Verizon Injecting Perma-Cookies to Track Mobile Customers ⇥ eff.org

Not content with ruining journalism, Verizon has decided to put some effort into maintaining the shitty reputation of ISPs and cellular carriers. Jacob Hoffman-Andrews, of the EFF:

Verizon users might want to start looking for another provider. In an effort to better serve advertisers, Verizon Wireless has been silently modifying its users’ web traffic on its network to inject a cookie-like tracker. This tracker, included in an HTTP header called X-UIDH, is sent to every unencrypted website a Verizon customer visits from a mobile device. It allows third-party advertisers and websites to assemble a deep, permanent profile of visitors’ web browsing habits without their consent.

Unfortunately, by signing the extremely long Verizon service agreement, you’re also agreeing to the very long privacy policy, of which a subsection does enable Verizon to be this creepy (emphasis mine):

We collect information about your use of our products, services and sites. Information such as call records, websites visited, wireless location, application and feature usage, network traffic data, product and device-specific information and identifiers, service options you choose, mobile and device numbers, video streaming and video packages and usage, movie rental and purchase data, FiOS TV viewership, and other similar information may be used for billing purposes, to deliver and maintain products and services, or to help you with service-related issues or questions. In addition, this information may be used for purposes such as providing you with information about product or service enhancements, determining your eligibility for new products and services, and marketing to you.

This is buried way down in Verizon’s sub-sub-agreement, almost as though they hope nobody reads these things. Worse still, as the EFF points out, the header is part of all your traffic over their network, is specific to your device, and can be sniffed by anyone. Creepy.