Photo



Verizon Wireless, which has been under fire by privacy advocates since late last year, has decided to make a major revision to its mobile ad-targeting program. Users who do not want to be tracked with an identifier that Verizon uses for ad-targeting purposes will soon be able to completely opt out, the company said on Friday.

In the past, Verizon allowed users to opt out of the marketing side of the program, but they had no option to disable being tagged with its undeletable customer codes, which critics dubbed “supercookies.” Some security researchers quickly illustrated that third parties, like advertisers, could easily exploit Verizon’s persistent tracking to continually follow a user’s web browsing activities.

In a recent interview, Praveen Atreya, a Verizon director who helped develop the technology behind the mobile marketing program, said the company was considering allowing its subscribers to opt out of being tagged with its undeletable customer codes. On Friday, Verizon confirmed this decision.

Debi Lewis, a Verizon spokeswoman, issued this statement:

Verizon takes customer privacy seriously and it is a central consideration as we develop new products and services. As the mobile advertising ecosystem evolves, and our advertising business grows, delivering solutions with best-in-class privacy protections remains our focus. We listen to our customers and provide them the ability to opt out of our advertising programs. We have begun working to expand the opt-out to include the identifier referred to as the UIDH, and expect that to be available soon. As a reminder, Verizon never shares customer information with third parties as part of our advertising programs.

The about-face from Verizon comes less than a day after four Democratic members of the Senate’s powerful Committee on Commerce, Science and Transportation sent a letter to Lowell C. McAdam, the chief executive of Verizon, criticizing the company’s data security and privacy ​practices and demanding an explanation.

“While Verizon allows customers to affirmatively prohibit the sharing of information collected by these supercookies, it does not allow customers to remove the supercookies altogether, doing nothing to stop third parties from exploiting their existence,” the senators wrote in the letter. “Because of the threats to consumer privacy, AT&T wisely discontinued the use of similar mobile trackers, while Verizon has chosen to carry on.”

Also this month, the Electronic Frontier Foundation, a digital rights group in San Francisco, started a consumer petition asking federal agencies to penalize Verizon and Turn, a digital marketing software company that works with Verizon, for failing to fully disclose their tracking practices to consumers. More than 2,000 people have since signed the petition.

“The telecom giant did not properly disclose the nature of the tracking header,” the text of the petition said. “They do not allow customers to opt-out of the tracking, and their current explanation of its use is deceptive at best.”

But even if Verizon now allows subscribers to opt-out of having their online activities tracked using a unique customer code, that option may not satisfy privacy advocates who say consumers are unlikely to understand the implications of default tracking. Some say Verizon should have the feature turned off by default and require people to voluntarily switch it on.

“What they really should be doing is opt-in,” said Nate Cardozo, a staff lawyer at the Electronic Frontier Foundation.

But whether Verizon ultimately gives its subscribers the choice to opt out or opt in, cyber-security experts say Verizon will still have to grapple with a basic issue: how to prevent third parties from hijacking its unique customer codes for their own purposes.​