Perma-Cookies

There was an interesting article in Wired that “outed” Verizon’s use of perma-cookies.

Simply explained, perma-cookies are cookies that identify the user that are added by the carrier between the user’s browser and the receiving web site.  The effect of this is an ID that will follow the user, potentially across devices, silently, with no way for the user to even know this is being done.  Verizon calls it a Unique ID Header or UIDH.  Verizon, of course, sells this to advertisers under the marketing name PrecisionID.  They claim it provides ads that are more relevant to consumers, but more relevantly, it provides a way to ID the user in a way the user can’t easily opt out of.  Technically, if you knew that Verizon was doing this you could go to some web site and opt, but since you weren’t even aware they were doing this, that seems unlikely to occur.  And, according to the article, it doesn’t stop Verizon from using this UIDH, but only asks Verizon not to sell the data.

Curiously, Wired ran a new article last week that said that AT&T’s use of perma-cookies mentioned in the original article was only a “test” and that they have stopped doing it.  However, they reserve the right to start it again.  They called their program Relevant Advertising.  My suspicion is that as long as the program was a secret to the public, they were fine making money from it, but as soon as it was no longer a secret, they could not take the heat.

Interestingly, Sprint and T-Mobile were not mentioned – although that does not mean that they don’t have similar programs.

I think the interesting question is whether this is legal or not and you should stay tuned to see if Verizon caves or they are sued.

Privacy – it used to exist.

Mitch Tanenbaum

by