Anti-privacy award for most monitoring across the web goes to U.S. wireless carriers

18.08.2015
Wireless carriers worldwide are still tracking users via "supercookies" or "perma-cookies," yet Americans are tracked by U.S. wireless carriers more than any other carrier in any other country, according to a new report by the digital rights group Access. "Injecting tracking headers out of the control of users, without their informed consent, may abuse the privileged position that telcos occupy." Those tracking headers "leak private information about users and make them vulnerable to criminal attacks or even government surveillance."

It came to light in 2014 that Verizon Wireless and AT&T were injecting special tracking headers, aka "supercookies," to secretly monitor users' web browsing habits. So Access setup the "Am I being tracked" website for users to find out if their mobile carriers were tracking the websites they visited on their phone. More than 200,000 people from 164 different countries tried out the Amibeingtracked tool; 15.3% were being tracked by tracking headers deployed by their wireless carriers. Of those, the most monitoring occurred in the U.S.

Most people don't bother to read their wireless carrier's End User License Agreement, but Access explained, "You may not realize that when you check a box on the application form you may be enrolling in an invasive tracking program that you cannot control — one that could potentially expose you to surveillance by governments or exploitation by criminals."

Headers are not evil, as they are needed for you to use the Internet, but tracking headers are different and very unfriendly to privacy. There's nothing you can do to stop such tracking as carriers exert their control by injecting tracking headers.

Access researchers included helpful graphics to explain tracking headers:

In "The Rise of Mobile Tracking Headers: How Telcos Around the World Are Threatening Your Privacy" (pdf), Access researchers wrote:

You may hear such tracking called by many names, such as by a carrier's use of supercookies, perma-cookies and zombie cookies, but Access researchers say those are "inaccurate" terms; instead "tracking header" best describes the header injected by carriers out of the control of the user. Below is the breakdown of tracking by country.

The data provided by Access shows Verizon as the top offender in regards to monitoring its users with tracking headers, followed by AT&T. AT&T agreed to stop using such tracking methods in November 2014; it wasn't until 17 weeks later that AT&T stopped injecting tracking headers and stopped showing up on Amibeingtracked. Access also noted that Cricket was monitoring US users with tracking headers, but there needs to be a bigger pool of data as it was tested less than 10 times.

About 18,900 Verizon users and approximately 5,700 AT&T users who tried the Amibeingtracked tool between November 2014 and April 2015 were being tracked by their carriers. Verizon is still showing up on the chart because users are opted-in by default, meaning it's on the user to take responsibility and follow the necessary steps if they want to opt-out.

Yet a different breakdown of the data shows the highest percentage of tracking by carrier.

Other key findings in the Access report include:

It's not only Access warning about such tracking; the W3C Consortium is against unsanctioned web tracking as it is "actively harmful to the web" and "may introduce privacy, security and consumer protection concerns."

Access pointed out that not all carriers disrespect their users' privacy by secretly monitoring them with tracking headers, but others telcos also need be "freedom providers."

Access has a "Telco Action Plan" as well as a list of recommendations, including developing policies and practices that provide guidelines for safeguarding users' right to privacy.

(www.networkworld.com)

Ms. Smith