Two And A Half Years Later, Verizon Finally Lets People Opt Out Of Its Stealth Zombie Cookie

from the that-took-a-while dept

Back in 2008, Verizon proclaimed that we didn’t need additional consumer privacy protections (or opt in requirements, or net neutrality rules) because consumers would keep the company honest. “The extensive oversight provided by literally hundreds of thousands of sophisticated online users would help ensure effective enforcement of good practices and protect consumers,” Verizon said at the time. Six years later and Verizon found itself at the heart of a massive privacy scandal after it began covertly injecting unique user-tracking headers into wireless data packets.

The headers not only allow Verizon to ignore browser privacy settings to track online behavior, it allows third parties to do so as well (something Verizon initially denied). Worse, perhaps, while users could opt out of the personalized ads delivered by the system, they couldn’t actually opt out of having their online behavior tracked. Initially, Verizon responded to the controversy by repeatedly downplaying it, but as it became clear regulators and lawyers were contemplating action, Verizon stated in February that it would finally let users opt out.

As of last week, Verizon’s mobile advertising FAQ now states that users can choose whether they want to let Verizon manipulate their traffic and spy on them:

“Verizon Wireless has updated its systems so that we will stop inserting the UIDH after a customer opts out of the Relevant Mobile Advertising program or activates a line that is ineligible for the advertising program. Government and enterprise lines are examples of ineligible lines. The UIDH will still appear for a short period of time after a customer opts out of the Relevant Mobile Advertising program or activates an ineligible line. If a customer chooses to participate in Verizon Selects, the UIDH will be present even if the customer has also opted out of the RMA program.”

Users can either opt out of the company’s snoopvertising via the privacy settings at the Verizon website, or by calling 866-211-0874.

So was Verizon right in that the public would keep the company honest? While that did ultimately happen here, it’s worth noting that it took the nation’s best security researchers two years to even notice that Verizon was embedding the headers. It took Verizon another six months (and a pretty merciless and sustained beating from the media and privacy advocates) before it finally allowed users to opt out of the traffic manipulation. And, while groups like the EFF would prefer the system be opt in, this is likely where Verizon’s latest privacy scandal gets put to bed.

It makes you wonder just how long it will take the public to discover Verizon’s next great innovation in snoopvertising?

Filed Under: , , , , ,
Companies: verizon

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Two And A Half Years Later, Verizon Finally Lets People Opt Out Of Its Stealth Zombie Cookie”

Subscribe: RSS Leave a comment
Tom Betz (profile) says:

There's a catch to the "opt-out"

You can’t opt out using the toll-free number if the login to your Verizon Wireless account uses capital letters in the password. When I called 866-211-0874, it demanded my account password.

And, of course, there is no web-based opt-out on the VZW web site.

So for me to pot out, I have to change my password first.

Anonymous Coward says:

Re: This really makes a good point.

“The UIDH will still appear for a short period of time after a customer opts out of the Relevant Mobile Advertising program or activates an ineligible line. If a customer chooses to participate in Verizon Selects, the UIDH will be present even if the customer has also opted out of the RMA program.”

That says even more…. for a “short period of time” government and corporate lines will also be tracked… and it’ll all get turned back on again if someone enables Verizon Selects.

Makes me think it’s almost worth using the tracking header myself to look for recently activated corporate and government handsets 🙂

That One Guy (profile) says:

Re: Kicking and screaming the whole way

Sure we’ll let you opt out of our intrusive spying program… should you manage to find the contact information, change your password, call a number that may or may not be listed, and provide the secret code of the day(which changes every 24 hours, and is likewise never listed), and lastly personally meet our CEO or CFO and give them the double-secret handshake.

Once you’ve done all that, we will be glad to opt you out of the system, and the process should only take a couple of month to get through the system.”

nasch (profile) says:

Re: They changed the Privacy Policy Opt-Out page.

There is no longer even a mention of the X-UIDH opt out there.

“This program uses a unique identifier, also known as a Unique Identifier Header or UIDH, that is inserted into certain web traffic to deliver ads to your mobile device… The UIDH discussed above will stop being inserted in web traffic from your device after you opt out of the Relevant Mobile Advertising program.”

John Fenderson (profile) says:

It was the government, not consumer threat

Verizon couldn’t care less what regular people think, and they didn’t change this policy because of the massive outcry over it. They changed the policy because it became clear that the government was starting to look for scalps. While the former undeniably led to the latter, it was the latter that actually mattered. If all that happened was vitriol from the masses, nothing would have changed at all.

Verizon was wrong when it said that public pushback would keep them honest.

Rich Kulawiec (profile) says:

The Principle of Opt-Out

If it’s opt-out, it’s abusive.

Nobody in the history of ever has needed to deceptively force people to do something that they really wanted to do; that’s reserved exclusively for things that nobody wants. Whether it’s telemarketing or spyware or spam or anything else doesn’t matter: the principle holds.

Prediction: in eight months, Verizon will quietly reset all the opt-out preferences to “no”. Fifteen months later when that’s discovered, they’ll deny it. Four months after that they’ll call it a “glitch”. Seven months after that they’ll say that the opt-out “expired”. A year after that they’ll make everybody do this song-and-dance again. And why not? It’s not like their executives will be prosecuted and tossed in federal prison for this: if anything, they’ll get bonuses.

Uriel-238 (profile) says:

Opt-out vs. opt-in.

I’ve noticed that I’ve become conditioned in our tickbox-rife world. Whenever I see an opt-in option, I expect it’s either the Right Thing To Do, or something that generally benefits me.

[ ] Can we use your usage data (anonymized) to improve the product?

[ ] Do you want access to the command-line console?

[ ] Can we send you our newsletter? (Might contain spam. Only to you.)

Whenever I see opt-out options, generally they tend to be of dubious benefit to me.

[X] Can we sell your personal data to our affiliates?

[X] Can we use your likeness to endorse our products?

[X] YES! Please track down all my FACEBOOK friends and send them spam! Say it’s from me!

And I remember how Windows Genuine Advantage which didn’t even announce itself or give an opt-out choice was exactly the sort of thing you didn’t want on your computer.

Verizon may have had better results with opt-in.

[ ] YES! I totally want Verizon’s stealth zombie cookie!

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...