• United States



They’re baaaack! Verizon’s zombie cookies to track users across massive AOL ad network

Oct 07, 20154 mins
Data and Information SecuritySecurity

Verizon will use its dreaded supercookie to track and share users' personal details and browsing histories with the massive AOL ad network.

Remember Verizon’s zombie cookies, hidden super-cookie identifiers that tracked users across the Internet? They’re baaaack!

They're back moviemaniacsDE

Poltergeist screenshot

Verizon was previously caught manipulating users’ traffic by inserting supercookies. “By attaching a Unique Identifier Header to all traffic that passes through their network, Verizon could effectively build profiles about users habits, the sites they visit, and deliver targeted advertisements based on this tracking,” explained EVDO. “This Unique Identifier Header was then popularly renamed the ‘Zombie Cookie’ since even after being deleted, the tracking cookie would be added back to the network and users would be tracked again.”

Verizon, which has about 135 million wireless subscribers, resisted giving users a way to opt-out, but finally caved to pressure. Since then, the company paid about $4.4 billion to gobble up AOL, with the acquisition finalized in June 2015. According to Verizon’s October 2015 privacy notice, which was first spotted by ProPublica, it will share users’ profiles with AOL’s ad network beginning in November. “That means AOL’s ad network will be able to match millions of Internet users to their real-world details gathered by Verizon, including — ‘your gender, age range and interests’.”

But wait, that’s not nearly all as Verizon reported:

The Relevant Mobile Advertising program uses your postal and email addresses, certain information about your Verizon products and services (such as device type), and information we obtain from other companies (such as gender, age range, and interests). The separate Verizon Selects program uses this same information plus additional information about your use of Verizon services including mobile Web browsing, app and feature usage and location of your device. The AOL Advertising Network uses information collected when you use AOL services and visit third-party websites where AOL provides advertising services (such as Web browsing, app usage, and location), as well as information that AOL obtains from third-party partners and advertisers.

You might be thinking, pfft, who still uses AOL, but AOL’s ad network is quite extensive. Verizon’s chief privacy officer claimed the identifiers will be shared with only “a very limited number of other partners and they will only be able to use it for Verizon and AOL purposes.” Hopefully you didn’t buy that and don’t feel comforted.

ProPublica explained:

Privacy advocates say that Verizon and AOL’s use of the identifier is problematic for two reasons: Not only is the invasive tracking enabled by default, but it also sends the information unencrypted, so that it can easily be intercepted.

“It’s an insecure bundle of information following people around on the Web,” said Deji Olukotun of Access, a digital rights organization.

Yet Verizon’s chief privacy officer Karen Zacharia wants you to believe “it’s more privacy protective because it’s all within one company. We are going to be sharing segment information with AOL so that customers can receive more personalized advertising.” Perhaps she nearly choked on that one as every privacy officer knows that it is the dream of users to be tracked across the web via unkillable zombie cookies so their info can be shared in return for better advertising. Yes, that was sarcasm about the supercookies, which will be shared with a “very limited number of other partners.”

How limited is this cozy privacy-protective network? Well, let’s see shall we? Verizon said its “family of companies offers a wide and growing variety of free services, including The Huffington Post, MapQuest, and our new mobile video service, go90.” The “AOL Network refers to AOL-owned rich media branded properties, including but not limited to the Huffington Post Media Group, MapQuest, MovieFone, Techcrunch, etc.” It also includes AOL Advertising, which includes that calls itself a “massive premium, cross-screen network with 596M global unique visitors.”

Put another way by ProPublica, AOL’s ad network alone is on about 40% of websites. I suppose 40% is “limited” if your goal was to take over the world, but the reality is that AOL has a massive ad network. Users are automatically opted in, so unless you opt out by logging into your Verizon account or calling 866-211-0874, then get ready to be tracked.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.