Verizon has followed through on a promise made earlier this year to let people avoid a controversial technology that relies on injecting tracking code into users' Web traffic.
That tracking code, a unique identifier known as the UIDH, can't be deleted by users. Instead, it is sent to every unencrypted site that people visited from mobile devices. If people try to delete their cookies, the headers can be used to recreate the information that had been stored on them. Verizon draws on those headers to compile ad-targeting profiles.
When Verizon began injecting tracking headers, the company said people could opt out of receiving targeted ads, but couldn't avoid having the code inserted into their mobile traffic. Privacy advocates pointed out that this system enabled outside ad networks to create their own ad profiles of Verizon users, but Verizon dismissed those concerns as unlikely.
The telecom was wrong. It emerged earlier this year that the ad company Turn drew on the UIDHs to track Verizon users and send them targeted ads, even when they attempted to avoid tracking by erasing their cookies.
The revelations prompted lawmakers to question Verizon. Faced with Congressional pressure, the company said in February that it would revise its program and allow people to opt out of the tracking headers.
This week, the company announced that it has updated its systems and will no longer insert the UIDH if people opt out of the “Relevant Mobile Advertising” program.
Some privacy advocates, however, say that this type of comprehensive tracking, combined with unshakable headers, should require users' opt-in consent.
It's not yet clear whether policymakers or the courts will agree. In February, a Mississippi resident challenged Verizon's headers in court, but she quietly withdrew that lawsuit last week, according to court records.
But even if Verizon doesn't face litigation, the Federal Communications Commission could still step in and tell the company that it needs to obtain users' explicit consent before engaging in this kind of tracking. Now that the FCC has reclassified Internet access as a common-carrier service, the agency is expected to issue regulations aimed at protecting broadband subscribers' privacy. It would be surprising if the FCC didn't at least consider imposing restrictions on tracking by broadband providers.