Story 2014-10-28 2TRD Verizon Wireless uniquely identifies your traffic for all to see

Verizon Wireless uniquely identifies your traffic for all to see

by
in internet on (#2TRD)
Wired reports that Verizon inserts a unique identifier into all HTTP requests going over its wireless network, subverting Do Not Track, private browsing sessions, using different browsers, or moving around their network. Verizon has an opt out page, but it only opts you out of having it being used by Verizon and its partners from targeting ads based on it. Obviously, anyone else seeing the headers are under no agreement to not use them to build a profile of you. There are anecdotal reports AT&T may be doing the same. Security researcher Kenneth White set up a page to check for this header with more information.
Reply 5 comments

It Appears AT&T Does This As Well (Score: 1, Informative)

by Anonymous Coward on 2014-10-28 17:06 (#2TRE)

"Late Friday, Hoffman-Andrews said he was looking into anecdotal reports that AT&T was using a similar type of identifier."

AT&T is my cell service provider and when I loaded the test site on my phone, it returned a nice, long UID. It did conclude with "type=Dynamic". Can anyone with more knowledge weigh in on whether or not "type=Dynamic" means this is less likely to be a Verizonesque permacookie?

HTTPS (Score: 2, Insightful)

by bryan@pipedot.org on 2014-10-28 17:57 (#2TRF)

Yet another reason to use HTTPS everywhere.

Re: HTTPS (Score: 1)

by billshooterofbul@pipedot.org on 2014-10-28 22:27 (#2TRG)

Eh, HTTPS everwhere won't help that much. Sure anyone sniffing traffice between you and various websites can't identify you any more. But the adnetworks or anyone else that issues request from various sites ( JS, images, whatever) can tell that you visited pages X, Y, & Z even if they were browsed in different browsers and each connection was over HTTPS.

Edit in light of comments below:

Ah, yeah if Verision is modifying the http requests to add a header, https would prevent that. My brain was on a leave of absense, somehow thinking Verision was magically altering the headers in the browser as they were being created.

Re: HTTPS (Score: 1)

by tanuki64@pipedot.org on 2014-10-28 18:33 (#2TRH)

Does https help? The content is encrypted, true, but does this protocol prevent the provider from putting an envelope around it so the receiver still can identify the sender? I never had an interest how https works on a low level. Perhaps I should look into it.

Re: HTTPS (Score: 1)

by zenbi@pipedot.org on 2014-10-28 21:37 (#2TRK)

Yes. Using HTTPS will prevent Verizon from injecting foreign content into your traffic. A.K.A. "Man in the middle" attacks.