10.09.2015

Report on the Rise of Mobile Tracking Headers ("supercookies") used by Telcos

Access, The Rise of Mobile Tracking Headers: How Telcos Around the World Are Threatening Your Privacy (pdf)
[...] To call attention to the practice and to better understand tracking headers, Access built a tool at Amibeingtracked.com that allows users to test their devices to see if they are being tracked. Since its launch in October 2014, more than 200,000 people from around the world have used the tool, and the results are startling. This report presents results of nearly 180,000 tests conducted in the first six months, along with our major findings about the use of tracking headers worldwide, and it provides our recommendations for governments, carriers, websites, intergovernmental bodies, and researchers.
From the Key Findings:
Carriers in 10 countries around the world, including Canada, China, India, Mexico, Morocco, Peru, the Netherlands, Spain, the United States, and Venezuela, are using tracking headers.
Users cannot block tracking headers, because they are injected by carriers out of reach 
at the network level. 
“Do not track” tools in web browsers do not block the tracking headers. 
Tracking headers can attach to the user even when roaming across international borders. 
Even if tracking headers are not used by the carrier itself to sell advertising, other firms 
can independently identify and use the tracking headers for advertising purposes.

What is a tracking header?
Although tracking headers are popularly called “supercookies,” “zombie cookies,” or “perma-cookies,” these terms are inaccurate. Cookies are injected locally and can be manipulated by end users in a web browser. Tracking headers are in fact not cookies at all because they are injected at the network level, out of the reach of the user. A more accurate term would be Carrier-Injected HTTP Header. For the sake of simplicity, and to avoid creating yet another acronym, we will refer to “Carrier-Injected HTTP Headers” as simply “tracking headers” throughout this report.