At least nine telecommunication companies around the world use so-called super cookies to secretly monitor their customers' online behavior, according to a new study.
Super cookies impose a unique token for each subscriber being injected into each HTTP request that is made over a mobile telephony network of a telecommunications company.
Cannot be removed by the user: allows ad networks and media publishers to track users across the Internetnetwork, even if they delete their cookies.
Super Cookies allow networks to create profiles that include user habits, so they can serve targeted ads while phone companies receive their rates.
After a six-month research by the Digital Rights Group, Access has shown that overseas telephone companies use super-cookie techniques.
The Access activist group even created a website called Amibeingtracked.com, and tracking visits from 180.000 Internet users. The team found that 15,3% of visitors had tracking headers installed on their mobile phones by sales companies in Canada, China, India, Mexico, Morocco, the Netherlands, Peru, Spain, the USA and Venezuela.
Verizon, the AT&T, Bell Canada, η Bharti Airtel, η Cricket, η Telefonica de España, η Viettel Peru S.a.c., η Vodafone NL, and Vodafone Spain all used Super Cookies technology.
The samples collected from the website showed a large degree of variation about what data are collected and transferred using the technique. Some telephone companies encrypt the header information, but some still send the data in plain text. In some cases, even the user's phone number is included.
"Not all organizations monitor their users, and those who respect privacy deserve our support," the study said.PDF].
The only way to stop this data leakage is to limit your web browsing to only websites that use HTTPS which is currently impossible.
