430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Mobile

Verizon Wireless tracks its clients with the UIDH technology

Verizon Wireless injects UIDH headers to every user’s Web request to track its web experience including visited websites and his habits. Verizon Wireless, the greatest US Telecom operator is tracking the internet traffic of its mobile users by adding a token to Web requests. The token is used by the company for advertising purpose, Verizon tracks the user’s habits, even if he had opted out […]

Verizon Wireless tracks its clients with the UIDH technology

Verizon Wireless injects UIDH headers to every user’s Web request to track its web experience including visited websites and his habits.

Verizon Wireless, the greatest US Telecom operator is tracking the internet traffic of its mobile users by adding a token to Web requests. The token is used by the company for advertising purpose, Verizon tracks the user’s habits, even if he had opted out of their Customer Proprietary Network Information (CPNI) options.

Customer proprietary network information (CPNI) is the  information collected by telecommunications carrier about a user’s calls, including call data and any information that appears on the consumer’s telephone bill.

It seems that the practice has been going on for two years when the company launched the Unique Identifier Token Header (UIDH) under its Relevant Mobile Advertising program.

The Verizon network is adding the X-UIDH header tokens to the requests traveling over its network, every header has a unique identifier associated to each mobile device.

The UIDH allows Verizon to track customer web experience, including visited website and mobile apps used. The solution implemented by Verizon is called the PrecisionID and allows the company to profile users and its interests to tailor advertisements, according to internal documentation.

Verizon uses a different UIDH value each week, the data used by advertisers includes the subscribers’ postal address, device types and language preferences, gender, age, hobby and personal interests.

“In addition, we will use an anonymous, unique identifier we create when you register on our websites. This may allow an advertiser to use information they have about your visits to online websites to deliver marketing messages to mobile devices on our network,” explain Verizon on its website. “We do not share information that identifies you personally outside of Verizon as part of this program. [Some of this information was] obtained from other companies.

Verizon Wireless UIDH

“Verizon is rewriting your HTTP requests to insert a permacookie? Terrible,” tweeted  Jacob Hoffman-Andrews, a senior staff technologist with the Electronic Frontier Foundation

The alarming issues is that there is no way for Verizon users to stay out of the company radar, even if they enable privacy mode navigation, use a new handset or enable Verizon privacy settings.

“Verizon responded that while the UIDH is still in the queries, consumers who have opted out of the program will no longer have information associated with the identifier. The company did not, however, pledge to stop updating the user’s profile.” reported Robert Lemos from ArsTechnica.

The unique way for Verizon users to avoid company tracking activity is to use full encryption solution like VPN (i.e. Tunnelbear or TOR).

Pierluigi Paganini

Security Affairs –  (Verizon UIDH , privacy)