Wired
reports that Verizon inserts a unique identifier into all HTTP requests going over its wireless network, subverting Do Not Track, private browsing sessions, using different browsers, or moving around their network. Verizon has an
opt out page, but it only opts you out of having it being used by Verizon and its partners from targeting ads based on it. Obviously, anyone else seeing the headers are under no agreement to not use them to build a profile of you. There are anecdotal reports AT&T may be doing the same. Security researcher Kenneth White set up
a page to check for this header with more information.
After spending most of the last decade profiting off of cramming, AT&T this month was finally held accountable by the government and
fined $105 million by the FTC, FCC, and state governments. A similar investigation is ongoing again T-Mobile, and you can likely expect similar settlements in time with both Verizon and Sprint, who also turned a blind eye for years while scammers bilked their customers (because they netted 30-40% of the profits). The FTC case against AT&T is a great read detailing at length how AT&T not only turned a blind eye to the scams, but actually made it harder for customers to identify they were being scammed and to obtain refunds.
With the customer refund process underway, the FTC tells Time that more than 359,000 customers have already applied for refunds, with many many more expected. AT&T of course generates $105 million in about the time it took me to write this post, and the money they made off these scams was potentially dozens of times larger than the fine. Still, it's nice to see the government do its job when big companies are involved, as for most of the decade the FTC and FCC ignored how large carriers helped make these scams possible. Customers need to file their claim before May 1, 2015.