THE BLOG

Verizon's Super-Cookies Are Spying on You Right Now

02/03/2015 04:07 pm ET | Updated Apr 05, 2015

Remember when the only cookies were the delicious kind that you couldn't stop eating? Those were the days. Sadly today the most prevalent cookies are the inedible kind. No, not those dry shortbread butter ones your grandparents send to you annually in a festive tin can. I'm talking tracking cookies, which service providers such as Facebook and Google use to follow our online activities, far beyond the confines of their sites.

Did you know that Facebook has cookies tracking you at 1,205 of the top 2,510 most popular sites in America? Yet lost in all of the hub-bub around these companies' privacy abuses are the blatant and dangerous security abuses committed within another industry of cookie monsters: telecommunications (i.e. phone companies). In particular, I'm talking about one company that stands out above the rest for egregious violations of consumer privacy rights. If only it was just for mislabeling the fat content - but it is much worse than that. And that company is Verizon.

Can you hear me now? Yes Verizon, we hear you loud and clear. As it turns out, you listen in on us too, as do the NSA, FBI, marketers, data brokers, and many more, thanks to you. When the secret Foreign Intelligence Surveillance Court (FISA) granted the FBI and NSA access to track our telecommunications in 2013, Verizon quickly went to the head of the line, their domestic and international caller data in hand, and said "more please." For their information sharing efforts, Verizon, as well as AT&T, and Sprint, each received an annual $300 million reward courtesy of their friends at the NSA.

In 2010, when the FCC issued the Open Internet Order, asserting its authority to regulate broadband networks, guess what company led the charge to appeal and ultimately overturn key portions of the decision in federal court? Yep, your friend and mine: Verizon. You see if you're a mobile service provider whose services include broadband networks, the last thing you want is regulation that limits your freedom to data mine and profit off of user information by selling it to third parties.

Last year, Verizon was fined a record $7.4 million, the largest amount ever handed out up to that point, for failing to inform 2 million new landline customers, over the course of seven years, about their ability to opt out of having their personal information sold to third parties (that record amount was broken months later by a $10 million dollar fine given to TerraCom and YourTel America for consumer privacy breaches).

Now we have "super-cookies." In 2014, Verizon and AT&T began experimenting with cookies that have earned a reputation as Terminator trackers because they can't be erased, disarmed, or destroyed on your device by privacy settings. It's a nice one-upmanship on Facebook practices, not to mention a model for Facebook to try and replicate. AT&T has since given up on the idea (for the time being anyway) due to its unpopularity, while Verizon continues to bull forward with its ad-targeting for profit programs. These programs, just in case you're wondering, let multiple companies track your online activities to identify the characteristics of those who would be most receptive to certain ads. You can opt out if you want, but Verizon will keep tracking your web browsing anyway, under the excuse of "other authentication purposes," whatever that means.

As the New York Times pointed out, cyber security experts warned Verizon that these super-cookies were a danger to privacy because it opened the door to persistent, hidden-tracking mechanisms to get into our apps, browsers, and devices by piggybacking on Verizon's cookies. Sure enough, just this month, word came down from the mountain (actually through a Stanford grad student's blog) that an advertising software company managed to ride Verizon's customer codes to regenerate cookies even after users managed to delete a cookie. Uh-oh.

Super-cookies have increased the demand for Net Neutrality to include broadband networks as common carriers, which would then include mobile carriers who provide such services. Common carrier status is very important here, because if designated as such, a company must adhere to tighter regulations including strict data-privacy rules that prevent such designated companies from selling personal information. Utility companies work this way for example. So do telecommunications companies, sort of anyway. The Communications Act of 1934 labelled these companies as common carriers. The 1996 Telecom Act changed all of that though by claiming that common carrier tag only applies to the telecommunication portion of these companies and not the information services they provide. You know information services, it includes that little thing we call the Internet. And thus due to de-regulation, the Pandora's Box for rampant consumer abuse by telecoms was opened.

The Electronic Frontier Foundation thinks Verizon could be violating a federal law requiring phone companies to keep customer data confidential. My take on all of this is that if nothing else, it's a clear violation of our personal rights. And for that reason, I say to all of us wireless users, beware and pay attention to what you are doing online. Clear your devices of cookies when you can and check out sites that build privacy into their apps. At MeWe for example, the company states clearly in its one-of-a-kind Privacy Bill of Rights, that as a private network, they do not track or profile you. MeWe also doesn't share your personal information with anyone.

President Obama is currently exploring whether to regulate the broadband Internet like a utility and thusly, a common carrier. You can bet Verizon will fight tooth and nail through legal channels and lobbying to get its way. There is no way Verizon will turn its back on the checks it gets for the privacy violations it commits. It all feels like a Faustian deal where Verizon offers us 4G network coverage in return for placing our privacy souls for sale. It makes me want to ask them, can you hear "us" now, walking out the door?