W3C home > Mailing lists > Public > www-tag@w3.org > January 2015

Re: Verizon Wireless ISP-injected tracking info used to reconstruct deleted cookies

From: Eric J. Bowman <eric@bisonsystems.net>
Date: Wed, 21 Jan 2015 20:05:30 -0700
To: Noah Mendelsohn <nrm@arcanedomain.com>
Cc: "www-tag@w3.org" <www-tag@w3.org>
Message-Id: <20150121200530.a624aaace9893785fc5a9546@bisonsystems.net>
Noah Mendelsohn wrote:
>
> Wondering if this is of interest to the TAG [1,2,3]? The claim is
> that Verizon Wireless (and earlier also AT&T) is injecting tracking
> information into mobile users' Web traffic, and that an ad agency is
> using that to reconstruct deleted cookies.
> 

I would hope so.

My issue with what Verizon's doing, is the lack of consent by the user;
or lacking that, any way to opt out. Or lacking even that, to at least 
inform the user. Quite different from signing up for injected Web ads
in exchange for Internet/E-mail access, via user-configured proxy.

Metaphor: Are port scanners sysadmin or hacker tools?

While that's out-of-scope to the TAG, it's the same paradox as content
injection (IMO), and worthy of TAG comment -- even just to describe it
in terms of my metaphor.

In terms of nefarious use, I know it when I see it, but I don't see it
everywhere I look.

>
>   Also wondering whether, apropos the recent debates about moving to
> HTTPS, companies like Verizon would be able to MITM HTTPs traffic to
> play games like this. Seems to depend on the cert control provided by
> mobile browsers, and I'm concerned that in practice many of the
> browsers come from the ISPs, which supply the phones, which check the
> certs....
> 

This has been going on for ages. What's new is categorizing it as MitM
with all the "attack" connotation baggage that brings along with it, in
the use case where it's opted into. Or considering it in terms of mobile
Internet. Others have long called it a "business model". Sometimes it's
opted into by agreeing to a TOS, where I'd prefer opt-in based on users
having to configure browser settings for it, but I see where if that
was the business I was in, I'd think otherwise. Either way, I hesitate
to call it fraudulent outright.

-Eric
Received on Thursday, 22 January 2015 03:06:12 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:09 UTC