Your is cellphone tracking/broadcasting your every move without consent

Imagine a world where your every move, in the physical and online worlds, was monitored and tracked. Imagine this data was easily available to governments and companies who only wanted to “get to know you better” to serve you more efficiently. Imagine this data was broadcast nonstop by a small device connected to you. I’m not talking about some little microchip implanted in you head in some future reality like what happened to Arnold Schwarzenegger in the movie, “Total Recall.”

I’m talking about your cell phone….I’m talking about right now….I’m talking about Verizon’s UIDH, the “super-cookie”, which has the ability to broadcast all your physical and online travels WITHOUT YOUR CONSENT.

The “cookie” and how the consumer can manage/control privacy:

As most are aware, cookies are small text files downloaded to your computer when you browse online. To make your visit more effective , companies use cookies to identify you the next time you visit their website on your computer (i.e. “Welcome back, Mr. Jordan”, automatically open your account, etc). Advertisers use these cookies to limit repeated pop-up ads, target ads more effectively, and track campaign effectiveness.

If all this tracking seems too Big Brother or creepy, a consumer can block cookies, manage and opt-out of certain forms of advertising via settings on their computers, devices and browsers.

The consumer can control (allow/deny) any or all cookies on their computer. These cookies work fine when the consumer is surfing the web on a computer. But cookies don’t work effectively across mobile devices or environments (Android, IOS, mobile web, mobile app, Webview, SDK, etc.). Depending on the device, the type of cookie, and how the web is viewed, the cookie support may be limited to the session (in each individual app) or not accepted at all, such as with third-party cookies on an IOS APP or in Safari.

Because of the growth of smartphone/tablet penetration, faster connection speeds and improved screen resolutions, consumer websurfing has been migrating from computer to mobile. This has amplified the mobile cookie “problem”.

But not everyone sees this as a problem.…some see it as an opportunity…to increase revenue.

Verizon & mobile Big Data:

Earlier this year Verizon Wireless, who provides mobile services for about 125 million consumers, announced changes to its Relevant Mobile Advertising program. This program, among other things, tracks your location via your Verizon cell phone. Last year, Verizon conducted marketing tests with the Phoenix Suns to provide data on audience segments who attended a game then visited a particular restaurant or retailer afterwards. This could help the Suns more effectively sell advertising to those retailers.

As a Verizon Wireless customer, if you happen to log onto your MyVerizon account via your computer, Verizon also tracks your desktop internet surfing via tracking cookies. This online surfing data, combined with your physical location visits, provide Verizon a more robust ad product: YOU.

Verizon is able to sell this anonymized data to advertisers and other third parties as long as your personal data is stripped out (to protect your privacy). However, in 2013, a group of MIT scientists reported, after a fifteen month study of human mobility data of 1.5 million people, they developed algorithms to uniquely identify 95% of individuals in the data-set from just 4 or 5 different location data points for each.

Again, if all this tracking seems too Big Brother or creepy, a consumer can block GPS tracking and opt-out of certain forms of advertising via settings on their computers, devices and browsers.

Wheh!....this should allay the privacy concerns of all, right? Not so fast…..

But, because consumers were surfing more and more via their cellphone, coupled with the mobile cookie problem, Verizon was not able to fully capture your (mobile internet) data.

The UIDH is the mobile “Super-Cookie”:

Then, Verizon Wireless began “altering” wireless consumer browsing requests by inserting a Unique Identifier Header, or UIDH, into the HTTP payload and ignoring your browser privacy/do not track settings. The UIDH is delivered in with the payload to the website the consumer it attempting to view regardless of your privacy settings.

According to Verizon, a consumer can opt-out of the Verizon Relevant Mobile Advertising program. Once opted out, Verizon and its advertising partners will no longer use the UIDH for targeting advertising.

However, because Verizon is broadcasting the UIDH to EVERY website, an external ad network could use it to build a profile of your web-surfing…not sure how you could opt-out of that.

UIDH = Big Brother + Minority Report:

The UIHD is acting as a type of “cookie on steroids” because it can be read by any web server visited by the consumer and used to build a map or profile of your cyber-visits. Advertisers can also use UIDHs to identify you on the web. Instead of saying “Thom Jordan”, it is anonymized and says “Comrade 123456” (I’m making this up, actually the UIDH is 50 characters or so of code). However, “Comrade 123456” can easily be correlated with other Verizon and third party data points and algorithms to be identified and segmented with frightening accuracy (i.e. by gender, age, salary, recent purchases, recent store visits, etc). With this type of data, a retailer or advertiser doesn’t need to know my name is “Thom Jordan”, at least not until I make a purchase….and with the UIDH, coupled with big data, they probably already know it is me looking at their website anyway.

Not all UIDHs are being transmitted and it is unclear at this time why this is the case. It may be this functionality is not deployed throughout Verizon’s network.

You can test your own phone, regardless of your Carrier for UIDH or ACR:

You can test your own mobile device by going to one of these two sites below. Make sure you are not on WiFi and over your cell network:

www.lessonslearned.org/sniff

This website is by Ken White. If the UID field is blank, then you are not reporting a UIDH. It there is a long string of data, then your UIDH is reporting

www.checkyourinfo.com/request

If the “X-ACR” field is blank, then you are not reporting a UIDH. It there is a long string of data, then your UIDH is reporting.

Other carriers, such as AT&T and Vodafone appear to also be collecting and broadcasting UIDs.