Swordsmyth
Member
- Joined
- Apr 14, 2016
- Messages
- 74,737
You may remember that last year, Verizon (which owns Oath, which owns TechCrunch) was punished by the FCC for injecting information into its subscribers' traffic that allowed them to be tracked without their consent. That practice appears to be alive and well despite being disallowed in a ruling last March: companies appear to be able to request your number, location, and other details from your mobile provider quite easily.
The possibility was discovered by Philip Neustrom, co-founder of Shotwell Labs, who documented it in a blog post earlier this week. He found a pair of websites which, if visited from a mobile data connection, report back in no time with numerous details: full name, billing zip code, current location (as inferred from cell tower data), and more. (Others found the same thing with slightly different results depending on carrier, but the demo sites were taken down before I could try it myself.)
It appears to be similar to the Unique Identifier Header used by Verizon. The UIDH was appended to HTTP requests made by Verizon customers, allowing websites they visited to see their location, billing data and so on (if they paid Verizon for the privilege, naturally). The practice, in common use by carriers for a decade or more, was highlighted in the last few years and eventually the FCC required Verizon (and by extension other mobile providers) to get positive consent before implementing.
More at: https://finance.yahoo.com/news/mobile-phone-companies-appear-providing-200442024.html
The possibility was discovered by Philip Neustrom, co-founder of Shotwell Labs, who documented it in a blog post earlier this week. He found a pair of websites which, if visited from a mobile data connection, report back in no time with numerous details: full name, billing zip code, current location (as inferred from cell tower data), and more. (Others found the same thing with slightly different results depending on carrier, but the demo sites were taken down before I could try it myself.)
It appears to be similar to the Unique Identifier Header used by Verizon. The UIDH was appended to HTTP requests made by Verizon customers, allowing websites they visited to see their location, billing data and so on (if they paid Verizon for the privilege, naturally). The practice, in common use by carriers for a decade or more, was highlighted in the last few years and eventually the FCC required Verizon (and by extension other mobile providers) to get positive consent before implementing.
More at: https://finance.yahoo.com/news/mobile-phone-companies-appear-providing-200442024.html
