Verizon, AT&T Are Watching You

The Electronic Frontier Foundation this week renewed its protests against Verizon Wireless’ and AT&T’s use of supercookies that can’t be deleted or disabled to track customers’ mobile Web-browsing activities without their knowledge.

It’s not as if the carriers’ tracking is new — Verizon has, by its own admission, been using these supercookies for two years. However, that has not been generally known.

The Electronic Frontier Foundation’s Senior Staff Technologist Jacob Hoffman-Andrews last monthtweeted about the practice, kindling outrage in the blogosphere.

Hoffman-Andrews elaborated on the issue in a Tuesday post.

“Verizon and AT&T should immediately stop modifying their customers’ Web browsing to insert the supercookie, and should re-engineer the program so that it functions on a true opt-in basis,” he told the E-Commerce Times. “Modifying customer Web browsing is too invasive to do without consent.”

It’s a Spy… It’s a Snoop… It’s a Supercookie!

The supercookies are included in an HTTP header called “X-UIDH,” according to Hoffman-Andrews. They are sent to every unencrypted website mobile device users visit.

They are tied to data plans, so anyone who browses the Web through a hotspot or shares a computer that users cellular data gets the same X-UIDH header as everyone else using those devices.

That could let third-party advertisers build a profile that reveals private browsing activity to coworkers, friends or family through targeted advertising, Hoffman-Andrews suggested.

Further, the header ignores Incognito Mode or Private Browsing Mode because it’s injected at the network layer. It can’t be taken out by disabling third-party cookies in browser settings.

The header also gets injected into mobile apps that send HTTP requests, which means users’ behavior in those apps can be correlated with their behavior on the Web.

Verizon describes this as a key benefit of its system — but it bypasses the “limit ad tracking” settings in iOS and Android that are intended to prevent abuse of unique identifiers by mobile apps, Hoffman-Andrews pointed out.

Finally, the header makes it easy for anyone passively eavesdropping on the Internet to track people, Hoffman-Andrews noted, raising the specter of NSA surveillance.

The New Cookie Monsters

Verizon’s X-UIDH header works “with select ad technology partners” to identify audiences they are trying to reach on mobile devices and to deliver relevant ads to those customers, according to Verizon .

Information about the customers is anonymized, the company said. Customers can opt in to one of the two programs Verizon is running — Verizon Selects — and opt out of the other — Relevant Mobile Advertising.

However, the opt-out merely tells Verizon not to share detailed demographic information with advertisers, Hoffman-Andrews observed.

AT&T has “completed testing of the numeric code that would be part of any new mobile relevant advertising program we may launch,” company spokesperson Emily Edmonds told the E-Commerce Times.

“Any new program we would offer would maintain our fundamental commitment to customer privacy,” Edmonds said, adding that customers would be able to opt out of the ad program.

AT&T’s code changes every 24 hours, she maintained, although security experts previously have pooh-poohed that claim.

Seeking That Mobile Pot O’Gold

The carriers’ moves perhaps should have been expected. Mobile ad spending is expected to surpass US$31 billion this year, eMarketer has forecast.

“Targeted advertising dollars are incredibly valuable,” Joe Hoffman, a practice director at ABI Research, told the E-Commerce Times. “Couple this website tracking with the location data they have, and we are looking at the money-printing machine of tomorrow.”

It’s easy to cross the line in the mobile space, because “there are different rules on mobile than for PCs, and companies are still trying to figure out the best way to use tracking data on mobile,” Josh Martin, a research director at Strategy Analytics, told the E-Commerce Times.

Mobile device users can go here or here to check whether they’re being tracked.

As for solutions, Verizon Wireless customers can use a virtual private network, Hoffman-Andrews said, but such services cost money, and “Verizon customers should not be forced to buy their privacy a la carte.”

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

CRM Buyer Channels

Marketers Need New Strategies To Parry Cookieless Advertising

As if online vendors did not have enough changes to handle in this post-Covid marketing environment, the impending loss of third-party digital cookies will soon force the e-commerce advertising industry to shift its strategies fast.

Third-party cookies will soon be a thing of the past. Within the next two years, Google will completely stop selling web ads targeted to individual users’ browsing histories. On Google’s popular Chrome web browser, cookies that collect this data will no longer be allowed.

Google recently announced plans to do away with tracking cookies on its Chrome browser by 2023. The company plans to replace them with a group profiling system intended to help create a more privacy-friendly web.

Other transitions away from third-party tracking cookies are also kicking in.

For instance, since April, iPhone and iPad users were prompted to opt-out of tracking apps that monitor their browsing. The European Union’s data protection laws classify digital cookies as a form of online identifiers. That makes them subject to regulations requiring websites to gain consent before placing cookies on browsers to track visitors.

These developments are issuing a real blow to advertisers seeking to leverage third-party data. At issue now is how brands will regroup from these substantial changes to online advertising.

One potential solution is to align marketing efforts with technology that gives marketers more control over their product and customer information. That is precisely what BigID’s actionable data intelligence platform is designed to provide.

Companies need to get the most out of their data by knowing what they have and where it is stored. The company provides strategies to help brands adapt to this changing environment, offered Heather Federman, vice president of privacy and policy at BigID.

“Digital cookies for a very long time have been the default tracking mechanism. Privacy regulations issued by the European Union started changing that,” she told the E-Commerce Times

We discussed with Federman the existential crisis online advertisers face in transitioning to what comes next in a cookieless world.

Derailing Tracking Set in Motion

A hotly debated activity for years has been websites tracking visitors’ Internet Protocol (IP) or addresses. For example, a web surfer goes to a shopping website to check out a pair of boots. That shopper then starts seeing ads for boots and related products throughout their continuing website visits.

“That is basically what digital cookies have been about, and regulators have gotten very concerned over cookies and that sort of tracking,” noted Federman.

To protect online privacy, regulators have offered various proposals to the cookie-tracking mechanism. Under the EU’s General Data Protection Regulation comes this idea that user consent must be acquired before any cookie is placed on a user’s computer, she noted.

“As a result, some consent mechanisms already exist,” she said.

That is driving the decision by numerous web browser companies to turn off cookies by default. But a lot of websites operators want site visitors to opt into cookies because that is how they generate revenue through free advertising, Federman explained.

Navigating the Cookie Apocalypse

Federman sees the solution to marketing in an e-commerce world without cookies as a more direct connection to online customers. The easiest thing for companies to do is to build on their relationship with each customer and create a first-party database.

A related approach is doing second-party data or advertising where the marketer knows the status of the first party. They might partner with another company and add to that data to enrich the customer profile, according to Federman.

The problem that marketers face once the cookie-tracking mechanisms in the browser turn off is the lack of a viable alternative for advertisers. One option is a unified consent tool. That approach remains up in the air, she noted. The same is true for using contextual-based advertising, she noted.

Buying Into the Paywall

Some website operators are considering a service subscription to support themselves as an alternative to relying on free advertising, suggested Federman.

“I, unfortunately, do think that will happen because this is the way that the world works,” she observed. “That is even more pernicious than the way that cookies have been working because, I think, marketers are still going to want to find a way to market,” she said.

Whatever solutions are concocted to replace the abandoned digital cookies, the phase-in process will be gradual over the next few years. That may cause concerns about lost revenue for advertisers along the way.

Regarding paywalls becoming more prominent on the internet, Federman sees that as a growing reality. We are starting already to see paywalls in the last few years for a lot of publishers.

“If they cannot use cookies to get their money from advertising, they are going to have to get their money directly from the users themselves. That is going to end up hurting our pockets because users were very used to free internet and getting free news all the time,” she said.

Answering the Monetizing Question

Obviously, how advertisers and website operators can successfully monetize their online activities under a new cookieless system is a major concern. Whatever solutions are implemented, it will not be a one-size-fits-all offering. For many, the quandary is developing strategies to keep the cash flow going without being able to track users.

“That is part of what is happening, and the community is in a bit of an existential crisis mode right now,” agreed Federman.

One thing that might happen is that a lot of the bigger players, the ones that have huge advertising platforms, will become more important and will also probably become more profitable, she suggested. Many of the smaller players, and especially smaller publishers and brands, will have to rely upon those larger services more extensively to get their message out.

One potential approach is a new cohort system Google is developing to replace the cookie process. Some reports describe it as an AI-powered profiling system that in some ways mimics what Facebook does.

Google recently announced a trial rollout of what it calls a Federated Learning of Cohorts (FLoC). This is a crucial part of its Privacy Sandbox project for Chrome.

Instead of digital cookies, FLoC shows websites little text bits and code the browsers store on the computer or phone. These bits of text and code help websites figure out if you have visited before, what your site preferences are, and your geographic location.

That process triggers adverts for things in which it figured you have a potential interest. Google claims the system is 95 percent as effective as third-party cookies.

So far, it is unclear how FLoC alleviates privacy concerns associated with cookies.

Divided Privacy Standards, Maybe

From an outsider’s view, it could seem like two different sets of rules are setting in concerning privacy regulations.

The EU is much stricter and more aggressive in enforcing their privacy laws. Not so much elsewhere, such as in the U.S. Consumers may end up in a situation where end-users in Europe are going to have one set of privacy rules, but not as much on this side of the pond.

“That is very possible. It is very possible you will have a balkanized internet,” agreed Federman.

In the U.S., the up-and-coming privacy laws like in California, even the new ones promulgated in Virginia and Colorado, are much more opt-out oriented, she added.

What Happens Next?

The ad tech community really needs to come together and figure out a solution to replace cookies before the upcoming two-year window closes. The focus must be on privacy-friendly and honoring the consent requirement, whether it is opt-out or opt-in, according to Federman.

Much of that process should fall upon the industry organizations that work with advertisers. These include the Network Advertising Initiative (NAI), Interactive Advertising Bureau (IAB), Digital Advertising Alliance (DAA), and others.

Add to that list the European advertising association counterparts as well.

“I do not know if we will ever be able to come to a real consensus with the privacy advocate community because many of the folks on the privacy advocacy side are not a fan of advertising,” said Federman.

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

Consumers Can Now Monetize Personal Data To Earn Passive Income

Shouldn’t you get paid when businesses use your personal information gleaned from the internet? How much is your personal data posted online worth to you?

Would you register your personal data so that you get paid when companies track you and use your own data to target you for ads? That is precisely what Invisibly lets you do.

Don’t expect to make a pile of cash, at least until the concept is more widely adopted, admitted Don Vaughn, head of product at Invisibly. Then you could earn some significant passive income with very little effort.

Invisibly’s innovative information registry program has the potential to become an online advertising industry game changer.

Currently, big tech and the ad industry use information about you for free. Both entities profit handsomely from your data for targeted advertising purposes.

They do not offer you a red cent in compensation for using your private data now. But that will likely change as consumers get more adamant about the blatant theft and use of their private data.

Of course, new legislation that more closely rides herd on big tech’s shenanigans will push those efforts further along. Changing an entire industry to a consumer-consented model takes participation on multiple levels. You can prime that pump now by signing up with Invisibly and getting paid.

Invisibly’s product lets you get paid for licensing your data. The company believes that people are — or at least should be — in control of their data; not corporations, according to Vaughn.

“We are empowering people to put their own data to work to make money from their data, just like the billions of dollars a year businesses make off data using the card transaction,” he asserted.

The E-Commerce Times talked with Invisibly’s Vaughn about the viability of making money on your personal data. We found that signing up for this passive income channel is a ground floor opportunity to what could become a major trend to profit from data that is no longer your private domain.

Selectively License Your Payable Data Profile

Spend some time searching the internet. You will find numerous companies and smartphone apps that let you earn small pots of passive income. Some even provide strategies for getting paid for using consumers’ personal data.

A cottage industry is growing with some companies actively working to change the practice of “stealing” people’s personal travel and shopping info only to make money from them on targeted ads. Their goal is to change the advertising industry in general, in favor of a data model based on using 100 percent consumer-consented and owned data.

One cog in the rolling wheel of paying for consumer information is no longer available, however. Social media changes have made it much more difficult to earn money or grow a following as quickly as people previously could.

So, what other alternatives are there for making some extra money? Data monetization is rapidly becoming the future of passive income.

How It Works

Invisibly’s model lets users control the types of information licensed for marketers to use. But the company so far does not do anything about advertisers and other data scrapping operations to enforce any so-called license violations.

“That is not what we are focused on right now. We are focused purely on you taking control of the data that you have. Essentially, we are releasing a product that allows you to start to filter news and events and product. Things based on your own data are being rolled back,” explained Vaughn.

Expanding the company’s role in protecting licensed user data from clandestine use without payments is beyond Invisibly’s current goal. Vaughn notes that he wishes the company could solve the entire data privacy issue at once. But it is very difficult to stop other companies from using your data, he reiterated.

“They are stalking you all over the web. A privacy guide is on our road map. A lot of people just kind of throw their hands up in the air about exposing their personal data. Our belief is that the way to get people to care is to start getting paid,” Vaughn opined.

Once people start to realize that they can fight back about blatant data theft on line, they will be more interested in the services that Invisibly offers in the future, he added.

Your Privacy, Your Decision

Vaughn likened what the company is trying to create to situations professional athletes already have under their control. The company’s privacy policy takes about five minutes to read and is presented in plain language.

In essence, Invisibly functions much like an athlete’s agent. The agents oversee who makes money off the athletes’ likeness in advertising. Invisibly thinks everybody should have that right.

Invisibly’s approach is to get consumers to start controlling their personal data online now. It’s sort of a get in on the ground floor movement.

Start small now and get big returns later. Invisibly hopes within the next two years to enable consumers to earn approximately $1,000 a year for their data.

Currently, you will get a few bucks a month. But soon, that could be approximately $100 in passive income, and this is just from Invisibly.

When you add in the other platforms now starting similar models for licensing personal data, your pot of passive income could earn some larger payouts. What could a couple hundred more dollars a month do for your life?

“We are making it super simple to share and license your data with Invisibly and make money from it. By doing this, you are also helping change the way data is obtained to a 100 percent consumer-consented data model.” Vaughn said.

People-First Approach

Invisibly recently launched its online platform designed to help people make money by sharing and licensing their personal data to advertisers. That data advertisers are already using anyway.

Jim McKelvey, who previously co-founded Square, started Invisibly backed by Peter Thiel’s Founders Fund. His goal in founding this company is to build a future where consent matters and people come first.

He hopes the system built around a people-first concept sets a new ethical benchmark for every company in the data space. He wants Invisibly to become living proof that a better way is possible.

“It costs exactly $0.00 to register your personal data with Invisibly. The company takes your licensed data to new advertisers.

These new advertisers want to show you relevant ads. But they sign up to pay you for using your personal data to receive their targeted ads.

No one gets your social security number and all your non-public information. The ads makers will only glean those details that might make you want to buy their advertised products, explained Vaughn.

Monetizing’s the Thing

Advertisers who sign up with Invisibly will gladly pay consumers for access to their personal information. They want to show you relevant ads.

“So, if you provide the data that says you shop at Target, primarily, advertisers will pay you for that knowledge. And so that’s where the money comes from, and that’s why we take care of all the hard work, and you get your data, and in return, online you’ll see more relevant ads that are under your control or based on your data,” Vaughn detailed.

Viable Business Model?

Will this strategy to have consumers sell their personal data gain traction? That remains to be seen.

ECT News Network in June polled our audience online for one week, asking “Would you license your personal data to advertising platforms if you were paid directly for it?” Eighty-nine responses yielded these results:

  • Yes — So much of my personal data is already in the hands of advertisers anyhow; I may as well be paid for it. (9 percent)
  • Possibly — It depends how much I would be compensated and how the data I authorize to share would be used and protected. (21 percent)
  • No — I would not sell my personal data at any price. (70 percent)

What are your thoughts about selling your personal data to advertisers? Use the Reader Comments feature below to provide your input!

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories