Verizon Injecting Perma-Cookies to Track Mobile Customers, Bypassing Privacy Controls

“Verizon Wireless has been silently modifying its users’ web traffic on its network to inject a cookie-like tracker. This tracker, included in an HTTP header called X-UIDH, is sent to every unencrypted website a Verizon customer visits from a mobile device. It allows third-party advertisers and websites to assemble a deep, permanent profile of visitors’ web browsing habits without their consent.”

[…]

“Verizon does provide a sort of limited opt-out for individual customers, but it appears that the opt-out does not actually disable the header. Instead, it merely tells Verizon not to share detailed demographic information with advertisers who present a UIDH value. Meaningful protection from tracking by third parties would require Verizon to omit the header entirely.”