Wireless Privacy, Opt-Out Settings Don't Protect Your Security Online
NEWS ANALYSIS: Tests reveal that carriers may be including unique identifiers on your wireless data transmissions despite your efforts to opt out of advertising or tracking.Advertisers on the Internet know who you are; they know where you are with your mobile phone; and they can track your interests and send you advertising despite efforts on your part to avoid their attention. The good news is you can find out fairly easily if this tracking is taking place. The better news is that not every carrier inserts tracking codes in your data stream. The initial details of this practice were first revealed by the non-profit journalism group Pro Publica, which discovered that Twitter is making use of this information from Verizon wireless phones as a way to deliver advertising. AT&T is testing such a service, but has not deployed it commercially. The unique identifier, sometimes called a "perma-cookie," allows an internet site to track a specific phone and from that information build a database of information as to what the user of the phone is doing, such as looking for sports scores or searching for restaurants or shops.
Verizon has acknowledged that the tracking code, which it calls a Unique Identifier Header, is present in all cases, even when the customer has opted out of advertising to their mobile device.
The company provided an advance copy of a document explaining how it works to eWEEK. Verizon has two programs that use this information, Relevant Mobile Advertising and Verizon Selects. "When a customer opts out, our partners receive no information, anonymized or otherwise, about those customers," the document explains, but it also confirms that the UIDH remains.T-Mobile, on the other hand, says it does not engage in this sort of activity. "T-Mobile doesn’t use a 'perma cookie', like those other wireless providers are accused of using to track their customers," a senior executive in the company's corporate communications department told eWEEK. The privacy implications of this tracking are fairly obvious. But what's not so obvious are the risks that accompany the effort to grab those unique identification numbers. Some sites, for example, will instruct the mobile device to turn off its SSL encryption so that it has access to the information. While this may not matter, assuming it turns the encryption back on immediately, this does not necessarily happen.