Two And A Half Years Later, Verizon Finally Lets People Opt Out Of Its Stealth Zombie Cookie
from the that-took-a-while dept
Back in 2008, Verizon proclaimed that we didn’t need additional consumer privacy protections (or opt in requirements, or net neutrality rules) because consumers would keep the company honest. “The extensive oversight provided by literally hundreds of thousands of sophisticated online users would help ensure effective enforcement of good practices and protect consumers,” Verizon said at the time. Six years later and Verizon found itself at the heart of a massive privacy scandal after it began covertly injecting unique user-tracking headers into wireless data packets.
The headers not only allow Verizon to ignore browser privacy settings to track online behavior, it allows third parties to do so as well (something Verizon initially denied). Worse, perhaps, while users could opt out of the personalized ads delivered by the system, they couldn’t actually opt out of having their online behavior tracked. Initially, Verizon responded to the controversy by repeatedly downplaying it, but as it became clear regulators and lawyers were contemplating action, Verizon stated in February that it would finally let users opt out.
As of last week, Verizon’s mobile advertising FAQ now states that users can choose whether they want to let Verizon manipulate their traffic and spy on them:
“Verizon Wireless has updated its systems so that we will stop inserting the UIDH after a customer opts out of the Relevant Mobile Advertising program or activates a line that is ineligible for the advertising program. Government and enterprise lines are examples of ineligible lines. The UIDH will still appear for a short period of time after a customer opts out of the Relevant Mobile Advertising program or activates an ineligible line. If a customer chooses to participate in Verizon Selects, the UIDH will be present even if the customer has also opted out of the RMA program.”
Users can either opt out of the company’s snoopvertising via the privacy settings at the Verizon website, or by calling 866-211-0874.
So was Verizon right in that the public would keep the company honest? While that did ultimately happen here, it’s worth noting that it took the nation’s best security researchers two years to even notice that Verizon was embedding the headers. It took Verizon another six months (and a pretty merciless and sustained beating from the media and privacy advocates) before it finally allowed users to opt out of the traffic manipulation. And, while groups like the EFF would prefer the system be opt in, this is likely where Verizon’s latest privacy scandal gets put to bed.
It makes you wonder just how long it will take the public to discover Verizon’s next great innovation in snoopvertising?