November 14, 2014 | By Jacob Hoffman-Andrews

AT&T Ditches Tracking Header Program; Verizon Still Refuses

Julia Angwin reported late Thursday that AT&T is dropping their tracking supercookie program. This comes in the wake of massive customer pressure over the discovery that AT&T and Verizon were quietly inserting unique tracking identifiers in their customers' web browsing and app data, by means of an HTTP header. The tracking identifiers quickly became known as "supercookies" because they enable tracking, like cookies, but cannot be removed.

AT&T told Angwin that the header program "has been phased off our network." Security researcher Kenn White, who operates a site to check whether a carrier inserts the header, partially confirmed the report. White said "it's not zero, but as a relative proportion, down over 90% and falling." At least one person found that AT&T is still sending the header, so it's important that AT&T do a full review of their network to ensure the phase-out is truly complete. Angwin also reports that Verizon is continuing its tracking program. EFF's own tests so far confirm the tracking header is now absent from accounts that were previously subject to header injection.

Decline in observed AT&T headers. Chart by Kenn White.

This move by AT&T leaves Verizon out in the cold as the only remaining US provider to insert these tracking headers, and shows that concerned customers can produce meaningful change in their carriers' policies. It is also a victory for carrier non-interference with customer data. We call on Verizon to follow AT&T's lead and terminate their tracking header injection program or convert it to a true opt-in, immediately.

There have also been reports of international mobile providers doing similar tracking header injection. We call on all network providers globally to respect their customers' data and not inject tracking headers.

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Documentary filmmakers press Justice Department to intervene when police arrest grassroots journalists

Aug 25 @ 7:07pm

Exciting to spot @HTTPSEverywhere on Mr. Robot last night. We promise we won't let the fame go to our heads.

Aug 25 @ 5:21pm

If you have an iPhone, it's important that you upgrade iOS today.

Aug 25 @ 3:53pm
JavaScript license information