An identifier on users’ phone creates cookies that can’t be deleted
Verizon will soon allow customers to opt out of having an identifier placed on their phones that had alarmed privacy advocates due to its ability to let third parties persistently track customers.
The identifier or customer code drew concerns primarily because it created so-called “supercookies” that could not be deleted by users. Verizon customers have had the ability to opt out of the company’s advertising programs, but not out of having that identifier placed on their devices.
Now, “we have begun working to expand the opt-out to include the identifier referred to as the UIDH [unique identifier header], and expect that to be available soon,” a Verizon spokeswoman said Friday via email. She added that “Verizon never shares customer information with third parties as part of our advertising program.”
The Verizon spokeswoman did not say when exactly the opt-out would become available, though she noted that customers can change their privacy choices on the MyVerizon website.
Privacy advocates like the Electronic Frontier Foundation had called on Verizon to shut down the identifier program, arguing that it violated users’ privacy.
AT&T had also at one point tested its own identifier system, which it later dropped amidst privacy concerns.
One advertising company that had been exploiting the identifier, discovered by computer scientist Jonathan Mayer, was Turn. The company tracked users across the web as they visited sites like Facebook, Twitter, Walmart and WebMD, Mayer wrote in a blog post earlier this month.
“The privacy impact also goes beyond individual mobile browsers,” he said, referring to the supercookie as a “zombie cookie.” “If a Verizon customer tethered with their phone, their notebook could get stuck with the zombie value,” he said.