"I think in some ways it’s more privacy protective because it’s all within one company,” said Verizon’s (chief privacy officer) Zacharia"
Good to know she's looking out for our interests.
For that matter I've always wondered why the tv industry pays so much for inaccurate Nielson data (sometimes still based on diaries) when presumably the cable providers have much more accurate data for many more users.
There is no way most customers are informed and intentionally consenting to them tampering with the HTTP requests they send to include their customer ID.
The obvious expectation of a customer of an ISP is that it sends the data through unchanged.
There really should be provisions in the telecom bill that data traffic is to remain absolutely untouched.
Just imagine phone calls where mentioning the word "pizza" would trigger an advertisement being injected into it.
I remember it, because I had it sitting on my desk for a week before I got around to following the instructions.
Not saying good/bad - just how they treat it.
... if indeed I'm getting any privacy in return. Which I'm not at all sure about.
I expect them to do something about this carrier-level behaviour next iOS. From a technical perspective, what could they do to prevent this?
I think that it'd be cool to have, but I don't think that Apple would ever implement it.
I think a ISP that manipulates data beyond what is necessary for transport should lose it's immunity and associated privileges.
"Verizon Wireless will stop inserting the UIDH after a customer opts out of the Relevant Mobile Advertising program or activates a line that is ineligible for the advertising program. GOVERNMENT AND ENTERPRISE LINES ARE EXAMPLES OF INELIGIBLE LINES. The UIDH will still appear for a short period of time after a customer opts out of the Relevant Mobile."
Emphasis mine. This sort of clause is indicative that anyone with bargaining power would not put up with this. Business users are probably even more valuable to have data on, but the individuals just deal.
Is it possible to make a VPN connection mandatory on a consumer iPhone? It's really a pain having to reconnect manually after I haven't used it for a few minutes.
getcloak.com is a combination app and subscription VPN service that makes it easy. You can either switch it on, or set it to always on. You can decide which wi-fi networks (or cellular) to "trust" (exception to always-on).
The VPN, including always-on functionality, is implemented by iOS. The Cloak app merely configures it via API (or via configuration profiles prior to iOS 9).
Source for the site is here if you're interested: https://github.com/wyattjoh/HeadersCheck
https://devcenter.heroku.com/articles/http-routing
> X-Forwarded-For
> X-Forwarded-Proto
> X-Forwarded-Port
> X-Request-Start
> X-Request-Id
> Via
> X-Request-Id
"dnt": "1"
Could be a bug in Firefox, since visiting your site with Safari doesn't send the header at all (which is how it's supposed to work).
Edit: Sorry about the noise. It's not your site, and it's not Firefox. NoScript took it upon itself to set this header!
Anyone have good privacy resources for mobile/iOS. My phone security is nowhere near where it should be.
Disclosure: I maintain the site
I guess it could be automated in a small way too, such that if the cookie was detected as being returned to the browser then the site gets flagged and it won't get it again.
Alternatively, only add the cookie when requesting pages from partner sites known to be tracking it.
It's not entirely clear from the article whether it's "Set-Cookie" being injected in to replies, or the "Cookie" header in to requests, or both.
Interesting times nonetheless.
One downside is that the original submitter of a story doesn't always end up with the karma for it.
Thanks for getting back to me quickly yesterday and restoring my old hn name. I still seem to be unable to connect from my entire network, and I have gotten a few arbitrary upvotes, but no one has responded to any comment or submission since yesterday. Coupled with connectivity issues, would you mind double checking there is not a ri.ri.cox.net ip address that was banned at a software level, begins with 72 and ends with 48. Sorry to reply here, just trying to confirm if i am visible. Thanks for the reply yesterday, cheers.
======================
Edit
====•==================
i somehow am having traffic timeout to most cloudflare severs. Sorry to bother you again, you were super helpful. Going to try and figure this out or find a direct ip if it exists. Super fast, really pleasant response yesterday. Thanks again. I am def. visible.
Not arguing for/against, just want to know reasons beyond "i just dont like it".
This kind of aggressive and underhanded behavior should be shamed as it violates the trust that users have in their ISPs.
I get why zombie cookies are bad as it takes control away, but what is the issue surrounding plain tracking of behaviours? So what if a company knows the history of sites you've visited - what does this do against you?
The "internet noise" is everyone who actually understands what's going on, and is rightfully upset.
Just last week there was a local primetime news story about internet history collection. But it hasn't at all stopped the usage of Google, Facebook or the hundreds of services that collect data. The issue with surveys is people will always say one thing but will do something else. Thoughts/words != actions.
At what point and how do we measure education vs apathy and decide which is true?
Now, imagine that it's happening in China.
You don't have to. They're actively building it.
Advertisers in the US would kill to get that kind of an individualized profile. So would insurance companies, credit card issuers, etc.
How long before you employer demands access? Because guaranteed that someone in Congress would agree that it's a good idea.
How long before Homeland Security becomes interested?