Real news from the privacy world

According to EFF Using VPN Will Protect You From Verizon’s Supercookie Stalkers

supercookies

The Electronic Frontier Foundation warns people about Verizon’s silent supercookies being abused by creepy advertisers to display targeted ads while user browse the Internet, not to mention the fact that these cookies are also following subscribers around the Internet. The EFF also offers a solution which would bring back people their privacy – encrypted VPNs. According to the EFF it is not enough to just opt out of the system.

Just two years ago UIDH (unique identifier token header) were started being stamped by Verizon on each subscribers website visit. All of that was done via subscribers cellular data network. You can tell from the name that each person’s identifier is unique which means that website owners using these ID codes are able to build up profiles on people. The records of users’ online behavior is especially valued by advertisers since it basically tell them what kind of adverts to display to each person and in what they might be interested more: someone tracked across car websites will most of the time receive ads for new cards, for example.

Even thought Verizon let people to “opt-out” of this system which would mean that advertisers would not be allowed to analyze online wanderings after directly requesting it, the setting is still quite useless: all of the HTTP requests via its network are stamped with unique identifier token header no matter the opt-out, and is visible and accessible to any visited web server. Since UIDH is baked in to Verizon’s system ad networks are able to monitor internet users without having the need to pay the company and all of that tiresome business, and people can do very little to stop them.

The code that allowed anyone with the proper setup to track and monitor Verizon’s identifier has already reappeared on Github since removed, and there has been reports telling that also Twitter has found out a way to track the Telco’s subscribers using the UIDH information. The unique identifier token header system is also noxious due to the fact that it still has the ability to bypass the anti-tracking measures in both Android and iOS that are meant to protect the privacy of mobile user: these measures deal with web cookies instead of the particular UIDH HTTP header. Jacob Hoffman-Andrews, EFF staff technologist, told the Register: “It is possible to build an opt-out system that would stop this, but it would take a considerable amount of work and the current systems just can’t do it.” AT&T also is considering an implementation of a mandatory ID number on its users since it’s such a “feature”.

The users’ best and probably only way to block UIDH system usage is to start using a VPN and/or Tor service for online browsing. For privacy Tor is usually a go-to software but it is quite tough to set it up on a mobile, for example. However most newer smartphones have a VPN mode integrated in its operating system and users are recommended to activate it in order of maintaining online anonymity according to Hoffman-Andrews.

In fact, NordVPN has servers that support even double-VPN technology which encrypts data twice instead of once and Tor over VPN, which eliminates most of the hard work in setting up Tor connection since all you need to do is connect to the server and you are protected with enhanced data encryption. Also NordVPN software is very simple to use on Windows OS machines, so users with less computer knowledge can finally use the advantages of safe online browsing without much hassle.

Hoffman-Andrews said the following: “The only way, in the short term, to stop this is if enough people complain about it. Longer term, once we get encryption across the whole internet, this kind of thing will be less of an issue. But that’s 10 or 20 years away at least.”



Try NordVPN for Free!

3 days of full security and privacy, with no strings attached

Comments

Your email address will not be published. Required fields are marked *

Leave a Comment

Your email address will not be published. Required fields are marked *