AT&T Stops Using Controversial Tracking Codes but Smartphone Carriers Aren’t Done Yet

Screen Shot 2014-11-21 at 9.39.40 AMBy Julie Liu

Several weeks ago, researchers made the disturbing discovery that smartphone carriers AT&T and Verizon have been using hidden codes to track users’ network activity. AT&T has since put this practice on hold, but Verizon does not apparently plan to follow suit.

Use of tracking technology is not itself a new phenomenon. Location tracking, which allows law enforcement agencies to collect information about individuals, has been around for a while. Similarly, Facebook, Google, and other large web companies that compile and sell user data to advertisers have long since adopted the practice of monitoring online activity. Verizon reportedly undertook the tracking program at issue in 2012, but it was not until late last month that this type of tracking activity by carriers received widespread attention.

As a means of collecting user data to offer to advertisers, AT&T and Verizon insert unique tracking codes into users’ Internet activity. The codes, which can be thought of as “supercookies,” operate as temporary IDs which are sent to every unencrypted website that a user visits from his or her mobile device. In this fashion, AT&T and Verizon can monitor each person’s app usage and site visits, which allows advertisers to better tailor ads to individuals. The practice essentially creates a permanent and highly personalized profile for each user. Continue reading

“Disappearing Forever” Too Good to be True? Snapchat Reaches Settlement with FTC

ImageBy Chris Ferrell

On May 8th, the Federal Trade Commission (“FTC”) announced that Snapchat, a mobile application company, had agreed to settle with the FTC over several charges, including deceptive advertising, failure to maintain security features, and collecting data from application users. The FTC alleged that Snapchat deceived users by claiming that their “snaps” (which are pictures users take with their cell phones and send to other users) would “disappear forever” after being viewed. According to Snapchat, users send 400 million photos and videos per day. However, recipients of a snap can save the snap in different ways, including: taking a “screen shot” of the picture, downloading the picture as original content, or, at the extreme, hacking into different Snapchat users’ accounts and stealing their photos. We’ve previously covered the legal ramifications of taking a screenshot of snaps in the context of revenge porn.

The FTC further alleged that Snapchat’s failure to secure its “Find Friends” feature resulted in a security breach that enabled attackers to compile a database of 4.6 million Snapchat usernames and phone numbers. Snapchat also allegedly took contacts from Apple iOS users’ address books, as well as geolocation information from people using Android-based phones. Snapchat does not have to pay a fine, but, under the settlement, it is prohibited from misrepresenting the extent to which it maintains the privacy and security of users’ information. Snapchat must also implement a comprehensive privacy program that will be monitored by a third-party privacy group for the next 20 years. Although Snapchat claims to have already addressed the FTC’s concerns by “improving the wording of their privacy policy” and implementing security counter measures, is that enough to allow applications like Snapchat to continue to exist? Continue reading