Supercookies are back, and they're as unappealing as ever

[RV_]

I just went to a website that the following articles used and found much to my surprise that Verizon was not tracking me. Then who was generating the strange ads coming in my messaging inbox? The cell companies are getting caught putting tracking cookies on our phones and there is a website where you can test your phone on to see if you are being tracked by your carrier. You can skip reading the whole larger than three lines article and just test your phone by turning off WiFi and opening your phone's browser and navigate to this website and follow the directions here: http://amibeingtracked.com/ Then if you are being tracked you might want to read the article.

 

Excerpt:

 

"Supercookies are back in force. But if supercookies are so great for consumers, why aren't mobile carriers bragging about using them?

I first learned that supercookies (AKA perma-cookies, PrecisionIDs, or the more generic term tracking headers) were being used by mobile carriers to track people traversing their mobile networks in 2014. The rationale behind tracking is to provide better advertising content. Whether that's okay depends on which side of the privacy fence you stand.

It took Robert McMillan's October 2014 WIRED article Verizon's 'Perma-Cookie' Is a Privacy-Killing Machine to get the kettle boiling. "The company (Verizon) - one of the country's largest wireless carriers, providing cell phone service for about 123 million subscribers — calls this a Unique Identifier Header, or UIDH," wrote McMillan. "It's a kind of short-term serial number that advertisers can use to identify you on the web, and it's the lynchpin of the company's internet advertising program."

As it turned out, people were less than thrilled about tracking headers, prompting an investigation by the FCC, legislation by the US Congress, and more than a few lawsuits. The two mobile carriers implicated in 2014 — AT&T and Verizon — stopped (AT&T) or offered an opt-out (Verizon) for their particular type of tracking header.

Supercookies are back

Tracking headers are back in play, and more mobile carriers than AT&T and Verizon are using them. To determine which mobile carriers are involved and the prevalence of tracking headers, the people at Access developed the Am I Being Tracked? website ( http://amibeingtracked.com/ ) illustrated at the beginning of the article. "The website performs several simple tests to determine whether users are being tracked," the paper's authors write. The procedure is as follows:

•Determine whether the device making the request is a mobile device operating on a 3G, 4G, or LTE carrier network.
•Extract the user's IP address from the normal HTTP header (not the injected header).
•Look up the IP address in an IP geolocation database, matching the IP address with publicly available information about where the IP range is located.
•Look for any unusual or custom headers in the HTTP request and, if found, they are logged.
•Results of the test are returned to the user stating whether the user is being tracked.

After six months of activity (as of the time the paper was published), the Am I Being Tracked? web tool had processed nearly 180,000 tests, and over 15% were identified as being tracked. Figure C shows the results listed by carrier."

How the tracking works is illustrated with diagrams in the article in addition to live links to the papers just published. All in the article here: http://www.techrepublic.com/article/supercookies-are-back-and-theyre-as-unappealing-as-ever/?tag=nl.e101&s_cid=e101&ttag=e101&ftag=TRE684d531

[Al F]

I guess the good news is that neither my Verizon Jetpack or Smart phone is being tracked.

[mrschwarz]

Neither is mine.

[jjwicklund]

Will they tell me where I am if I get lost?

[RV_]

That is why I posted guys. My phones aren't tracked either. Many times a vulnerability or attack is limited and some authors try to make them sound immediate. Whenever there is a safe test website or scan for a vulnerability along with a post on privacy or data violators I will post it if I see it.