AT&T Mobility, the nation’s second-largest cellular provider, says it’s no longer attaching hidden internet tracking codes to data transmitted from its users’ smartphones. The practice made it nearly impossible to shield its subscribers’ identities online.
The change by AT&T essentially removes a hidden string of letters and numbers that are passed along to websites that a consumer visits. It can be used to track subscribers across the internet, a lucrative data-mining opportunity for advertisers that could still reveal users’ identities based on their browsing habits.
Verizon Wireless, the country’s largest mobile firm, said Friday it still uses this type of tracking, known as “super cookies.” Verizon spokeswoman Debra Lewis said business and government customers don’t have the code inserted. There has been no evidence that Sprint and T-Mobile have used such codes.
“As with any program, we’re constantly evaluating, and this is no different,” Lewis said, adding that consumers can ask that their codes not be used for advertising tracking. But that still passes along the codes to websites, even if subscribers say they don’t want their data being used for marketing purposes.
The tracking codes are part of the latest plan by the cellular industry to keep tabs on users and their devices. While the codes don’t explicitly contain personal information, they’re unique and nonetheless sent to websites alongside personal details that a user may submit voluntarily – like a name or a phone number.
That means enough data can transform a large chunk of random digits into a digital fingerprint that’s as identifying as a Social Security number. AT&T said its tracker was part of a testing project that’s been phased off of its network.
“This is more like a license plate for your brain,” said Jacob Hoffman-Andrews, a senior staff technologist with the Electronic Frontier Foundation, a civil-liberties organization that opposed the practice. “Everything you wonder about and read and ask the internet about gets this header attached to it. And there are ad agencies out there that try to associate that browsing history with anything that identifies you.”
For mobile users, the quest for online privacy isn’t easy. Even if subscribers wanted to switch service providers to what they think is a more privacy-friendly carrier, they would likely be slapped with hundreds of dollars in early-termination fees before leaving.
The magazines Wired and Forbes first reported last month that Verizon and AT&T were inserting the tracking numbers, even if their subscribers wanted to opt out. The investigative website ProPublica also discovered that Twitter’s advertising arm was using Verizon’s tracking codes, which could be used to build a dossier about a person’s behavior on mobile devices.
Some cell providers already collect and store the approximate location of their subscribers’ phones, according to government documents from 2010. That has raised alarm among privacy advocates, who fear government investigators can obtain such personal data and even track Americans’ movements without their knowledge or consent.
Consumers’ interest in privacy and their digital anonymity has intensified in recent years, following revelations by former National Security Agency analyst Edward Snowden. Top-secret NSA documents he leaked to journalists revealed the NSA was collecting the phone records and digital communications of millions of citizens not suspected of a crime, prompting congressional reform.
On Thursday, The Wall Street Journal reported that the U.S. Marshals Service was flying airplanes above American cities to secretly collect certain cellphone information from criminals while incidentally gathering data from innocent Americans. The Justice Department would not confirm the practice, but said in a statement Friday the Marshals Service “does not maintain any databases for the purposes of retaining cellphone information of the general public.”