Report: Verizon Using Undeletable Super Cookies

LOS ANGELES — A recent report from the Electronic Frontier Foundation is casting light on Verizon’s new advertising program, which secretly installs undeletable super cookies on its client’s mobile devices.

The new ad program, called Precision Market Insights, is believed to have begun in 2012 — tracking all of the online activities of Verizon’s roughly 106 million customers — at least when they are accessing the Internet from mobile devices, such as smartphones and tablets — according to the EFF, which says that Verizon users might want to start looking for another provider.

“In an effort to better serve advertisers, Verizon Wireless has been silently modifying its users’ web traffic on its network to inject a cookie-like tracker,” the EFF report explains. “This tracker, included in [a web page’s] HTTP header called X-UIDH, is sent to every unencrypted website a Verizon customer visits from a mobile device, [allowing] third-party advertisers and websites to assemble a deep, permanent profile of visitors’ web browsing habits without their consent.”

The practice could have profound implications for affiliate marketers already contending with cookie term manipulation and “stuffing,” which has contributed to lower revenues for many adult affiliates.

For its part, Verizon says that Precision Market Insights provide addressable advertising solutions for agencies, brands and channel partners, by using the PrecisionID, “an anonymous unique device identifier, which can be used to reach the right audiences on mobile through demographic, interest and geographic targeting and enables advertisers to use their own data to reach target audiences on their mobile devices.”

Claiming that the technology is privacy-safe and accurate, Verizon says that the PrecisionID powers more impactful, data-driven marketing at scale and drives better ROI for its partners, eliminating campaign waste and inefficiencies, noting that “Together, we’re solving for the biggest challenges in mobile advertising.”

According to the EFF, Verizon’s system has privacy implications reaching far beyond the company’s own programs, as it allows others to find out about Verizon users’ online behavior.

“The X-UIDH header effectively reinvents the cookie, but does so in a way that is shockingly insecure and dangerous to your privacy,” the report explains. “Worse still, Verizon doesn’t let users turn off this ‘feature,’” the report adds. “In fact, it functions even if you use a private browsing mode or clear your cookies.”

Unlike traditional cookies, Verizon’s header is nearly invisible to users and cannot be seen or changed in an affected device’s browser settings, remaining unchanged If a user clears their cookies. Worse yet, the report notes, is that advertising networks are able to immediately assign new cookies — linking them to the cleared cookies using the unchanged X-UIDH value.

The X-UIDH header reportedly bypasses several other browser privacy mechanisms, compounding the problem by affecting more than just web browsers, but mobile apps as well, correlating a user’s app behavior with their behavior on the web — something that is  difficult or impossible without this header.

Since the header is injected at the network level, the serious security implications are not only limited to Verizon customers — as the company can add the header to any traffic using its towers. These unique X-UIDH headers reportedly help eavesdroppers by making it easy for them to tie traffic to individual users, beyond what is possible using only IP addresses.

The EFF report notes that the best protection against this specific problem is to use a VPN that encrypts all requests made from phones, regardless of whether they were made by an app or a browser. Next up is the use of an encrypted proxy — while the use of HTTPS, often considered the best protection against many problems, is reportedly among the least effective in this case.

“The header cannot be injected into an HTTPS request,” the report states, “but since websites choose whether [or not] to offer HTTPS, a site that wants to track users can simply avoid HTTPS and get the tracking headers.”

The EFF supports a fully encrypted Internet, but explains that X-UIDH headers are a strong disincentive against adopting HTTPS if websites and advertisers wish to track their users.

“ISPs like Verizon act as trusted connectors to the world, and shouldn’t be modifying our communications on their way to the Internet,” the EFF report concludes. “People should not be required to subscribe to a VPN and put their trust in a third party in order to get a modicum of privacy on the Internet.”

To test whether or not the header is injected in into your traffic, visit LessonsLearned.org/sniff or AmIBeingTracked.com, using a cellular data connection.

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Adult Industry Educational, Networking Platform 'Imperfectly You' Launches

Imperfectly You, an educational and networking platform for adult industry workers, has officially launched.

Segpay to Launch News Network for High-Risk Merchants

Segpay has announced that it will launch the Segpay News Network (SNN) on April 15.

Age Verification Watch: Patching the Holes

This roundup provides an update on the latest news and developments on the age verification front as it impacts the adult industry.

Pineapple Support to Host Autism Spectrum Support Group

Pineapple Support is hosting a free online support group for performers and creators who are, or suspect they may be, on the autism spectrum.

ImLive Launches Revamped Member Loyalty Program

Cam platform ImLive has revamped its member loyalty program.

GoFundMe Set Up for Danny Ferretti's Medical Expenses

A GoFundMe campaign has been set up for Fangear founder Danny Ferretti, who requires extensive lung surgery.

Byborg Acquires Cuties AI

Byborg Enterprises has acquired adult artificial intelligence startup Cuties AI.

Irish Government Releases Report on Sex Work Decriminalization Legislation

The Irish government has released a report reviewing a 2017 law that decriminalized sex work across the country.

Texas Bill Would Require Age Verification for Online Sex Toy Sales

A new bill in the Texas state legislature would require online retailers to implement age verification of purchasers before selling “obscene devices” to anyone in that state.

New York Assemblyman Proposes Banning the Term 'Sex Work'

Republican New York Assembly Member Brian Maher has introduced a bill to prohibit the use of the term "sex work" in government documents.

Show More