Google and Facebook are not the only companies tracking your online activities to customize ads. Verizon Wireless has recently come under fire from privacy advocates for running a similar program on its cellular network.
Verizon quietly started its ad-targeting program two years ago and this year teamed up with other data management and advertising companies. Late last month, Jacob Hoffman-Andrews of the Electronic Frontier Foundation noticed the program and sounded the alarm.
“Verizon users might want to start looking for another provider,” he wrote in a blog post on Monday about the program, which involves injecting a header containing a unique, anonymous identifier into a Verizon Wireless user’s request for a web page. “Indeed, while we’re concerned about Verizon’s own use of the header, we’re even more worried about what it allows others to find out about Verizon users.”
Verizon’s ad-targeting method groups these identifiers into different buckets of demographics and interests, so if a website is looking to serve certain ads to a specific type of customer, it will look for those buckets and serve up those ads.
Here’s the kicker: Even though Verizon allows users to opt out of the program by calling a phone number or changing their privacy settings, Verizon keeps tacking an identifier onto the customer’s web browsing for “other authentication purposes,” such as logging in to Verizon’s apps, according to the company.
A Verizon spokeswoman declined to comment but pointed to a company document explaining its marketing program. In the document, Verizon says it frequently changes the anonymous identifier to protect customer privacy. The company adds that it is unlikely that websites and ad companies could create profiles on customers, because the identifiers change often.
The Electronic Frontier Foundation says it is concerned that Verizon could be violating a federal law requiring phone companies to keep customer data confidential. In September, Verizon agreed to a $7.4 million settlement with the Federal Communications Commission, which found that Verizon’s landline business had failed to inform two million customers of their privacy rights, including the ability to opt out of marketing programs.
Mr. Hoffman-Andrews said in an interview that he was concerned about what marketing companies and government agencies like the National Security Agency could do with these web-browsing identifiers. They could stitch together someone’s anonymous identifier with web cookies to create a detailed profile that follows the person’s web-browsing activities, even after Verizon generates a new anonymous identifier for the user, he said.
Verizon is not alone in its effort to expand into mobile marketing. AT&T acknowledged that it was testing a similar program, which involved inserting a numeric code into a user’s web requests. This code would change every 24 hours, and if AT&T goes forward with the program, it will allow users to opt out completely, meaning the identifier would stop being inserted altogether, according to Emily Edmonds, a director of corporate communications for AT&T.
“Many different companies use advertising identifiers today, including handset and operating system manufacturers,” Ms. Edmonds said in a statement. “We believe that we would be providing industry-leading privacy protections.”
The Electronic Frontier Foundation said it was weighing its options for taking action against Verizon. It could file a complaint with the F.C.C., file a class-action complaint or ask state attorneys general to investigate the matter.