Verizon Fined for Secretive Use of 'Super Cookies'

John Lister's picture

Verizon has agreed to pay a fine of $1.35 million for its use of controversial "super cookies." The files, which are solely used to track its own users, were set up in a way that made them difficult if not impossible to delete.

Cookies are small text files placed on a user's computer by a website. In many cases, cookies have a perfectly legitimate use of identifying a visitor, even if the site doesn't have a login or registration system. Examples of such user might include a weather site automatically delivering a forecast for the user's preferred location, or a sports site displaying stories about the user's preferred football team.

Tracker Cookies Often Controversial

Cookies are also widely used in online advertising to deliver relevant and targeted ads from both the site and third parties, such as Google's ad network based on the user's activity. For example, without cookies, a golf website might simply display ads for golf courses. With cookies, a user who spends a lot of their time on the site looking at putter reviews might start seeing ads for putters, even when they are on other sites.

Using cookies in this manner can be controversial, particularly when a cookie from a specific site is used to track the user's activity elsewhere; this is especially true if it's for the sole purpose of advertising. One of the big limitations on such use is that users can delete cookies, either for a specific site or for all sites, in their web browser settings.

Super Cookies Couldn't Be Deleted

The problem was that in December 2012, Verizon started using so-called "super cookies" on sites visited by its mobile customers. These couldn't be deleted, and thus would persist even if user's had intentionally cleared their browsers of cookies or specifically blocked Verizon cookies.

It wasn't until March 2015 that Verizon publicly revealed to customers that it was tracking its users using super cookies. (Source: fcc.gov) The Federal Communications Commission (FCC) says this breached rules that require companies to be open with customers about how they collect and handle data. As part of the settlement, Verizon will have to be clear about its use of super cookies in future.

The settlement doesn't mean Verizon has to delete any of the data it gathered in this way, but it will have to contact the customers affected and ask if they are happy for it to be used. The precise wording of the settlement means Verizon can use this data itself, at least until a customer asks it not to do so. However, Verizon will not be allowed to pass the data on to anyone else, such as advertisers, unless the customer actively opts in to give their permission for this use. (Source: washingtonpost.com)

What's Your Opinon?

Is the settlement a harsh enough penalty? Should Verizon be made to delete all the data it gathered with "super cookies"? Is there a limit on how much data websites should collect about users, or should anything go as long as users can give informed consent?

Rate this article: 
Average: 5 (3 votes)

Comments

Dennis Faas's picture

I'm sure that Super cookies will soon be the de-facto standard for tracking users (if it isn't already), as the money to be made from advertising will far outweigh the cons. In this case, Verizon probably made all of its money back, compared to the light slap on the wrist it received from the FCC. I would not be surprised to find out if the government is already using some form of super cookie to track everyone online.

Phil's picture

I read the article carefully, looking for the statement that Verizon would have to give users the ability to delete these "super cookies."

Nothing. If this is an accurate description of the settlement, the settlement is only *half* of "a mess of pottage."

Syscob Support's picture

Why shouldn't Verizon, and others, get away with applying the “Microsoft Philosophy”?

With Windows 10 Microsoft no longer asks permission to modify your PC, no longer allows updates to not be applied and acts as if users must abide by an EULA which can be altered at MS' whim after the fact—despite a contract not being valid unless BOTH parties agree to it. So why shouldn't every other company and advertiser ignore the law and users rights?