Report: Verizon Using Undeletable Super Cookies

LOS ANGELES — A recent report from the Electronic Frontier Foundation is casting light on Verizon’s new advertising program, which secretly installs undeletable super cookies on its client’s mobile devices.

The new ad program, called Precision Market Insights, is believed to have begun in 2012 — tracking all of the online activities of Verizon’s roughly 106 million customers — at least when they are accessing the Internet from mobile devices, such as smartphones and tablets — according to the EFF, which says that Verizon users might want to start looking for another provider.

“In an effort to better serve advertisers, Verizon Wireless has been silently modifying its users’ web traffic on its network to inject a cookie-like tracker,” the EFF report explains. “This tracker, included in [a web page’s] HTTP header called X-UIDH, is sent to every unencrypted website a Verizon customer visits from a mobile device, [allowing] third-party advertisers and websites to assemble a deep, permanent profile of visitors’ web browsing habits without their consent.”

The practice could have profound implications for affiliate marketers already contending with cookie term manipulation and “stuffing,” which has contributed to lower revenues for many adult affiliates.

For its part, Verizon says that Precision Market Insights provide addressable advertising solutions for agencies, brands and channel partners, by using the PrecisionID, “an anonymous unique device identifier, which can be used to reach the right audiences on mobile through demographic, interest and geographic targeting and enables advertisers to use their own data to reach target audiences on their mobile devices.”

Claiming that the technology is privacy-safe and accurate, Verizon says that the PrecisionID powers more impactful, data-driven marketing at scale and drives better ROI for its partners, eliminating campaign waste and inefficiencies, noting that “Together, we’re solving for the biggest challenges in mobile advertising.”

According to the EFF, Verizon’s system has privacy implications reaching far beyond the company’s own programs, as it allows others to find out about Verizon users’ online behavior.

“The X-UIDH header effectively reinvents the cookie, but does so in a way that is shockingly insecure and dangerous to your privacy,” the report explains. “Worse still, Verizon doesn’t let users turn off this ‘feature,’” the report adds. “In fact, it functions even if you use a private browsing mode or clear your cookies.”

Unlike traditional cookies, Verizon’s header is nearly invisible to users and cannot be seen or changed in an affected device’s browser settings, remaining unchanged If a user clears their cookies. Worse yet, the report notes, is that advertising networks are able to immediately assign new cookies — linking them to the cleared cookies using the unchanged X-UIDH value.

The X-UIDH header reportedly bypasses several other browser privacy mechanisms, compounding the problem by affecting more than just web browsers, but mobile apps as well, correlating a user’s app behavior with their behavior on the web — something that is  difficult or impossible without this header.

Since the header is injected at the network level, the serious security implications are not only limited to Verizon customers — as the company can add the header to any traffic using its towers. These unique X-UIDH headers reportedly help eavesdroppers by making it easy for them to tie traffic to individual users, beyond what is possible using only IP addresses.

The EFF report notes that the best protection against this specific problem is to use a VPN that encrypts all requests made from phones, regardless of whether they were made by an app or a browser. Next up is the use of an encrypted proxy — while the use of HTTPS, often considered the best protection against many problems, is reportedly among the least effective in this case.

“The header cannot be injected into an HTTPS request,” the report states, “but since websites choose whether [or not] to offer HTTPS, a site that wants to track users can simply avoid HTTPS and get the tracking headers.”

The EFF supports a fully encrypted Internet, but explains that X-UIDH headers are a strong disincentive against adopting HTTPS if websites and advertisers wish to track their users.

“ISPs like Verizon act as trusted connectors to the world, and shouldn’t be modifying our communications on their way to the Internet,” the EFF report concludes. “People should not be required to subscribe to a VPN and put their trust in a third party in order to get a modicum of privacy on the Internet.”

To test whether or not the header is injected in into your traffic, visit LessonsLearned.org/sniff or AmIBeingTracked.com, using a cellular data connection.

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

AV in Focus: A Guide to Unlocking Compliance With Clarity

The age verification era isn’t coming — it’s here. Laws are already on the books in numerous U.S. states, as well as in the U.K., France and beyond.

Canadian Privacy Commissioner Endorses National AV Bill

Philippe Dufresne, privacy commissioner of Canada, has voiced support for a bill that would impose fines of up to $500,000 on adult sites that do not implement age verification for Canadian viewers.

Ricky Johnson Launches 'Ricky's Resort' Through YourPaysitePartner

Ricky's Room studio honcho Ricky Johnson has launched his latest site, RickysResort.com, through YourPaysitePartner (YPP).

Industry Attorney Paul Cambria Retires After 50 Years of Practicing Law

After more than a half-century in practice, during which he provided the defense in some of the adult industry's most notable legal cases, attorney Paul Cambria has retired.

2026 XMA Nominations Party Set for Nov. 19 in Hollywood

The 2026 XMA nominations reveal party will take place at Keys on the Sunset Strip on Wednesday, Nov. 19, with red-carpet arrivals starting at 8 p.m.

New VR Membership Site 'DeepInSex.com' Launches

The new 8K VR membership site DeepInSex has officially launched.

NATS Launches Integrated Content Management System

Too Much Media (TMM) has rolled out an integrated, no-charge Content Management System (CMS) to its NATS platform.

AEBN Reveals Avery Lust as Top Trans Star for Q3 of 2025

AEBN has published its top trans stars list for the third quarter of 2025, with Avery Lust landing atop the leaderboard.

FSC: California's Device-Based AV Law Does Not Apply to Adult

The Free Speech Coalition (FSC) put out an advisory today explaining that California's new device-based age verification law does not apply to adult websites.

Reena Sky Launches New Paysite

Reena Sky has launched her new official paysite, ILoveReenaSky.com.

Show More