Supercookies Are Back In Force Giving Rise To Privacy Threats

[Batu69]

Privacy is yet again threatened by telecom companies with Super-cookies

A recent study has warned about the high use of Super-cookies by mobile carriers which may create privacy issues as most of the confidential data shared between subscriber and mobile carrier company also goes to advertising companies.

At least nine telecom giants around the world are using so-called “super-cookies” to secretly monitor citizens’ online behavior, A study reveals,providing them a bunch of advertisements based on it and ultimately destroying the confidentiality of the subscriber.

A super-cookie also known as pass ID is a token unique to each subscriber that is injected into every HTTP request made by the subscriber. The user is helpless in this situation as the injection is made in every request and user is provided no choice regarding this issue.

Nothing is private even after clearing cookies and advertising companies keep on giving those “offers”. It allows the advertising companies to build a user profile for each user based on his/her internet usage history and thus providing “suitable” advertisements.

A storm was created when it emerged that Verizon and AT&T in the US were using this technology.After massive protests AT&T stopped using them while Verizon kept on using while providing users an option to opt out if they wish.

Now a six-month investigation by digital rights group Access has shown that the telecom companies outside US are using the same super-cookie techniques.

Access set up a website called Amibeingtracked.com, and monitored visits from 180,000 net users on their phones. After analysing the data packets of users coming to the website they concluded that 15.3 per cent of visitors had the tracking headers installed on their devices.The users were from Canada, China, India, Mexico, Morocco, the Netherlands, Peru, Spain, the US, and Venezuela.

The most common names using this technology were Verizon, AT&T, Bell Canada, Bharti Airtel, Cricket, Telefonica de España, Viettel Peru S.A.C., Vodafone NL, and Vodafone Spain. Although AT&T dropped off the charts when it withdrew using supercookies, Verizon is still going keeping its users opted-in for these headers by default.

Till now the biggest bunch of users being monitored were in the US, with the Access engine finding over 23,000 unremovable headers from phone users. Spain came as next – with just over 3,000 cases – and the other countries had fewer than a thousand cases each.

The samples collected by the website gave conclusion that there is a great degree of variation from company to company on what parameters are applied while injecting super cookies.Although companies encrypt most of the data with high level ciphers but still some sensitive data like phone number of the user appeared to be traversing in plaintext over the network.

“Not all carriers track their users, and those that respect user privacy deserve our support,” the report [PDF] concludes.

“Telecommunications companies occupy a central role in providing access to the internet, enhancing the communications capabilities of billions of people. By delivering open access, networks, and services, telcos can serve not just as internet service providers, but also as freedom providers”.

Finally, the only way to prevent yourself is to limit your web browsing to the sites that offer SSL or TLS encryption, but that will spoil the fun of free downloading and other services. Another alternate is to switch to a provider that does not use super-cookies.

Source