The Hacker News
The Nation's largest telecom operator 'Verizon Wireless' is tracking its customers' mobile internet traffic by adding a token to Web requests traveling over its network, in order to facilitate targeted advertising even if a user has opted out of their Customer Proprietary Network Information (CPNI) options.

The Precision Market Insights division of Verizon is collecting users' data from more than two years with the launch of the Unique Identifier Token Header (UIDH) under its Relevant Mobile Advertising program. The company also expanded its program to cover all Verizon Wireless subscribers.

When consumers visit certain websites or mobile apps, The Verizon network is adding cookie-like X-UIDH header tokens to Web requests traveling over its network with a unique value/identifier for every particular mobile device.

This Verizon's solution is called the PrecisionID, which is being used to create a detailed picture of users' interests and help clients tailor advertisements, according to Verizon's own documentation.

The outcome is that the second largest cellular communication provider in U.S. Verizon Wireless is sending a unique identifier for you to each and every unencrypted website you visit using your mobile device, which means that, at worst scenario, advertisers can track your every move everywhere you have been.

Though the company started navigating the service two years ago, security experts began warning of the issue this week. "Verizon is rewriting your HTTP requests to insert a permacookie? Terrible," senior staff technologist with the Electronic Frontier Foundation, Jacob Hoffman-Andrews, tweeted about the issue on Wednesday.

Verizon Wireless Injects Identifiers to Track Mobile Customers' Online Activities
The UIDH value changes each week would provide targeted advertisements under Verizon's Precision Market Insights from participating advertisers which could request location and market-segment information. The information used by advertisers include subscribers' postal address, device types and language preferences to build profiles along with gender, age and hobby and personal interests.
"In addition, we will use an anonymous, unique identifier we create when you register on our websites. This may allow an advertiser to use information they have about your visits to online websites to deliver marketing messages to mobile devices on our network," Verizon said on its website. "We do not share information that identifies you personally outside of Verizon as part of this program. [Some of this information was] obtained from other companies."
The strange thing is you can't do anything about the issue because even if you opt out of all the Verizon tracking, by either using a privacy mode in your browser and enable Do Not Track, or by using a different browser, or even if you change to a new phone, or use a tethered laptop for browsing, in all ways you are not safe.

UIDH allows Verizon to link a website visitor to its own internal profiles, in an attempt to allow client websites to target advertising at specific segments of the consumer market.

Though, Verizon offers privacy settings, but they don't prevent sending the X-UIDH header. The only known solution left with you is to encrypt all your browsing. You can do this using HTTPS Everywhere, but this only works if the website supports HTTPS. Because this issue is already being exploited in the wild so the best solution is to use full encryption using a VPN like Tunnelbear or TOR.

Next, let's get Verizon Wireless to change this policy, by arguing that the service is essentially tracking users and that companies paid for a fundamental service that should not be using the data for secondary purposes.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.