[on_]

The article just below it indicates users can opt-out but mobile tracking is such a big business I sm sure that if it actually is possible, it is not easy.

Anyone have good privacy resources for mobile/iOS. My phone security is nowhere near where it should be.

[bndw]

You can visit http://checkyourinfo.com to see all of the HTTP headers your device is sending in requests, including any your ISP may tack on.

Disclosure: I maintain the site

[Abundnce10]

Nice! I'm seeing an `X-Uidh` attribute in my request headers, is that the Verizon Zombie Cookie?

[bndw]

Looks like that's the one: http://www.verizonwireless.com/support/unique-identifier-hea...

[nandhp]

Not that I approve at all of what Verizon is doing, but apart from the item about opting out ("Verizon Wireless will stop inserting the UIDH after a customer opts out of the Relevant Mobile Advertising program"), this stands out:

They plan to (eventually) only send this to Verizon-owned (or contracted) servers. This has two roughly equivalent corollaries:

1. They don't need to use a header for this because they can trivially accomplish the same thing with a database of IP addresses.

2. They can trivially accomplish this with a database of active IP addresses, so it doesn't really matter if they use a header or not.

Incidentally, other ISPs do this too, but for more benign reasons because they don't (as far as I know) own an ad network: for example, T-Mobile automatically logs you in to My T-Mobile when you access it over 3G. Basically, if your ISP wants to track you, they will have no trouble with this (except to the extent that they can be stopped with SSL). You'll just have to switch ISPs, if possible.

[t0mas88]

Don't forget to turn off wifi if you want to see the identifiers your provider adds.

[shawkinaw]

I use http://lessonslearned.org/sniff . I check it reflexively every so often, as Verizon has at least once re-enabled the super cookie after I had disabled it. That site checks for cookies from other carriers as well.

[clort]

I find myself cynically wondering, if such a site becomes bothersome to those placing tracking cookies (and the site mentions articles in Wired), how long it would take before they would disable adding them for destinations known to be revealing it?

I guess it could be automated in a small way too, such that if the cookie was detected as being returned to the browser then the site gets flagged and it won't get it again.

Alternatively, only add the cookie when requesting pages from partner sites known to be tracking it.

[on_]

Super cool thanks. Still can't figure out why I can't connect to HN, but no tracking beacons which is nice.