Verizon's Sneaky Zombie Cookies Now Being Used Across The Entire AOL Ad Empire

from the snoopvertising dept

Poor Verizon. Telco executives for years have sat in their board rooms bored by the billions to be made on telecom and transit, jealously eyeing Facebook and Google ad revenue, and desperately dreaming of being seen as more than just a dull old phone company. That’s why the telecom giant recently paid $4.4 billion to acquire AOL, and is now throwing tens of millions at a new Internet video service aimed squarely at Millennials (hey kids, why get Internet video right from the source or a disruptive content company when you can get it from the phone company?).

And, lucky you, the same kind of greasy principles that have guided the company’s legacy telecom networks are being applied to this brave, new, hipper advertising frontier. You’ll recall that the company was widely criticized for manipulating user traffic streams to insert “zombie cookies,” or unique identifier traffic headers that track user behavior online and can be abused by third parties. Only discovered by researchers two years after being implemented, it only took Verizon another six months of sustained criticism to finally let users opt out of being watched.

With AOL now part of the Verizon family, it’s rather unsurprising to learn that Verizon’s now extending the use of these stealth trackers across the entirety of the AOL ad empire:

“Verizon said in a little-noticed announcement that it will soon begin sharing the profiles with AOL?s ad network, which in turn monitors users across a large swath of the Internet. That means AOL?s ad network will be able to match millions of Internet users to their real-world details gathered by Verizon, including ? ?your gender, age range and interests.”…AOL will also be able to use data from Verizon?s identifier to track the apps that mobile users open, what sites they visit, and for how long.”

So not only is Verizon now using its AOL acquisition to expand its plan to modify traffic to watch people, the telco’s still opting users in by default and bouncing this traffic around the Internet unencrypted so it can be abused by third parties. Verizon of course insisted this could never happen, right before it did. But whereas you might see this as a dramatic expansion of a horrible precedent, Verizon thinks you shouldn’t worry because this is all occurring under the roof of one giant, happy, Verizon family:

I think in some ways it?s more privacy protective because it?s all within one company,? said Verizon?s Zacharia. ?We are going to be sharing segment information with AOL so that customers can receive more personalized advertising.”

Are you comforted yet? It seems like only a matter of time before freshly-Verizon-owned media properties (The Huffington Post, Engadget, TechCrunch et al) pen furious missives informing us that this Verizon snoopvertisement-dominated Internet is a step in the right direction. It’s worth reminding Verizon users that they can opt out of having their traffic modified and tracked via the Verizon privacy portal or by calling 866-211-0874. Of course this should be disabled by default if not outlawed all together, but hey — at least we’re all part of one big, loving Verizon family, right?

Filed Under: , , ,
Companies: aol, verizon

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Verizon's Sneaky Zombie Cookies Now Being Used Across The Entire AOL Ad Empire”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: So what's wrong with being tracked all over the net?

So, instead of talking about some tracking cookies, they should avoid being hypocritical and not talk about them at all?
I like the way you think. rolls eyes

Tell you what. Why don’t you create a blog or news site for us to go that reveals the evils of the tech world and Big Google? Then everyone that wants to can go over there and no body has to argue.

ltlw0lf (profile) says:

Re: Re: So what's wrong with being tracked all over the net?

Tell you what. Why don’t you create a blog or news site for us to go that reveals the evils of the tech world and Big Google? Then everyone that wants to can go over there and no body has to argue.

Yeah, but only if he also turns off commenting in order to protect our 1st Amendment rights. There is no way I can support a website that denies our freedom of speech by allowing us to comment on items that they post!

ltlw0lf (profile) says:

Re: https everywhere!

They can’t inject cookies in that, at least not yet.

They don’t need to inject anything. They own the infrastructure. They can GRE tunnel the traffic to the endpoint and put the data into a header, so the GRE tunnel end-point/receiver can grab the information and display ads based on that information, while still allowing SSL traffic to flow without an issue. May require a little extra work, but may be worth the effort to keep the money rolling in. Of course, why even do that, since they already have a database showing your entry point, so they can just set up AOL’s ad network to query the database and pull your information directly, maybe caching all the users coming from a particular IP address and some sort of mechanism in-between to make sure that each user is identified.

Should be pretty easy if they already own the end-point…

The trick is adding that capability to non-Verizon users.

Tommy T. says:

Re: Re: https everywhere!


I’m sorry but I think you are wrong about what GRE is capable of doing (how much do you really know about GRE ?). GRE header is either 24 or 28 bytes. Those bytes store protocol information. 16 bytes out of those store next protocol details, then is version and checksum. There are 28 bits of reserved data but 22 of them must be zero according to RFC-2784. And 6 bits is way too little to store anything there. So unless Arista, Juniper and Cisco have custom builds of EOS, JunOS and IOS for Verizon only (with in-house developed mGRE protocol), that won’t change. And that’s not even considering GRE tunnel establishing times, keepalives, etc. So I can’t really imagine how GRE would be used for what you are suggesting.

You say Verizon can “grab information” out of an SSL connection – what “information” are you referring to ? Source and destination IPs ? Those details are always available, you do not need GRE for that. Let’s not forget that the source IPv4 is almost certainly a NAT-ed one …

Anyway, if you think that any kind of useful information can be extracted out, or injected into an existing SSL connection, then everyone who uses credit cards over the Internet is in big trouble.

ltlw0lf (profile) says:

Re: Re: Re: https everywhere!

You say Verizon can “grab information” out of an SSL connection

Never said that, nor did I imply it. Wow. You gotta love bashing down strawmen, you seem to be really good at it.

As for GRE tunnels, if you own the backbone, you can create tunnels and add whatever headers you want to the transmission. But you don’t even need to do that…you can just send the information out-of-band.

Anonymous Coward says:

(a) not surprising and (b) meanwhile, back at AOL

(a) If you do a little research, you’ll find that AOL’s advertising arm got its start by engaging in prolific spamming with a side order of spyware. Yes, really. So expecting the slimy filth with that background to suddenly evolve principles and ethics is really dramatically overestimating their integrity and underestimating their greed.

(b) AOL is still allegedly an ISP, however in their rush to become…well, whatever it is that they think they want to be when they grow up…they’ve completely neglected the fundamentals of network operations. Their email service is now on the dismal level at Yahoo’s — that is, it’s apparently run by illiterate, ignorant, incompetent, worthless morons who have never read an RFC and who have no interest and/or ability in making it work with the entire rest of the Internet.

Christopher (profile) says:

Explains the locked-down phones.

If you own a locked-down VZW phone — and by locked down I mean no root access possible via encrypted bootloader — there’s nothing you can do to avoid it. The APN configuration that’s made possible by Android is removed by VZW… so you can’t route your mobile traffic to an on-system proxy to protect yourself.

And, of course, you can’t unload all of the modules and such to eliminate the root cause(s) either. All the more reason to stick with Developer Models where possible.


RabidWolf says:

'hum' this, Verizon!

I today received via SnailMail© a PR mailing about ‘hum’, Verizon’s new AAA wannabe, at ‘only’ $14.99/month. Hook up some equipment ‘included at no extra cost’ for roadside assistance, and life will be wonderful!! $180/year (twice a single-user AAA membership) for Verizon to scam and scan you to your grave!!


Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...