Like the Walking Dead lurching across your TV screen, Verizon's "zombie cookies" never give up. These hard-to-kill bits of code that track your mobile surfing habits are about to be shared with Verizon's newest acquisition, AOL, and that means additional advertisers will learn even more about you.
Beginning in November, if you access the Web via Verizon’'s network, data on "your gender, age range and interests," (according to a Verizon FAQ page on its Relevant Mobile Advertising program) will be pushed to AOL's extensive network of advertisers.
Unless you opt out, you're an unwitting participant in the program, which is meant to deliver ads tailored to your interests or shopping habits. Verizon has used these tracking identifiers for some time, but by sharing data with AOL, the cookies will be used on many more sites.
Verizon customers can't kill zombie cookies
It's easy to find things to dislike about the program, but first a bit of context.
Verizon's cookies aren't really cookies. If they were, you could simply block them. They are actually streams of data known as a tokens, or Unique Identifier Headers, that Verizon inserts in the path of your browser when you visit websites with devices that are connected to the Verizon network. Cookie blockers won't stop them, and using private browsing modes also doesn't stop the data transfer, Verizon says.
The information contained in the tokens does not actually identify the people who are browsing, according to Verizon. Instead, it reportedly identifies their phones. Verizon also says you can opt out by either logging into your Verizon account or by calling 1-866-211-0874.
However, the opt-out doesn't always work, or at least it takes some time to kick in. I opted out on Friday, and when I went to a test site called AmIBeingTracked.com a few days later I was still being tracked. I asked Verizon for an explanation and will update this post when I get one.
Why you should worry about zombie cookies
So what's the big deal? Seeing ads tailored to you isn't really a major issue. But the privacy implications are serious.
The tokens Verizon passes to advertisers are not encrypted, according to Yehuda Lindell, chief scientist of Dyadic Security, an Israeli security firm. If they're intercepted, the information is there to be read. Advertisers that receive tokens won't be able to link the information to specific users, but Verizon can, because the carrier has detailed information on its customers, Lindell says. Even if we assume that Verizon won't do anything untoward with the information, its network could be hacked, and the unencrypted data could fall into the wrong hands, according to Lindell.