In October last year, I posted a summary of phone carriers injecting unique identifiers into outgoing http requests made by customers. From the perspective of privacy, the main problem with this scheme is that it provides a way for third parties such as advertising networks to uniquely identify their users without using cookies.
Recent developments show that this threat is not merely theoretical. John Mayer recently discovered Continue reading An Update on Verizon’s UIDH Injection
Over the past few days, media outlets have been reporting that Verizon has been inserting a string of letters and numbers called a UIDH into outgoing http requests made by its customers. The string uniquely identifies a specific device. The diagram in Jonathan Mayer’s blog post provides a good picture of how the process occurs and how this string can be used. Basically, a website that receives the string can pass it along to an advertising exchange which in turn pays Verizon for information on the subscriber that allows them to show more relevant ads.
Mayer’s post states that at a minimum, Verizon reveals Continue reading The Lowdown on Phone Carrier UIDH Injection