- From: Eric J. Bowman <eric@bisonsystems.net>
- Date: Wed, 21 Jan 2015 20:05:30 -0700
- To: Noah Mendelsohn <nrm@arcanedomain.com>
- Cc: "www-tag@w3.org" <www-tag@w3.org>
Noah Mendelsohn wrote: > > Wondering if this is of interest to the TAG [1,2,3]? The claim is > that Verizon Wireless (and earlier also AT&T) is injecting tracking > information into mobile users' Web traffic, and that an ad agency is > using that to reconstruct deleted cookies. > I would hope so. My issue with what Verizon's doing, is the lack of consent by the user; or lacking that, any way to opt out. Or lacking even that, to at least inform the user. Quite different from signing up for injected Web ads in exchange for Internet/E-mail access, via user-configured proxy. Metaphor: Are port scanners sysadmin or hacker tools? While that's out-of-scope to the TAG, it's the same paradox as content injection (IMO), and worthy of TAG comment -- even just to describe it in terms of my metaphor. In terms of nefarious use, I know it when I see it, but I don't see it everywhere I look. > > Also wondering whether, apropos the recent debates about moving to > HTTPS, companies like Verizon would be able to MITM HTTPs traffic to > play games like this. Seems to depend on the cert control provided by > mobile browsers, and I'm concerned that in practice many of the > browsers come from the ISPs, which supply the phones, which check the > certs.... > This has been going on for ages. What's new is categorizing it as MitM with all the "attack" connotation baggage that brings along with it, in the use case where it's opted into. Or considering it in terms of mobile Internet. Others have long called it a "business model". Sometimes it's opted into by agreeing to a TOS, where I'd prefer opt-in based on users having to configure browser settings for it, but I see where if that was the business I was in, I'd think otherwise. Either way, I hesitate to call it fraudulent outright. -Eric
Received on Thursday, 22 January 2015 03:06:12 UTC