EFF: Use VPN to avoid Verizon’s tracking header

If you are a Verizon mobile customer, here is another reason to start using VPN or Tor: to protect your online movements from being tracked by website owners and third-party advertisers in order to create a profile of your web browsing habits.

As you might or might not know, Verizon Wireless has, for the last two years, been injecting X-UIDH, a unique HTTP header, in it users’ web traffic in order to be able to “follow” them around the web and share that information with their advertising partners.

Unfortunately, this header is injected by default, and can’t be “turned off”. Even if you tell the company to remove you from their Relevant Mobile Advertising program, they will only stop using it themselves, but it won’t be removed.

And this “perma-cookie,” as EFF technologist Jacob Hoffman-Andrews calls it, will continue to provide information to every web server the user visits – and data brokers and ad networks are sure to take advantage of this. In fact, there are indications that some already have.

The X-UIDH can’t be blocked by current built-in browser privacy mechanisms – no Incognito Mode or Private Browsing Mode, no blocking of third-party cookies, no Do Not Track orders will defeat it.

Until Verizon decides not to stop injecting this tracking header into users’ traffic, users are stuck with only a few options to block it completely.

“Verizon can only modify plaintext traffic. It can’t modify encrypted requests without breaking the whole connection. There are four options for encrypting web requests: HTTPS, an encrypted proxy, a VPN, or Tor. Only a VPN or Tor provide full protection in this case,” says Hoffman-Andrews.

“The best protection against this specific problem is to use a VPN that encrypts all requests made from your phone, regardless of whether they were made by an app or a browser. Most VPNs are paid services, and when using a VPN you have to trust the VPN operators the same way you would normally trust your ISP. Advanced users can also use Tor via Orbot Android app in transparent proxy mode. Tor is free, but you have to trust exit node operators not to interfere with your connection,” he explained.

This advice is worth following, especially as there are reports that AT&T is looking into using a similar header for targeted advertizing purposes.