These are turbulent times for online privacy advocates. Close on the heels of the shock revelation that global FOTA software provider ADUPS had been secretly collecting user data from millions of Android smartphone owners, comes the news that Redwood City, California-based online ad-server Turn Inc. has settled out-of-court in a long-standing case with the Federal Trade Commission. In settling without an admission of guilt, Turn has agreed to provide internet users with information about its tracking habits and policies when it serves advertisements either on browsers or within apps. The company was accused of tracking users even when they had disabled cookies and opted out of targeted advertising services. The firm is believed to have been using Verizon’s infamous "supercookies", for which the carrier was fined $1.35 million by the FCC earlier this year.
According to the FTC’s announcement, Turn will now have to provide an “effective” mechanism to opt-out of tracking altogether, in case users do not want their browsing habits tracked by third-parties for advertising or any other purposes. The company will also have to place a “prominent” hyperlink on its home page to take users to a page that discloses all details about what information the company collects and disseminates to third-parties and for what purposes. Turn, on its part, has released a statement, claiming that it has been in complete compliance with FCC requirements since mid-2015, which is when the whole issue with Verizon’s errant supercookies came to a head. According to the statement, the company takes its “obligations regarding consumer privacy very seriously” and “complies with applicable law and industry standards and regulations”.
In case you’ve been wondering about Verizon’s supercookie and how the technology signifies a clear and present danger to unsuspecting internet users, the Electronic Frontier Foundation (EFF) described Verizon’s controversial tracking methodology as a “cookie-like tracker” that used to be injected in an HTTP header called X-UIDH and sent to every unencrypted website people visited through their Verizon connection. Not only did it allow big red to expand its advertising programs at the cost of its unsuspecting subscribers, but more worryingly, it also potentially allowed unscrupulous third-party advertisers and websites to build up a permanent profile of peoples' web browsing habits without them having an inkling of what’s going on.