for their subscribers, websites and knowledgeable hackers can take the details of Verizon Wireless users from their traffic streams. Verizon is prevented from selling user data to third parties, but this doesn’t mean that they can’t trade it. Also, the data is made available to anyone on the lookout for it because the UIDH is injected into all traffic regardless of privacy settings.
ISPs Don’t Respect or Protect User Privacy
Internet privacy is becoming a bigger problem for ordinary Internet users. ISPs have denied across the board that they track and monitor their users. They have also assured their customers that they are very careful to secure their personal information. Sadly, they lie. Verizon customers are in deep water with this new discovery of the perma-cookie that reveals their web activities and identities to advertisers. Another big problem that they now face because of this tracking activity is that they can’t all get out of it. ISPs often have users on contract for long periods. It would not be so easy for most of these customers to just switch to another service provider. And most of those who could get out of their contracts would not really have much of a choice when it comes to ISPs that respect their privacy.
Crypto genius Kenn White created a website http://lessonslearned.org/sniff that helps users to check if their ISPs are tracking them on their 3G or LTE, etc. carrier connections. He found the perma-cookie on Verizon and says that he thinks that both Sprint and AT&T are also using similar perma-cookies to track and identify their customers. This makes things much worse for Internet users because they do not really have much choice of moving to a company that will protect their privacy. We pay these companies to give us access to the Internet. We trust them to secure this access. But it turns out that they are the ones putting us in danger and taking advantage of us even though we pay them for their services.
Because ISPs have no respect for their subscribers, we cannot trust them to respect DNT requests or private browsing sessions like Google Incognito Mode. In fact, this has already been proven by IBM Watson researcher Cody Dunne. ISPs can still insert UIDH into user requests regardless of these settings and features. What will work is using only HTTPS websites, or the EFF extension HTTPS Everywhere to encrypt all website browsing. Some websites won’t work with this, however, since not all of them can run HTTPS. The only way to stop UIDH or other forms of ISP tracking and to prevent ISPs from altering user traffic is to use a VPN. VPNs encrypt and secure user traffic so that no one can read it or interfere with it. User identities are therefore secure as well since even the IP address that a user is on will be changed to a secure VPN server IP address. Make sure that you choose a VPN provider that can provide you with ample protection for all the devices that you use to connect to the Internet. Providers like ExpressVPN can secure Linux, OS X, Windows, Android and iOS devices.
