Report: Verizon Using Undeletable Super Cookies

LOS ANGELES — A recent report from the Electronic Frontier Foundation is casting light on Verizon’s new advertising program, which secretly installs undeletable super cookies on its client’s mobile devices.

The new ad program, called Precision Market Insights, is believed to have begun in 2012 — tracking all of the online activities of Verizon’s roughly 106 million customers — at least when they are accessing the Internet from mobile devices, such as smartphones and tablets — according to the EFF, which says that Verizon users might want to start looking for another provider.

“In an effort to better serve advertisers, Verizon Wireless has been silently modifying its users’ web traffic on its network to inject a cookie-like tracker,” the EFF report explains. “This tracker, included in [a web page’s] HTTP header called X-UIDH, is sent to every unencrypted website a Verizon customer visits from a mobile device, [allowing] third-party advertisers and websites to assemble a deep, permanent profile of visitors’ web browsing habits without their consent.”

The practice could have profound implications for affiliate marketers already contending with cookie term manipulation and “stuffing,” which has contributed to lower revenues for many adult affiliates.

For its part, Verizon says that Precision Market Insights provide addressable advertising solutions for agencies, brands and channel partners, by using the PrecisionID, “an anonymous unique device identifier, which can be used to reach the right audiences on mobile through demographic, interest and geographic targeting and enables advertisers to use their own data to reach target audiences on their mobile devices.”

Claiming that the technology is privacy-safe and accurate, Verizon says that the PrecisionID powers more impactful, data-driven marketing at scale and drives better ROI for its partners, eliminating campaign waste and inefficiencies, noting that “Together, we’re solving for the biggest challenges in mobile advertising.”

According to the EFF, Verizon’s system has privacy implications reaching far beyond the company’s own programs, as it allows others to find out about Verizon users’ online behavior.

“The X-UIDH header effectively reinvents the cookie, but does so in a way that is shockingly insecure and dangerous to your privacy,” the report explains. “Worse still, Verizon doesn’t let users turn off this ‘feature,’” the report adds. “In fact, it functions even if you use a private browsing mode or clear your cookies.”

Unlike traditional cookies, Verizon’s header is nearly invisible to users and cannot be seen or changed in an affected device’s browser settings, remaining unchanged If a user clears their cookies. Worse yet, the report notes, is that advertising networks are able to immediately assign new cookies — linking them to the cleared cookies using the unchanged X-UIDH value.

The X-UIDH header reportedly bypasses several other browser privacy mechanisms, compounding the problem by affecting more than just web browsers, but mobile apps as well, correlating a user’s app behavior with their behavior on the web — something that is  difficult or impossible without this header.

Since the header is injected at the network level, the serious security implications are not only limited to Verizon customers — as the company can add the header to any traffic using its towers. These unique X-UIDH headers reportedly help eavesdroppers by making it easy for them to tie traffic to individual users, beyond what is possible using only IP addresses.

The EFF report notes that the best protection against this specific problem is to use a VPN that encrypts all requests made from phones, regardless of whether they were made by an app or a browser. Next up is the use of an encrypted proxy — while the use of HTTPS, often considered the best protection against many problems, is reportedly among the least effective in this case.

“The header cannot be injected into an HTTPS request,” the report states, “but since websites choose whether [or not] to offer HTTPS, a site that wants to track users can simply avoid HTTPS and get the tracking headers.”

The EFF supports a fully encrypted Internet, but explains that X-UIDH headers are a strong disincentive against adopting HTTPS if websites and advertisers wish to track their users.

“ISPs like Verizon act as trusted connectors to the world, and shouldn’t be modifying our communications on their way to the Internet,” the EFF report concludes. “People should not be required to subscribe to a VPN and put their trust in a third party in order to get a modicum of privacy on the Internet.”

To test whether or not the header is injected in into your traffic, visit LessonsLearned.org/sniff or AmIBeingTracked.com, using a cellular data connection.

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

UPDATED: Supreme Court Rules Against Adult Industry in Pivotal Texas AV Case

The U.S. Supreme Court on Friday issued its decision in Free Speech Coalition v. Paxton, striking a blow against the online adult industry by ruling in support of Texas’ controversial age verification law, HB 1181.

North Carolina Passes Extreme Bill Targeting Adult Sites

The North Carolina state legislature this week ratified a bill that would impose new regulations that industry observers have warned could push adult websites and platforms to ban most adult creators and content.

Supreme Court Ruling Due Friday in FSC v. Paxton AV Case

The U.S. Supreme Court will rule on Friday in Free Speech Coalition v. Paxton, the adult industry trade association's challenge to Texas’ controversial age verification law, HB 1181.

Ofcom: More Porn Providers Commit to Age Assurance Measures

A number of adult content providers operating in the U.K. have confirmed that they plan to introduce age checks in compliance with the Online Safety Act by the July 25 deadline, according to U.K. media regulator Ofcom.

Aylo Says It Will Comply With UK Age Assurance Requirements

Tech and media company Aylo, which owns various adult properties including Pornhub, YouPorn and Redtube, plans to introduce age assurance methods in the United Kingdom that satisfy government rules under the Online Safety Act, the company has announced.

Kyrgyzstan Parliament Approves Measure Outlawing Internet Porn

The Supreme Council of Kyrgyzstan on Wednesday passed legislation outlawing online adult content in the country.

Trial Set for Lawsuit by U Wisconsin Professor Fired Over Adult Content

A trial date of June 22, 2026, has been set for the civil lawsuit filed by veteran communications professor Joe Gow against the University of Wisconsin board of regents, which fired him for creating and appearing in adult content.

New UK Task Force Meets to Target Adult Content

The architect of an influential report that recommended banning adult content deemed “degrading, violent and misogynistic” has convened an “Independent Pornography Review task force” aimed at translating that report’s findings into action in the U.K.

11:11 Creations Launches Affiliate Program

11:11 Creations principal Alicia Silver has launched 11:11 Cash for creators and affiliates.

Pineapple Support, Pornhub to Host 'Self Love' Support Group

Pineapple Support and Pornhub are hosting a free online support group for performers to develop self-love.

Show More