For the last several months, cybersecurity experts have been warning Verizon Wireless that it was putting the privacy of its customers at risk. The computer codes the company uses to tag and follow its mobile subscribers around the web, they said, could make those consumers vulnerable to covert tracking and profiling.
It looks as if there was reason to worry.
This month Jonathan Mayer, a lawyer and computer science graduate student at Stanford University, reported on his blog that Turn, an advertising software company, was using Verizon’s unique customer codes to regenerate its own tracking tags after consumers had chosen to delete what is called a cookie — a little bit of code that can stick with your web browser after you have visited a site. In effect, Turn found a way to keep tracking visitors even after they tried to delete their digital footprints.
The episode shined a spotlight on a privacy issue that is particularly pronounced at Verizon. The company’s customer codes, called unique ID headers, have troubled some data security and privacy experts who say Verizon has introduced a persistent, hidden tracking mechanism into apps and browsers that third parties could easily exploit.
While Internet users can choose to delete their regular cookies, Verizon Wireless users cannot delete the company’s so-called supercookies.