"I think in some ways it’s more privacy protective because it’s all within one company,” said Verizon’s (chief privacy officer) Zacharia"
Good to know she's looking out for our interests.
For that matter I've always wondered why the tv industry pays so much for inaccurate Nielson data (sometimes still based on diaries) when presumably the cable providers have much more accurate data for many more users.
There is no way most customers are informed and intentionally consenting to them tampering with the HTTP requests they send to include their customer ID.
The obvious expectation of a customer of an ISP is that it sends the data through unchanged.
There really should be provisions in the telecom bill that data traffic is to remain absolutely untouched.
Just imagine phone calls where mentioning the word "pizza" would trigger an advertisement being injected into it.
I remember it, because I had it sitting on my desk for a week before I got around to following the instructions.
Not saying good/bad - just how they treat it.
... if indeed I'm getting any privacy in return. Which I'm not at all sure about.
I expect them to do something about this carrier-level behaviour next iOS. From a technical perspective, what could they do to prevent this?
I think that it'd be cool to have, but I don't think that Apple would ever implement it.
I think a ISP that manipulates data beyond what is necessary for transport should lose it's immunity and associated privileges.
"Verizon Wireless will stop inserting the UIDH after a customer opts out of the Relevant Mobile Advertising program or activates a line that is ineligible for the advertising program. GOVERNMENT AND ENTERPRISE LINES ARE EXAMPLES OF INELIGIBLE LINES. The UIDH will still appear for a short period of time after a customer opts out of the Relevant Mobile."
Emphasis mine. This sort of clause is indicative that anyone with bargaining power would not put up with this. Business users are probably even more valuable to have data on, but the individuals just deal.
Is it possible to make a VPN connection mandatory on a consumer iPhone? It's really a pain having to reconnect manually after I haven't used it for a few minutes.
getcloak.com is a combination app and subscription VPN service that makes it easy. You can either switch it on, or set it to always on. You can decide which wi-fi networks (or cellular) to "trust" (exception to always-on).
The VPN, including always-on functionality, is implemented by iOS. The Cloak app merely configures it via API (or via configuration profiles prior to iOS 9).
Source for the site is here if you're interested: https://github.com/wyattjoh/HeadersCheck
https://devcenter.heroku.com/articles/http-routing
> X-Forwarded-For
> X-Forwarded-Proto
> X-Forwarded-Port
> X-Request-Start
> X-Request-Id
> Via
> X-Request-Id
"dnt": "1"
Could be a bug in Firefox, since visiting your site with Safari doesn't send the header at all (which is how it's supposed to work).
Edit: Sorry about the noise. It's not your site, and it's not Firefox. NoScript took it upon itself to set this header!
Anyone have good privacy resources for mobile/iOS. My phone security is nowhere near where it should be.
Disclosure: I maintain the site
I guess it could be automated in a small way too, such that if the cookie was detected as being returned to the browser then the site gets flagged and it won't get it again.
Alternatively, only add the cookie when requesting pages from partner sites known to be tracking it.
It's not entirely clear from the article whether it's "Set-Cookie" being injected in to replies, or the "Cookie" header in to requests, or both.
Interesting times nonetheless.
One downside is that the original submitter of a story doesn't always end up with the karma for it.
Thanks for getting back to me quickly yesterday and restoring my old hn name. I still seem to be unable to connect from my entire network, and I have gotten a few arbitrary upvotes, but no one has responded to any comment or submission since yesterday. Coupled with connectivity issues, would you mind double checking there is not a ri.ri.cox.net ip address that was banned at a software level, begins with 72 and ends with 48. Sorry to reply here, just trying to confirm if i am visible. Thanks for the reply yesterday, cheers.
======================
Edit
====•==================
i somehow am having traffic timeout to most cloudflare severs. Sorry to bother you again, you were super helpful. Going to try and figure this out or find a direct ip if it exists. Super fast, really pleasant response yesterday. Thanks again. I am def. visible.
Not arguing for/against, just want to know reasons beyond "i just dont like it".
This kind of aggressive and underhanded behavior should be shamed as it violates the trust that users have in their ISPs.
I get why zombie cookies are bad as it takes control away, but what is the issue surrounding plain tracking of behaviours? So what if a company knows the history of sites you've visited - what does this do against you?
The "internet noise" is everyone who actually understands what's going on, and is rightfully upset.
Just last week there was a local primetime news story about internet history collection. But it hasn't at all stopped the usage of Google, Facebook or the hundreds of services that collect data. The issue with surveys is people will always say one thing but will do something else. Thoughts/words != actions.
At what point and how do we measure education vs apathy and decide which is true?
Now, imagine that it's happening in China.
You don't have to. They're actively building it.
Advertisers in the US would kill to get that kind of an individualized profile. So would insurance companies, credit card issuers, etc.
How long before you employer demands access? Because guaranteed that someone in Congress would agree that it's a good idea.
How long before Homeland Security becomes interested?
[0]: http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with...
I had all sorts of intermittent problems like this about 18 months ago. In my particular case it was
The web server reported a bad gateway error.
One thing to try is to set up a Personal Hotspot on a phone, and point your laptop at that. In my case I would still see the same errors.
Good luck.
Edit: this may be nothing but IIRC I had more problems trying to access HN anonymously than if I was logged in. Sounds crazy, but most intermittent problems are exactly that: crazy.
We'll never if we dont even start that discussion. I just expected HN to not act like reddit or other sites that downvote for disagreement.
They plan to (eventually) only send this to Verizon-owned (or contracted) servers. This has two roughly equivalent corollaries:
1. They don't need to use a header for this because they can trivially accomplish the same thing with a database of IP addresses.
2. They can trivially accomplish this with a database of active IP addresses, so it doesn't really matter if they use a header or not.
Incidentally, other ISPs do this too, but for more benign reasons because they don't (as far as I know) own an ad network: for example, T-Mobile automatically logs you in to My T-Mobile when you access it over 3G. Basically, if your ISP wants to track you, they will have no trouble with this (except to the extent that they can be stopped with SSL). You'll just have to switch ISPs, if possible.
If they want to make some possibly non-standard protocol adjustments they mutually understand, they should be able to inject it, too. Researching the protocols/crypto to understand that more and trying to produce a POC are side-projects on my list, maybe some day.
The root of the issue is that your ISP often knows who you are, every site you connect to knows who your ISP is, and they have incentives to trade notes on you and few reasons not to.
Most ISPs will use tracking at a much lower network layer and provide APIs for partners to match up IDs on demand. No need for HTTP headers.
Apple is only blocking internet ads, not in-app ads, which makes it obvious that they're targeting content creators to push them to either Apple newsstand or iOS apps, where Apple gets a cut of the ads.
It's disappointing because Apple is using their mobile marketshare to attack and fragment the open web. Users either don't understand or don't care because they have cognitive bias towards ads to begin with - e.g. people only attribute negative ad experiences to ads, never good experiences (w/ few exceptions like the superbowl).
Most ads used to be in Flash which was blocked by default since not working on Ios, then everything turned into big and slow HTML5 stunts to replace Flash, which has the exact same effect as Flash : battery drain,... .
Apple, on the other hand controls the in-app anything experience.
Not saying to it's right , just saying that how Apple justifies its strategy.
And what could transform public opinion of the software to the positive, over night, better than Apple adopting it?
I could invent many hypotheticals in this vain but privacy is something worth protecting.
Are employers getting access to search data today? I'm not sure that's happening. Most 3rd party tracking isn't that accurate in coming up with interests/segments for the user in the first place and 1st party data is well protected in that it's what gives the holder value.
I think privacy is important, but there a lot of levels here and browsing history (while valuable) for advertising is not as big of an issue as other wholesale data collection that we see out there.
The more it's used, the cheaper it becomes to collect and sell. The issue is never about how it is used today; always about how it can be used in the future.
You can always find a way to work for yourself and avoid passing an employer background check. I'm more worried about political parties and private eyes -- blackmail, extortion, ugly divorce proceedings, etc. This can have a chilling effect on free speech and curiosity.
The Jacob Applebaum talk explaining linkability.[1]
Anyone who has access to any website where you logged into an account you publicly admit to owning can link your public identity to any private/anonymous persona, given another marketing data source. Verizon "owns the data", but not really. They are the original owner of the data, but eventually Expirion (target of the recent T-Mobile-Experion data theft) and the other credit reporting agencies will have your X-UIDH. Facebook, Twitter, and Google will know as soon as you log in once. They will be able to identify all of your accounts, perhaps even if you use a VPN.
As with any other high tech tracking, the average end-user is either unaware of the zombie cookie or unaware of the full capabilities of the linkability of it.
I get that most people have uninteresting data but don't want it collected anyway, but what happens if it is? (Because it is right now). What is it doing to them today? More targeted ads? More spam? More...? That's what I'd like to know.
>I get that most people have uninteresting genitals but don't want it seen anyway, but what happens if it is? (Because it is right now). What is it doing to them today? More targeted ads? More spam? More...? That's what I'd like to know.
>What exactly is the big aversion to nudity? The vast majority has shown (via actions, not internet noise) that they don't care so what exactly is the big downside? Not arguing for/against, just want to know reasons beyond "i just dont like it".
I'm not saying you're taking a stance against privacy by any means, but changing only a single word in your statements makes them laughable. Would you tell someone embarassed about a wardrobe malfunction in public that you just couldn't understand why they would feel uncomfortable? How about someone who is the victim of identity theft? Now extend that to someone who's entire internet browsing history was made available to corporate and governmental institutions.
I don't want my privacy violated because it makes me feel violated - why should anyone need a better reason than that?
lastly, think about what we would classify as 'creepy facebook stalking' by a person - why should corporations and governemntal institutions be immune to that creepy classification?
It takes a small attack surface and multiplies it exponentially, making you more vulnerable to any criminal out there.
Is not wanting your identity stolen enough of a reason?
It makes any positive steps you've taken to protect your privacy utterly meaningless.
Social eng. is more of an issue in dealing with people and public information, not private analytics.
That is literally called FRAUD in the US: "the deception of someone for the purpose of financial gain".
and stop calling it private, it wont be fucking private when (not if, but when) your network gets breached.
All the big tech companies have had data breaches, but suddenly your network is going to out-shine them all? God that's laughable.
Oh, and when that happens, you will be sanctioned by every consumer protection agency, and bankrupted by class-action suits. Have fun!!!