AT&T and Verizon use “supercookies” to track users’ online activities
7 November 2014
Telecommunications corporations Verizon and AT&T automatically monitor and record all Internet activity by users accessing their cellular data networks, according to reports published this week by the Washington Post and privacy groups. The tracking system has been referred to as a “supercookie” because it is nearly impossible for users to disable it.
AT&T and Verizon secretly tracked internet activity by more than 100 million customers using the “supercookie” system, according to figures cited by the Washington Post. All users accessing AT&T and Verizon networks are subject to tracking and logging of their Internet browsing, regardless of whether they are customers with AT&T or Verizon, the Post reported.
Corporate and government clients are not subject to tracking with the “supercookie,” according to assurances given by Verizon.
The X-UID supercookie, which Verizon says was first activated in November 2012, allows Verizon and AT&T to keep a record of every single website a user visits, even when the user has enabled common security features such as “Private Browsing” mode or is using encryption technology.
Privacy groups note that data collected by the companies can easily be transferred to the NSA and other state surveillance agencies, and that even more advanced data tracking software is currently in development.
In 2012, Verizon launched Precision Market Insights (PMI), a subsidiary firm that sells information to marketing companies to tailor their advertising strategies based on Verizon customers’ Internet use patterns. PMI's official literature touts the “PrecisionID” system, described as “an anonymous unique device identifier, which can be used to reach the right audiences on mobile through demographic, interest and geographic targeting.”
While the company maintains secrecy about its PMI operations, previous comments from top executives make clear the eagerness of Verizon’s corporate leadership to profit by spying on its customers.
“We realized we had a latent asset. We have information about how customers are using their mobile phones,” PMI vice president Colson Hillier told FierceMobileIT in October 2012.
“There's a stampede by the cable companies and wireless carriers to expand data collection,” Jeffry Chester of the Center for Digital Democracy told the Washington Post.
“They all want to outdo Google,” Chester said.
PMI executive Bill Diggins bragged, “We are able to view just everything that they [cell phone users] do,” while speaking to the Paley Center’s “Data to Dollars” media symposium in 2012.
Verizon executive Thomas J. Tauke told a 2008 congressional hearing that Verizon would seek “meaningful, affirmative consent from consumers” before tracking their Internet usage with cookies.
Instead of positive consent, however, all users are subject to tracking by default, according to company sources cited by the Post, and Verizon continues to track and record all web activity even by customers who have “opted out” of the data tracking.
Once the data is collected, advertising companies can still use “de-anonymizing” technologies to identify and use data from customers who opted out, the Post reported.
Taken together with the growing mountain of evidence that the US government surveillance operations benefit from active collaboration with the major technology and communications companies, the latest revelations further show that the US corporate establishment views the privacy and democratic rights of the population with contempt.
Despite the public relations efforts of the companies to distance themselves from the mass surveillance programs run by the US and other governments, the “supercookie” exposures show that the most powerful telecoms are running data mining operations that are easily comparable to those of the government.
Aside from AT&T and Verizon, all of the other major tech and communications companies have been implicated in the US government’s global surveillance operations. Apple, Google, Microsoft, Yahoo, Facebook, AOL, Skype and Youtube all allowed the NSA’s PRISM program to collect e-mails, video and audio recordings, documents, photos, and other forms of data from their central servers, over a period of years, as part of secret agreements signed with the US government.
The NSA’s corporate partners are well compensated for their involvement in the mass spying. The NSA’s Corporate Partner Access Program paid some $280 million to tech companies to access and spy on their “high volume circuit and packet-switched networks” in 2012 alone, Snowden leaks from August 2013 showed.