RSS
Two And A Half Years Later, Verizon Finally Lets People Opt Out Of Its Stealth Zombie Cookie
from the that-took-a-while dept
Back in 2008, Verizon proclaimed that we didn't need additional consumer privacy protections (or opt in requirements, or net neutrality rules) because consumers would keep the company honest. "The extensive oversight provided by literally hundreds of thousands of sophisticated online users would help ensure effective enforcement of good practices and protect consumers," Verizon said at the time. Six years later and Verizon found itself at the heart of a massive privacy scandal after it began covertly injecting unique user-tracking headers into wireless data packets.
The headers not only allow Verizon to ignore browser privacy settings to track online behavior, it allows third parties to do so as well (something Verizon initially denied). Worse, perhaps, while users could opt out of the personalized ads delivered by the system, they couldn't actually opt out of having their online behavior tracked. Initially, Verizon responded to the controversy by repeatedly downplaying it, but as it became clear regulators and lawyers were contemplating action, Verizon stated in February that it would finally let users opt out.
As of last week, Verizon's mobile advertising FAQ now states that users can choose whether they want to let Verizon manipulate their traffic and spy on them:
So was Verizon right in that the public would keep the company honest? While that did ultimately happen here, it's worth noting that it took the nation's best security researchers two years to even notice that Verizon was embedding the headers. It took Verizon another six months (and a pretty merciless and sustained beating from the media and privacy advocates) before it finally allowed users to opt out of the traffic manipulation. And, while groups like the EFF would prefer the system be opt in, this is likely where Verizon's latest privacy scandal gets put to bed.
It makes you wonder just how long it will take the public to discover Verizon's next great innovation in snoopvertising?
The headers not only allow Verizon to ignore browser privacy settings to track online behavior, it allows third parties to do so as well (something Verizon initially denied). Worse, perhaps, while users could opt out of the personalized ads delivered by the system, they couldn't actually opt out of having their online behavior tracked. Initially, Verizon responded to the controversy by repeatedly downplaying it, but as it became clear regulators and lawyers were contemplating action, Verizon stated in February that it would finally let users opt out.
As of last week, Verizon's mobile advertising FAQ now states that users can choose whether they want to let Verizon manipulate their traffic and spy on them:
"Verizon Wireless has updated its systems so that we will stop inserting the UIDH after a customer opts out of the Relevant Mobile Advertising program or activates a line that is ineligible for the advertising program. Government and enterprise lines are examples of ineligible lines. The UIDH will still appear for a short period of time after a customer opts out of the Relevant Mobile Advertising program or activates an ineligible line. If a customer chooses to participate in Verizon Selects, the UIDH will be present even if the customer has also opted out of the RMA program."Users can either opt out of the company's snoopvertising via the privacy settings at the Verizon website, or by calling 866-211-0874.
So was Verizon right in that the public would keep the company honest? While that did ultimately happen here, it's worth noting that it took the nation's best security researchers two years to even notice that Verizon was embedding the headers. It took Verizon another six months (and a pretty merciless and sustained beating from the media and privacy advocates) before it finally allowed users to opt out of the traffic manipulation. And, while groups like the EFF would prefer the system be opt in, this is likely where Verizon's latest privacy scandal gets put to bed.
It makes you wonder just how long it will take the public to discover Verizon's next great innovation in snoopvertising?
Reader Comments
The First Word
The Principle of Opt-Out
If it's opt-out, it's abusive.Nobody in the history of ever has needed to deceptively force people to do something that they really wanted to do; that's reserved exclusively for things that nobody wants. Whether it's telemarketing or spyware or spam or anything else doesn't matter: the principle holds.
Prediction: in eight months, Verizon will quietly reset all the opt-out preferences to "no". Fifteen months later when that's discovered, they'll deny it. Four months after that they'll call it a "glitch". Seven months after that they'll say that the opt-out "expired". A year after that they'll make everybody do this song-and-dance again. And why not? It's not like their executives will be prosecuted and tossed in federal prison for this: if anything, they'll get bonuses.
Subscribe: RSS
View by: Time | Thread
There's a catch to the "opt-out"
And, of course, there is no web-based opt-out on the VZW web site.
So for me to pot out, I have to change my password first.
[ reply to this | link to this | view in chronology ]
Re: There's a catch to the "opt-out"
It's linked from the story.
https://login.verizonwireless.com/amserver/UI/Login?realm=vzw&goto=https%3A%2F%2Fwbillpay. verizonwireless.com%3A443%2Fvzw%2Fsecure%2FsetPrivacy.action
[ reply to this | link to this | view in chronology ]
This really makes a good point.
Says it quite clearly, doesn't it? -
One set of rules for the government and its corporate owners;
One for the riff-raff who just can't be trusted.
[ reply to this | link to this | view in chronology ]
Re: This really makes a good point.
That says even more.... for a "short period of time" government and corporate lines will also be tracked... and it'll all get turned back on again if someone enables Verizon Selects.
Makes me think it's almost worth using the tracking header myself to look for recently activated corporate and government handsets :)
[ reply to this | link to this | view in chronology ]
They changed the Privacy Policy Opt-Out page.
That's it.
[ reply to this | link to this | view in chronology ]
Kicking and screaming the whole way
Once you've done all that, we will be glad to opt you out of the system, and the process should only take a couple of month to get through the system."
[ reply to this | link to this | view in chronology ]
Re: They changed the Privacy Policy Opt-Out page.
"This program uses a unique identifier, also known as a Unique Identifier Header or UIDH, that is inserted into certain web traffic to deliver ads to your mobile device... The UIDH discussed above will stop being inserted in web traffic from your device after you opt out of the Relevant Mobile Advertising program."
[ reply to this | link to this | view in chronology ]
Re: They changed the Privacy Policy Opt-Out page.
[ reply to this | link to this | view in chronology ]
Turned off the uBlock...
Thanks!
[ reply to this | link to this | view in chronology ]
It was the government, not consumer threat
Verizon was wrong when it said that public pushback would keep them honest.
[ reply to this | link to this | view in chronology ]
Re: It was the government, not consumer threat
Fixed.
[ reply to this | link to this | view in chronology ]
The Principle of Opt-Out
Nobody in the history of ever has needed to deceptively force people to do something that they really wanted to do; that's reserved exclusively for things that nobody wants. Whether it's telemarketing or spyware or spam or anything else doesn't matter: the principle holds.
Prediction: in eight months, Verizon will quietly reset all the opt-out preferences to "no". Fifteen months later when that's discovered, they'll deny it. Four months after that they'll call it a "glitch". Seven months after that they'll say that the opt-out "expired". A year after that they'll make everybody do this song-and-dance again. And why not? It's not like their executives will be prosecuted and tossed in federal prison for this: if anything, they'll get bonuses.
[ reply to this | link to this | view in chronology ]
Considering how long they have been lying about this to people's faces are you really just going to take them at their word on this?
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
Opt-out vs. opt-in.
[ ] Can we use your usage data (anonymized) to improve the product?
[ ] Do you want access to the command-line console?
[ ] Can we send you our newsletter? (Might contain spam. Only to you.)
Whenever I see opt-out options, generally they tend to be of dubious benefit to me.
[X] Can we sell your personal data to our affiliates?
[X] Can we use your likeness to endorse our products?
[X] YES! Please track down all my FACEBOOK friends and send them spam! Say it's from me!
And I remember how Windows Genuine Advantage which didn't even announce itself or give an opt-out choice was exactly the sort of thing you didn't want on your computer.
Verizon may have had better results with opt-in.
[ ] YES! I totally want Verizon's stealth zombie cookie!
[ reply to this | link to this | view in chronology ]
Plain and simple
I'm pretty positive that if it were an 'opt-in' option that nobody would do it - which speaks loud and clear on how pervasive it really is.
[ reply to this | link to this | view in chronology ]
Been replaced
[ reply to this | link to this | view in chronology ]
No Opt-out for Prepaid
[ reply to this | link to this | view in chronology ]
I was already opted out
[ reply to this | link to this | view in chronology ]
Oh boy
[ reply to this | link to this | view in chronology ]
Add Your Comment