Verizon told the New York Times on Friday that it plans to begin allowing its customers to opt out of its privacy-invasive header injection program. For customers that are aware of the Verizon program and visit the opt-out page, this means they will soon be able to protect themselves against privacy circumvention like Turn's zombie cookie.
Verizon's move to begin allowing opt-out comes after more than 2,600 of you signed our petition urging the FCC to investigate Verizon's practices. It also comes just one day after Senators on the the Commerce Committee sent a strongly-worded letter to Verizon Wireless [pdf] expressing "deep concern" over Verizon's continued practice of injecting UIDH headers into all Web traffic. This letter follows recent news that the header, which acts as a supercookie, was being abused by Verizon's own advertising partner Turn to resurrect cookies that people had deleted from their browsers. These "zombie cookies" are similar to Quantcast's 2009 Flash-based zombie cookie program, which ended with a settlement that included an agreement not to "counteract any computer user's decision to either prevent or delete HTTP cookies" using the technology.
The Commerce Committee said in their letter to Verizon, "While we understand that Turn has suspended its utilization of Verizon's supercookies, such a practice, if true, would seemingly constitute a deliberate circumvention of customer choice and a violation of consumer privacy." They went on to say, "Because of the threats to consumer privacy, AT&T wisely discontinued the use of similar mobile trackers, while Verizon has chosen to carry on," and ask, "Does Verizon intend to continue the use of its mobile tracker?" Unfortunately, Verizon's answer is yes, but with an opt out.
The new opt out plan is an improvement, and we congratulate Verizon on working to undo some of the privacy harm its header program has caused. However, the current plan doesn't go nearly far enough to fix the problem. The millions of Verizon customers who are unaware of the tracking header and their new ability to opt-out are still exposed to the risk of zombie cookies from firms less visible than Turn. Customers who assume their mobile OS' tracking opt-out or their browser's privacy modes will be respected by Verizon are also still vulnerable.
Verizon's program is part of a trend among network providers: header injection (called "header enrichment" by industry) and content injection. With modern processing speeds, it has become practical and affordable for ISPs to inspect and modify every byte of traffic that flows across their routers. This has led to a burgeoning industry of commercial interception gear. ISPs use these "middleboxes" to achieve greater control of what their customers read and see. In mobile industry parlance, such "Value Added Services" include tracking header injection like Verizon's, advertisement injection like Comcast's, and fine-grained blocking of specific web pages. Verizon and other ISPs need to recognize the extreme intrusiveness of these network tampering measures and treat all header injection, advertising injection, and content filtering as requiring explicit customer choice.
Tell Verizon to follow AT&T's lead and discontinue its header injection program—or at a minimum, make it opt-in.Related Issues: Content BlockingPrivacyDo Not Track
Share this: || Join EFF
Between all the Super Bowl football action yesterday, one commercial seemed to have caught a lot of people's attention: to promote its smallest SUV, Jeep showed images of it all over the country, then the world, to the tune of Woody Guthrie's "This Land Is Your Land."
One reason people are discussing it is because appearing in a commercial would seem to run against the late Guthrie's values. Would Guthrie have ever allowed the song to be licensed to Jeep, and for a Super Bowl commercial?
The answer is that nobody had to license it. Ten years ago, EFF set out to defend an online political parody set to "This Land Is Your Land," by arguing that it was a fair use. Instead, we discovered through the course of litigation the song actually entered the public domain in 1973, and today there are no restrictions on its use. That means that organizers that share Guthrie's politics—and yes, companies like Jeep—are equally free to use the song.1
Of course, even when his songs were restricted by copyright, Guthrie was famously permissive. Just look at his Copyright Warning from the 1940s:
This song is Copyrighted in U.S., under Seal of Copyright # 154085, for a period of 28 years, and anybody caught singin it without our permission, will be mighty good friends of ourn, cause we don’t give a dern. Publish it. Write it. Sing it. Swing to it. Yodel it. We wrote it, that’s all we wanted to do.
Given the duration of copyright terms and the control many artists and publishers try to exert, it can seem like any use is an endorsement. But Woody Guthrie preached the value of sharing freely—and when it came to his music he practiced it, too.
- 1. There are a few caveats here. For one, this recording of the song needs to be licensed. For another, our client settled its case after we made the public domain discovery. Even though we documented the timeline by which the song entered the public domain, it's possible that the publisher Ludlow Music still requests—and receives—licensing fees. Finally, there are a few variations of the composition, and some may still have copyright restrictions.
Share this: || Join EFF