AT&T Stops Using 'Permacookies' to Track Customer Activity


AT&T recently announced that it has stopped adding tracking information to its mobile phone customers' Web traffic to help advertisers identify its users, according to ProPublica.

"It has been phased off our network," AT&T spokesperson Emily J. Edmonds said.

Edwards told ProPublica that the tracking information had been part of a test which has now been completed, and that while AT&T may start using the program again in the future, "customers will be able to opt out of the ad program and not have the numeric code inserted on their device."

Verizon Wireless, however, is continuing to insert a 50-character string, called a Unique Identifier Header (UIDH), into its customers' traffic, as was reported a few weeks ago.

While Verizon allows its customers to opt out of its Relevant Mobile Advertising program, the UIDH is still broadcast to every site Verizon customers visit -- so advertisers can still use the information to build profiles of Verizon users' online activity, with or without their consent.

A Verizon spokesperson told ProPublica that while the program is continuing, "as with any program, we're constantly evaluating."

Jacob Hoffman-Andrews, senior staff technologist at the Electronic Frontier Foundation, noted in a blog post that Verizon's program "allows third-party advertisers and websites to assemble a deep, permanent profile of visitors' Web browing habits without their consent."

"Having all Verizon mobile users' Web traffic marked with a persistent, unique identifier makes it trivial for anyone passively eavesdropping on the Internet to associate that traffic with the individual user in a way not possible with IP addresses alone," Hoffman-Andrews added.

Hoffman-Andrews suggests that Verizon customers consider using a VPN or an encrypted proxy to protect their privacy.

"AT&T is reacting to consumer pressure, and they're now doing the right thing," Abine CEO Rob Shavell told eSecurity Planet by email. "Consumers, however, cannot trust or rely on companies that make money from their personal private data to do the right thing. People need to be aware of what data about them is being leaked and sold behind their backs and use tools like mobile private browsers to make sure their rights and personal information remain protected."