This article originally appeared in TidBITS on 2015-04-02 at 12:00 a.m.
The permanent URL for this article is: http://tidbits.com/article/15542
Include images: Off

How to Say “No Thanks” to Verizon’s Supercookie

by Josh Centers

Much virtual ink has been spilled discussing Verizon Wireless’s so-called “supercookie.” While it may sound delicious, it’s actually a threat to your privacy, and Verizon customers can finally opt out of it.

You’re probably familiar with standard Web cookies, which are small pieces of data stored by your browser to retain information. Cookies are mostly used to make Web sites work better, such as by keeping you logged in to a Web site across launches or maintaining the contents of an online cart as you shop. However, cookies can also can be used for less constructive purposes, such as tracking your online activity in order to serve you targeted ads. You may not like everything cookies are used for, but they’re hard to live without. Most Web browsers help you block “third-party cookies” (such as those used by ad networks), and browser plug-ins such as Disconnect [1] can block even more unwanted cookies while allowing useful ones.

So what makes Verizon’s supercookie different? It’s created not by a Web site you visit, but by Verizon itself. It takes the form of a unique identifying number inserted into all of your HTTP requests to load Web sites, called a Unique Identifier Header (UIDH). Verizon Wireless began setting these supercookies in 2012, and it sells the resulting data to advertisers, who use it to better target advertising to you. It would be like your phone company listening in on your phone calls and interrupting every so often with special offers.

Supercookies are worse than regular cookies for a few reasons:

  1. They offer no benefit apart from possibly more targeted ads.
  2. They are inserted by Verizon, whom you’re already paying for service.
  3. Supercookies can’t be deleted, or avoided with browser privacy modes.
  4. Because of the way Verizon inserts the UIDH, third parties can intercept it and use it to track your online activity [2].

Thanks in part to pressure from the U.S. Senate [3], Verizon is now allowing customers to opt-out of supercookies.

Here’s how:

  1. Log into your Verizon Wireless [4] account.
  2. If you’re not taken there automatically, click My Verizon.
  3. Click Manage Privacy Settings in the left-hand sidebar.
  4. Under Relevant Mobile Advertising, find the column that says, “No, I don’t want to participate in Relevant Mobile Advertising,” and select each phone line under that column, or click Select All.
  5. Click Save Changes.
  6. [image link] [5]

If you see nothing under Relevant Mobile Advertising, your ad blocker may be preventing you from seeing those settings. Either disable it, or disable it for that specific page, and reload.

While you’re reviewing your privacy settings, you may also wish to opt out of Verizon Wireless sharing your Customer Proprietary Network Information Settings and using your mobile usage information for Business & Marketing Reports.

You can also opt-out with a phone call. Here’s how:

  1. Dial 1-866-211-0874.
  2. Enter your Verizon Wireless phone number.
  3. Enter your billing account password.
  4. Press 3 to edit privacy settings for both Business & Marketing Reports and Relevant Mobile Advertising.
  5. To opt out for all lines on the account, press 2.

The account owner should receive a free text message to verify the updated privacy settings.

How can you be sure that opting-out worked? Pick up your mobile device, disable Wi-Fi, and head over to amibeingtracked.com [6] via cellular Internet. Tap Test Now, and the site will tell you if Verizon is tracking your Web browsing.

[image link] [7]

Verizon informs me that it could take up to a week for the updated privacy settings to take effect, so don’t be alarmed if the supercookie doesn’t crumble right away.

Should you be concerned if you use a different cellular carrier? In the United States at least, probably not. AT&T had been testing supercookies, but announced last year that it would phase them out [8]; our tests have confirmed that. Other major carriers, such as Sprint and T-Mobile, have not been known to use supercookies. And given the bad publicity that they’ve garnered for Verizon Wireless, I wouldn’t be surprised to see them tossed in the compost soon.

[1]: https://disconnect.me/
[2]: https://www.techdirt.com/articles/20150115/07074929705/remember-that-undeletable-super-cookie-verizon-claimed-wouldnt-be-abused-yeah-well-funny-story.shtml
[3]: https://www.eff.org/deeplinks/2015/02/under-senate-pressure-verizon-improves-its-supercookie-opt-out
[4]: http://www.verizonwireless.com/
[5]: http://tidbits.com/resources/2015-04/Verizon-Relevant-Mobile-Advertising.png
[6]: http://amibeingtracked.com/
[7]: http://tidbits.com/resources/2015-04/not-being-tracked.png
[8]: http://www.pcmag.com/article2/0,2817,2472230,00.asp