See these two EFF articles about how Verizon puts a tracker ID in the header of a http request, circumventing anti-cookie measures:
- Verizon Injecting Perma-Cookies to Track Mobile Customers, Bypassing Privacy Controls
- How Verizon and Turn Defeat Browser Privacy Protections
How does this technically work? Can the user see that this header is inserted?
I don't have Verizon, so I can't test it. The EFF article mentions two websites that can test for this header. They require that you do not use wifi. Apparently Verizon only uses this for mobile browsing, but I guess this can be used for all browsing - not?
When I do the test on Am I Being Tracked with my phone (4G in Europe) I get the following message: Oops, we received a strange result. Is your Wifi still on? I'm not afraid that this is going on right now, just testing for fun, but still this is strange. Can I test this myself on a private website?
Is there a way to mess with this value? Insert a random user ID in the header with a browser addon or something?
Verizon uses X-UIDH. Other providers may use something else. Is there a way to test for this?
Aucun commentaire:
Enregistrer un commentaire