(No) Surprise! AT&T is Tracking You Too!

Yesterday, I blogged about how Verizon Wireless was inserting a “perma-cookie” into their users’ web traffic, so they can track and sell customer browsing data to advertisers. They’re adding  what’s called an X-UIDH header to every HTTP request that you send through their network, and to make matters worse, they’re offering no good way to opt-out of the program.

Unfortunately, it turns out Verizon Wireless isn’t the only carrier trading its users’ privacy for extra profit. It turns out that AT&T Wireless is up to the same nonsense. If you’re an AT&T Wireless customer, you can see for yourself by pointing your browser to this page and looking at your HTTP headers: request.urih.com

If you’re on AT&T Wireless you’ll see something like this in your header data:

X-acr: 486E03-F2A….

This is a unique ID that AT&T has assigned to you, to track your personal web browsing habits. But, this isn’t just a regular cookie. AT&T is using “deep packet inspection” to take apart your HTTP request, and insert that line into it before passing your request onto the website, so that it appears to come from you.

Why are they doing this?

So that they can sell your information to websites and advertisers. Because apparently, you’re not paying AT&T and Verizon Wireless enough already. And, it’s not just them, bloggers have exposed other carriers leaking user information on several occasions.

I’ve seen customers complaining in droves across the Internet, and I’ve had enough too. The carriers can’t be trusted, and the government doesn’t seem to care. From now on, I’m wrapping my Internet traffic in a VPN, so that carriers can’t track me with their perma-cookie. With Speedify on my PC or Mac, and OpenVPN on my iPhone, I’ll be safe from the prying eyes of carriers and their advertisers.

What you can do about it

If your ISP is using perma-cookies, here’s the best way to ensure that your personal browsing data is safe, too:

  • Opt-out from the program: Even if you can’t opt-out from your ISP’s traffic mining fully, you should be able to at least prevent them from selling your data.
  • Watch for the lock by the URL box: Web sites that do *anything* with your personal information should be all HTTPS (and can’t be tracked via perma-cookies). Watch for the lock by your browser’s address bar.
  • Use a VPN: If you don’t want to be spied on when hitting other sites, you’re going to need a VPN to to wrap your traffic. There are plenty of options out there, but Speedify might be the right choice for you. Since it’s focused on speed, Speedify will let you hide your traffic from your ISP without slowing your browsing down to a crawl.

Alex Gizis is CEO of Speedify. Follow him on Twitter @alexgizis and learn more about Speedify at speedify.com