Last week, privacy advocates turned up some unsettling news: for two years, Verizon's Precision Insights division has been seeding web requests with unique identifiers. If you visited a website from a Verizon phone, there's a good chance the carrier injected a special tag into the data sent from you phone, telling the website exactly who you were and where you were coming from, all without alerting customers or informing the public at large. Today, Forbes' Kashmir Hill reports that AT&T is testing a similar program, although it may be possible to opt out. In both cases, the message is clear: there's a lucrative business in tracking users across the web, and carriers want in on it.
Networks like this have been used for surveillance before
Carriers have usually stayed out of the ad-tracking business, although many of the same divisions have offered pilot programs in tracking users' locations. Instead, most of the tracking on the web happens through third-party firms like Google's Doubleclick, which use easily identified cookies to follow users from site to site. But the carrier programs are inserting trackers at a higher level, in the process of routing data requests, which make the cookies both harder to identify and nearly impossible for a user to shake off.
Verizon and AT&T will tell you they just want to help serve you more relevant ads, which isn't so bad on the face of it — but we've seen networks like this used for much more questionable ends, most notably when the NSA took over Google's cookie-tracking network to help target malware injections. Tracking is tracking, and it's hard to tell what else might be built on top of the network once it's in use. For Verizon and AT&T customers — which, put together, compose a little more than two-thirds of US citizens — the result is a comprehensive surveillance system that they didn't approve and, until this month, were largely unaware of.