Site   Web

March 9, 2016

Verizon-FCC Settlement Does Not Apply to Verizon’s Tracking of its AOL Customers

Verizon image
Verizon image

By Julia Angwin, ProPublica

Verizon agreed to pay $1.35 million to settle Federal Communications Commission charges that it violated customers’ privacy when it used a hidden undeletable number to track cellphone users.

In the settlement, Verizon also agreed to make its unkillable “zombie” cookie opt-in, meaning that users are not tracked by default. Previously, users had been tracked by default unless they opted out.

However, the settlement does not apply to Verizon’s tracking of its customers who visit the 40 percent of websites that use AOL’s ad network. That is because Verizon owns AOL, and therefore it is not considered a third party that requires opt-in.

That means that unless Verizon users opt out, they can still be identified when they use their smartphone or tablet to browse Web pages containing AOL’s tracking code.

The Verizon controversy dates back to the fall of 2014, when a flurry of news outlets, including Wired and ProPublica, reported that Verizon and AT&T were attaching tracking numbers to their subscribers’ Internet activity, even when users opted out.

The tracking numbers could be used by websites to build a dossier about a person’s behavior on mobile devices 2014 including which apps they use, what sites they visit and for how long.

Soon after, AT&T stopped using the controversial identifiers. But Verizon said it would keep using them 2014 and assured users on its website that “it is unlikely that sites and ad entities will attempt to build customer profiles” using its identifiers.

In January of 2015, ProPublica reported that an online advertising company was doing just what Verizon had promised wouldn’t happen. A company called Turn was using Verizon’s identifier to respawn tracking cookies that users had deleted. ProPublica dubbed the unkillable identifier a “zombie cookie.”

Two days later, Turn said it would stop using the zombie cookie. And a few weeks later, Verizon also reversed course, and said users could now kill the previously unkillable cookie – but users still had to go in and fiddle with their privacy settings.

In October, Verizon said it would give the zombie cookie a new life as a way to boost the tracking abilities of its AOL subsidiary.

The new settlement is the latest sign that the FCC is stepping up privacy enforcement actions. The FCC chairman has said that the agency will soon propose new privacy rules for Internet providers.

In the Verizon case, the agency alleged that the company’s actions violated the privacy protections of the Communications Act. It also said Verizon violated the commission’s Open Internet rules, which requires telecommunications carriers to be transparent about the use of their customer’s proprietary information, and to only use to provide services.

Verizon spokeswoman Adria Tomaszewski said that the FCC order would not change the company’s current practices because it had already stopped using the super-cookie in all cases except sharing with its AOL network.

“Over the past year, we have made several changes to our advertising programs that have provided consumers with even more options,” Tomaszewski said. “Today’s settlement with the FCC recognizes that.”

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


avatar

Julia Angwin is a senior reporter at ProPublica. From 2000 to 2013, she was a reporter at The Wall Street Journal, where she led a privacy investigative team that was a finalist for a Pulitzer Prize in Explanatory Reporting in 2011 and won a Gerald Loeb Award in 2010.

One Response to “Verizon-FCC Settlement Does Not Apply to Verizon’s Tracking of its AOL Customers

    avatar Cassie says:

    I can’t believe they actually did it… Verizon actually managed to provide yet another reason not to use their service! I didn’t think it was possible. As if their exorbitant monthly costs weren’t enough already…

Submit a Comment

Your email address will not be published. Required fields are marked *






You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 3,601,153 bad guys.

css.php