Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Anti-privacy award for most monitoring across the web goes to U.S. wireless carriers

Ms. Smith | Aug. 19, 2015
Americans are tracked across the web by their wireless carriers' 'supercookies' more than any other carrier in any other country.

You may hear such tracking called by many names, such as by a carrier's use of supercookies, perma-cookies and zombie cookies, but Access researchers say those are "inaccurate" terms; instead "tracking header" best describes the header injected by carriers out of the control of the user. Below is the breakdown of tracking by country.

081815 tracking chart

The data provided by Access shows Verizon as the top offender in regards to monitoring its users with tracking headers, followed by AT&T. AT&T agreed to stop using such tracking methods in November 2014; it wasn't until 17 weeks later that AT&T stopped injecting tracking headers and stopped showing up on Amibeingtracked. Access also noted that Cricket was monitoring U.S. users with tracking headers, but there needs to be a bigger pool of data as it was tested less than 10 times.

Carriers tracking

About 18,900 Verizon users and approximately 5,700 AT&T users who tried the Amibeingtracked tool between November 2014 and April 2015 were being tracked by their carriers. Verizon is still showing up on the chart because users are opted-in by default, meaning it's on the user to take responsibility and follow the necessary steps if they want to opt-out.

Yet a different breakdown of the data shows the highest percentage of tracking by carrier.

Highest percentage of tracking by carrier

Other key findings in the Access report include:

  • Even if tracking headers are not used by the carrier itself to sell advertising, other firms can independently identify and use the tracking headers for advertising purposes.
  • Using "Do not track" tools in web browsers does nothing to block the tracking headers.
  • Unfortunately, tracking headers "can attach to the user" even when he or she crosses international borders.
  • Tracking headers do not work when users visit websites that encrypt connections using Secure Socket Layer (SSL) or Transport Layer Security (TLS), meaning the site has an HTTPS URL. That's great, but Access researchers are concerned that lack of tracking may lead to fewer sites offering secure and encrypted HTTPS connections.
  • Tracking headers have been used since 2000, meaning it took 15 years for the U.S. to investigate how they were being used (pdf). Access added, "It is entirely possible that new, undiscovered tracking mechanisms are already being deployed."

It's not only Access warning about such tracking; the W3C Consortium is against unsanctioned web tracking as it is "actively harmful to the web" and "may introduce privacy, security, and consumer protection concerns."

Access pointed out that not all carriers disrespect their users' privacy by secretly monitoring them with tracking headers, but others telcos also need to be "freedom providers."


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.