Verizon, AT&T Are Watching You

The Electronic Frontier Foundation this week renewed its protests against Verizon Wireless’ and AT&T’s use of supercookies that can’t be deleted or disabled to track customers’ mobile Web-browsing activities without their knowledge.

It’s not as if the carriers’ tracking is new — Verizon has, by its own admission, been using these supercookies for two years. However, that has not been generally known.

The Electronic Frontier Foundation’s Senior Staff Technologist Jacob Hoffman-Andrews last monthtweeted about the practice, kindling outrage in the blogosphere.

Hoffman-Andrews elaborated on the issue in a Tuesday post.

“Verizon and AT&T should immediately stop modifying their customers’ Web browsing to insert the supercookie, and should re-engineer the program so that it functions on a true opt-in basis,” he told the E-Commerce Times. “Modifying customer Web browsing is too invasive to do without consent.”

It’s a Spy… It’s a Snoop… It’s a Supercookie!

The supercookies are included in an HTTP header called “X-UIDH,” according to Hoffman-Andrews. They are sent to every unencrypted website mobile device users visit.

They are tied to data plans, so anyone who browses the Web through a hotspot or shares a computer that users cellular data gets the same X-UIDH header as everyone else using those devices.

That could let third-party advertisers build a profile that reveals private browsing activity to coworkers, friends or family through targeted advertising, Hoffman-Andrews suggested.

Further, the header ignores Incognito Mode or Private Browsing Mode because it’s injected at the network layer. It can’t be taken out by disabling third-party cookies in browser settings.

The header also gets injected into mobile apps that send HTTP requests, which means users’ behavior in those apps can be correlated with their behavior on the Web.

Verizon describes this as a key benefit of its system — but it bypasses the “limit ad tracking” settings in iOS and Android that are intended to prevent abuse of unique identifiers by mobile apps, Hoffman-Andrews pointed out.

Finally, the header makes it easy for anyone passively eavesdropping on the Internet to track people, Hoffman-Andrews noted, raising the specter of NSA surveillance.

The New Cookie Monsters

Verizon’s X-UIDH header works “with select ad technology partners” to identify audiences they are trying to reach on mobile devices and to deliver relevant ads to those customers, according to Verizon .

Information about the customers is anonymized, the company said. Customers can opt in to one of the two programs Verizon is running — Verizon Selects — and opt out of the other — Relevant Mobile Advertising.

However, the opt-out merely tells Verizon not to share detailed demographic information with advertisers, Hoffman-Andrews observed.

AT&T has “completed testing of the numeric code that would be part of any new mobile relevant advertising program we may launch,” company spokesperson Emily Edmonds told the E-Commerce Times.

“Any new program we would offer would maintain our fundamental commitment to customer privacy,” Edmonds said, adding that customers would be able to opt out of the ad program.

AT&T’s code changes every 24 hours, she maintained, although security experts previously have pooh-poohed that claim.

Seeking That Mobile Pot O’Gold

The carriers’ moves perhaps should have been expected. Mobile ad spending is expected to surpass US$31 billion this year, eMarketer has forecast.

“Targeted advertising dollars are incredibly valuable,” Joe Hoffman, a practice director at ABI Research, told the E-Commerce Times. “Couple this website tracking with the location data they have, and we are looking at the money-printing machine of tomorrow.”

It’s easy to cross the line in the mobile space, because “there are different rules on mobile than for PCs, and companies are still trying to figure out the best way to use tracking data on mobile,” Josh Martin, a research director at Strategy Analytics, told the E-Commerce Times.

Mobile device users can go here or here to check whether they’re being tracked.

As for solutions, Verizon Wireless customers can use a virtual private network, Hoffman-Andrews said, but such services cost money, and “Verizon customers should not be forced to buy their privacy a la carte.”

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Richard Adhikari
More in Privacy

How often do you update your passwords?
Loading ... Loading ...

Technewsworld Channels

5 Cyber Safety Tips To Survive the Internet, Hackers and Scammers

phone fraud hacker

Navigating the internet can be a trouble-filled journey. Bad actors intent on exploiting uninformed users are constantly lurking behind emails, websites, and social media invites. Even your Wi-Fi router and those now-ubiquitous QR codes can be danger points. Add to that, the never-ending virus and malware threats.

Computer and mobile device users are often unaware of the danger zones. However, the internet need not be a constant trip through the badlands. What it takes to stay protected online is knowing what to avoid and how to protect yourself.

Here are five things in your control to help keep your digital activity safe.

1. QR Codes, Handy but Potentially Harmful

QR Code for
A safe QR code for

These postage-size image links to websites can be convenient. Just point your smartphone camera at it and instantly go to a website, tech support location, discount offer on a purchase, or restaurant menu.

However, QR codes can also take you to a nefarious place where malware or worse is waiting. QR codes can be programmed to link to anything, putting your privacy and security at big risk.

Think before you scan a QR code. If the code is displayed on a website or printed document you trust, it is probably a safe. If not, or you are unsure, check it out.

You can download reputable QR reader apps that will perform a security check on the endpoint of the QR code’s destination. One such safety tool I use is the Trend Micro QR Scanner app, available for Android and iOS.

2. Avoid ‘Unsubscribe’ Email Scams

This is a popular ongoing scam that has a high success rate for hackers. Potential victims get an email for a product offer or other business invitation. The opt-out action step is enticing, looks familiar, and sounds reasonable. “Don’t want to receive our emails? Click here to unsubscribe,” it beckons.

Sometimes the annoying repeat emails ask if you want to unsubscribe from future emails. Some even offer you a link to cancel a subscription.

Do not select any options. Clicking on the links or replying confirms your active address.

Never input your email address in the “unsubscribe me” field, either. More senders will follow.

A better solution to deleting the unwanted email, especially from an unknown sender, is to mark it as spam. That moves it to the spam folder. You also can add that sender to your email program’s block list, or set up a filter to automatically delete it before it reaches your inbox.

Finally, check out the free service There you can unsubscribe from unwanted emails, keep others, or get the rest in a daily digest.

3. Lockout Facebook Hackers

Other villains try to usurp Facebook accounts. Hackers can change your password, email address, phone number, and even add a security code to lock you out of the pirated account. Before trouble happens, be proactive to prevent these situations. Facebook provides the following security settings you need to enable.

Enable two-factor authentication (2FA) to require your login approval on a separate device.

To do this, log in to your Facebook account on a desktop computer and navigate to Settings & privacy. Next, select Security and login. Then scroll down and edit the Two-factor authentication option. 

Facebook two-factor authentication settings

To complete this step, you must enter your Facebook password.

Activate these two additional features to block Facebook hackers:

  • Turn on the Code Generator feature in the Facebook mobile app
  • Set up login alerts to your email

First, open the Facebook mobile app and tap the magnifying glass, enter the term “code generator” and tap the search icon. Tap the result Code Generator to navigate to the next screen, then tap the button “Turn On Code Generator” to get a 6-digit code that changes every 30 seconds. You must enter this code within that short time span to login to your account on another device.

Next, set up alerts about unrecognized logins. You can do this from either a computer or a mobile device.

  • Computer: go to Settings & privacy > Settings > Security and login > Get alerts about unrecognized logins (see above screenshot).
  • Mobile app: tap Menu > Settings & privacy gear icon > Settings. Then tap Password and security. Next, scroll to Setting Up Extra Security > Get alerts about unrecognized logins > tap to select your preferred notification methods.

If you have trouble logging in, head to to fix the problem. If you are unable to login there, go to this Facebook help page instead and fill out the request form for Facebook to review your account. You will need to answer a few security questions to prove your identity. This might include providing proof of ID like a photo of a driver’s license.

4. Secure Your Wi-Fi Router

The flood of people working remotely since Covid put home Wi-Fi routers squarely in hackers’ target sights. As a result, malware attacks on home Wi-Fi networks are on the rise because residential setups often lack the level of security and protection that is found on enterprise networks.

One nasty attack tool, dubbed ZuoRAT, is a remote access trojan designed to hack into small office/home office routers. It can affect macOS, Windows, and Linux computers.

With it, hackers can collect your data and hijack any sites you visit while on your network. One of ZuroRAT’s worst factors is that once your router is infected, it can infect other routers to continue spreading the hackers’ access.

Apply these steps to better secure your home/office Wi-Fi network:

  • Be sure to enable WPA2 or WPA3 encryption on your routers. The default factory setting is often the outdated WEP (Wired Equivalent Privacy) security protocol, or none is set at all. Check the user manual or the router manufacturer’s website for directions.
  • Change your router’s SSID (Service Set Identifier) and password. This is critical. Typically, the factory setting shows the router’s make or model and has a universal password such as 0000 or 1234. Rename the SSID to not easily identify you. Avoid names that include, for example, all or parts of your name or address. Make sure the password is very strong.
  • For added protection, change the router’s password regularly. Yes, this is a big inconvenience because you also must update the password on all your devices that use that Wi-Fi network. But considering it will keep out hackers, it is well worth the hassle.
  • Keep the router’s firmware updated. Check the user manual and/or the manufacturer’s website for steps to download the latest updates.

How do I create a password that is hard to hack?

The strongest passwords have all these characteristics:

  • Lengthy — the more characters, the better
  • A mix of upper-case and lower-case letters, numerals, and special characters
  • No dictionary words or anything related to personal information

Pro Tip: When using a password generator, always change at least a few characters from the random result to create your final credentials.

5. Beware of Phony Tech Support Schemes

Some fraudsters call on the phone to tell you they are a tech support division working for a well-known computer or software company. The caller claims to be calling in response to an alert from your computer of a virus detection or malware on your device. The scammer offers to fix it if you simply provide your credit card number.

Hang up. Your computer is not infected.

A modified version of this tech support scam is a text or email claiming the same details. Do not reply. Just delete the message and move on.

You might also be browsing the web when a pop-up message crashes onto your screen. I have received very loud audio alerts warning me that my computer is at risk and not to turn it off without responding for help.

In all these cases, the scammers want to scare you to comply with their instructions. The action they want you to take to let them fix the alleged problem will hurt your bank account and possibly let them transmit real infections.

Follow these best practices to protect yourself from tech support fraud:

  • Never let a scammer con you into going to a website or clicking on a link.
  • Never agree to a remote connection by the so-called tech support agent that initiated contact to you.
  • Never give payment information in exchange for technical support you did not initiate. Legitimate tech companies will not call you and ask for payment to fix a problem they claim to have discovered on your device.

If you suspect your computer has a virus or malware problem, initiate contact with a repair center yourself. You probably already have a support plan or active warranty from where you purchased the computer. If you have not contacted a tech support company, the call or message you received is illegitimate.

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Cybersecurity

6 Signs Cybercriminals Infected Your Phone and How To Fix It

Unless you are one of those rare folks who shuns the use of cell phones, you are walking around with a ticking cyber bomb in your pocket.

Smartphone malware is an ever-growing threat. More than 5 billion people use mobile phones worldwide. More than 90% of those individuals rely on smart- or internet-enabled phones with an average of 40 installed apps on each phone.

By the end of this year, more than 200 billion apps will have been downloaded from virtual app stores. Therein lies the danger.

Official Apple and Google-controlled software stores are vigilant in weeding out unsafe apps. But many cell phone users rely on rogue and third-party download repositories that are overrun with infectious malware.

The threat does not end at the app stores. Cybercriminals have a toolbox full of methods to slip malicious mobile malware onto your phone. All you have to do is visit the wrong website, click on an embedded link in an email or text message, or open an attached document to enable a cyber trap.

Know the Risks

Mobile malware is a growing cybersecurity concern. It can result in the theft and subsequent sale of your private data.

Adware now is the cause of 42% of new mobile malware worldwide. Banking malware threats, especially on Android devices, are up by 80%.

Having most of the free or even paid antivirus apps on your phones does little to detect or prevent sophisticated cyber assaults, according to the latest reports regarding enterprise security. Nearly half of the free Android antivirus programs do not effectively detect malware.

IPhone security is not impenetrable either. Although Android malware is much more prevalent than iOS infections, cybercriminals are getting better access to iPhones. Both platforms are susceptible to malware that open backdoors into phones through text messaging and other shared file exchanges.

Cybercriminals want your data. Much of the mobile malware is designed to peer into your digital data to steal your various usernames and passwords. That gets them into your bank accounts.

But cyber thieves do not stop there. They also have invasive software that lets them snoop into your audio and video, and track your locations.

What To Do

Start by eliminating some of the loopholes in how you use your smartphone. You want to make it more difficult for cybercriminals to take advantage of you. A great starting point is taking stock of your installed apps.

Android Phones

Go to the settings panel and open the permissions section. Its exact location will vary based on the Android version installed and whatever user interface (UI) overlays the phone’s manufacturer uses.

Generally, you can go to Settings > Apps > See all Apps. Then tap an app name and scroll down the list to tap Permissions.

Check each app for the permissions granted by default. Remove all but the ones the app needs. Question why access to camera, microphone, documents, and photos are required. These are the ways app developers collect your data to monetize the software.

Be sure to toggle on the option to remove permissions and free up space for unused apps. Even better, long press on the app name to uninstall apps you do not use.


Go to Settings > Apple ID > Password & Security

Work your way through the menu items to set up your preferred options. Especially focus on the Apps Using Apple ID section. This is where you can find third-party apps connected to your accounts, such as fitness or email apps.

Keep this list short. Be sure to remove apps you no longer use by touching the Edit button and the red “delete” icon.

Got Malware?

Be suspicious at the first sign of your phone behaving oddly. Both the Android and Apple smartphone platforms present the same set of common symptoms to indicate malware may be at play inside your device. 

It helps if you know the most recent apps you installed and documents or text links you opened. This knowledge can help you troubleshoot a potential malware problem.

If your phone has one or more of these six symptoms, the cause could be malware:

1. Unusual messages and pop-ups
Inappropriate messages or unwanted ad pop-ups are sure signs of mobile malware or spyware.

2. Titles in your app drawer or library you do not recognize
Do an internet search for the title. It may indicate if the app is safe. Delete all unknown app titles.

3. Slow performance
This might mean that you are almost maxed out on your available RAM (random access memory). Remove unused apps and restart your phone. If the slowness remains, suspect malware.

4. High internet usage and/or increased battery consumption
These two symptoms often go hand in hand when malware runs on a device. See below for how to do a system reset to wipe your memory and storage clean, removing the malware as well.

5. Unusual noise or static on your phone connections
This is a telltale sign that a surveillance app is snooping on your phone conversations.

6. Strange voicemail messages or text messages
Getting messages and calls from unknown parties are key indicators that access to your phone is compromised.

Wipe Away the Malware

Resetting or restoring your smartphone is one of the most effective remedies for removing suspected malware. Do this before you waste time and money buying and downloading so-called mobile security solutions. Like most battery savers and memory clearing apps, they are fairly useless.

When finished with these steps you will need to set up your phone again.

Follow these steps to reset your Android smartphone:

Be sure your data is backed up to Google Drive or a comparable solution (see below). Backing up to Google Drive is not a requirement, but it is an easy way forward. You do need to make a backup of at least your personal data. Otherwise, a copy of your data that existed on the device prior to performing the reset will no longer exist.

  • Open Settings and select System
  • Select Reset options
  • Select Erase all data (factory reset)
  • Select Reset Phone at the bottom
  • Select Erase Everything when prompted to confirm you want to perform a factory reset.
  • Download and install your apps again from Google Play

Follow these steps to reset your iPhone:

Back up your data using iCloud or another solution listed below. Make sure, however, that your stored iCloud data is not infected.

  • Go to Settings > General > Transfer or Reset iPhone
  • Tap “Erase All Content and Settings” to clear all apps and data — again, make sure you’ve backed up your data either to iCloud or a local drive!
  • Restart your iPhone and set it up again
  • Download and install your apps again from the App Store

We cannot emphasize enough to make a backup copy of your data.

You will not have access to the data that existed on your device prior to the reset. So please understand that making a backup of your data is your only safeguard against losing it.

Alternative backup locations not mentioned above are Microsoft’s OneDrive or another cloud storage service you use, an XD card in the device, your local computer, or external media such as a USB drive.

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Smartphones