Category Archives: Mobile Privacy

An Update on Verizon’s UIDH Injection

In October last year, I posted a summary of phone carriers injecting unique identifiers into outgoing http requests made by customers. From the perspective of privacy, the main problem with this scheme is that it provides a way for third parties such as advertising networks to uniquely identify their users without using cookies.

Recent developments show that this threat is not merely theoretical. John Mayer recently discovered Continue reading An Update on Verizon’s UIDH Injection

Twitter Snoops on the Names of Your Apps

Twitter has started gathering the names of the apps you have on your phones/tablets. The new feature is called “Twitter app graph.” They are claiming they only gather the names of the apps rather than the data stored within them.

According to Mashable, this snooping only happens if you are using their mobile app. If this is correct, you have 2 options if you want to continue using Twitter without allowing them to gather this data:

1. Use Twitter from a browser rather than installing their app.

2. Follow the opt-out procedure here.

Twitter seems to be doing this so they can personalize the ads they deliver to you based on the apps you have installed. It is up to you to decide whether they have any business knowing the names of the other apps you have installed on your mobile device, and what you should do about it.

The Lowdown on Phone Carrier UIDH Injection

Over the past few days, media outlets have been reporting that Verizon has been inserting a string of letters and numbers called a UIDH into outgoing http requests made by its customers. The string uniquely identifies a specific device. The diagram in Jonathan Mayer’s blog post provides a good picture of how the process occurs and how this string can be used. Basically, a website that receives the string can pass it along to an advertising exchange which in turn pays Verizon for information on the subscriber that allows them to show more relevant ads.

Mayer’s post states that at a minimum, Verizon reveals Continue reading The Lowdown on Phone Carrier UIDH Injection