Customer Data

Verizon Addresses Supercookie Conundrum

Users of Verizon Wireless’ network and products will find it will be easier to opt out of the carrier’s tracking activities. Verizon Wireless, similar to other carriers such as AT&T, has been using a “supercookie” identifier to follow smartphone users’ mobile Web activity. This data is then packaged and sold to marketers.

Verizon has given consumers ways to opt out of various marketing programs, but escaping the reach of supercookies has proven to be elusive for consumers — they cannot be turned off in standard privacy settings.

Even now, the opt-out mechanism promised by Verizon appears to be a work in progress for the carrier — in a corporate statement provided to reporters, Verizon has said that it has begun “working to expand the opt-out to include the identifier referred to as the UIDH (unique identifier header), and expect that to be available soon.”

Verizon did not respond immediately to our request to comment on this story.

The Senate Steps In

Verizon’s announcement follows an angry letter sent to the carrier by five Democratic members on the Senate Commerce Committee.

In the letter, the Senators referenced recent news reports that online advertising company, Turn, used Verizon’s supercookies to track its customers’ Internet activity. The Senators also wanted to know when Verizon learned Turn was using its mobile tracker and whether other third parties are also utilizing it.

Customer Pushback

Verizon’s capitulation on the issue follows AT&T’s last year with a similar program it was using.

In many respects, consumers of anything digital have accepted — or rather become resigned — to the increasing erosion of privacy. Supercookies, though, represent a particularly insidious violation, especially for the generation of consumers that eat, work, party, and sleep with their devices by their sides.

“The supercookie is uniquely threatening to users because users cannot delete it, like they can with desktop browser cookies, and the supercookie can introduce spyware,” Ensighten CEO Josh Manion told CRM Buyer.

“Privacy advocates have long been pushing to end the supercookie, and telecom companies are listening and mandating changes accordingly,” he said.

Tempting Data

One can understand why the telecom companies originally decided to go down this particular path even though it clearly would rankle customers once they realized what was happening, Manion continued.

“Now that customers interact online through mobile devices and the ‘Internet of Things’ far more than through any other channel, the amount of data telecom companies have access to has skyrocketed, and an industry of renting this data to advertisers is booming,” he said.

Now it appears the risk of losing customers because of this issue is too great for carriers to risk.

These companies “are in an all-out price war to keep customers and steal each other’s,” Jason Finkelstein, VP of marketing at Location Labs, told CRM Buyer.

“If customers suspect a carrier is monetizing their behavior/habits/usage, the backlash could be disastrous. This potential suspicion becomes yet another reason to quit and choose a carrier that advertises their policy not to do this. It is becoming a differentiator in other words,” he said.

“Verizon’s move is clearly a response to AT&Ts, and AT&Ts was likely in anticipation of more attacks from T-Mobile about mistreating customers.

“In fact, T-Mobile’s ‘uncarrier’ strategy has prompted, across carriers, more focus on customer service and transparency,” Finkelstein remarked. “So publicizing the supercookie identifier opt-out is a clear attempt by carriers to align to this ‘customer first’ strategy.”

Heading Off Regulation

There is also the probability that carriers want to head off regulation in this area.

“If companies continue to ignore consumers’ rights to privacy and choice in how their information is able to be accessed, they’ll be subject to hugely increased government regulation,” Rob Shavell, CEO of Abine, told CRM Buyer.

Erika Morphy has been writing about technology, finance and business issues for more than 20 years. She lives in Silver Spring, Maryland.

1 Comment

  • The idea that Turn might be injecting some kind of spyware while resurrecting the cookie is imho slightly exaggerating the situation. It’s not uncommon to start calling these affairs Supercookies and flash the danger of spyware but this was not the case here:

    Turn, the 3rd party responsible for resurrecting deleted cookies suspended it’s practice, for now: turn.com/blog/zombie-cookie-id-to-be-suspended-pending-re-evaluation.

    Good for them.

    It’s more the problem of Verizon who allowed this to happen in the first place, despite several warnings as initially this was called many, many months ago.

    Lately, Kashmir Hill, formerly with Forbes also picked it up and explains the reaction of the Chief Privacy Officer here: fusion.net/story/40796/verizon-supercookie-letter/. This was after Jonathan Mayer actually went down into the code and looked at all the was happening with the header Verizon injected: webpolicy.org/2015/01/14/turn-verizon-zombie-cookie/

    While I like the idea of Privacy as a brand value and a positive differentiator, the fact that Verizon might now hint at respecting their users’ wishes by allowing for an opt-out that actually works and that they are legally bound to provide is an insult to common sense and ethics!

    As for Telcos listening to people’s wishes and rights to Privacy, it seems to me we all have very short memories regarding Telcos and trackers!

    BT got fined for using Phorm many years ago. It was a very long process, where a lot of people had to step up before anything moved. The way BT responded is very similar to Verizon by the way. The BT and Phorm issue also had an impact on how the UK translated into national legislation the EU Privacy Directive as it had to be revisited. We’re talking years of discussions here.

    At the end of 2013, Brazilian Telco Oi got fined also for using Phorm, exact same story, exact same plot line and echoes of what we’re hearing from Verizon today.

    And other telcos are resurrecting cookies, believe me, but no one is paying attention or doing their homework.

    Telcos are under extreme pressure to deliver value to their shareholders while being plagued by hierarchical reporting structures where not being responsible is part of company culture. Does anyone truly believe they can ever be the good guys?

    Let’s keep it real

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

CRM Buyer Channels