Jacob Hoffman-Andrews writes:
Julia Angwin reported late Thursday that AT&T is dropping their tracking supercookie program. This comes in the wake of massive customer pressure over the discovery that AT&T and Verizon were quietly inserting unique tracking identifiers in their customers’ web browsing and app data, by means of an HTTP header. The tracking identifiers quickly became known as “supercookies” because they enable tracking, like cookies, but cannot be removed.
AT&T told Angwin that the header program “has been phased off our network.” Security researcher Kenn White, who operates a site to check whether a carrier inserts the header, partially confirmed the report. White said “it’s not zero, but as a relative proportion, down over 90% and falling.” At least one person found that AT&T is still sending the header, so it’s important that AT&T do a full review of their network to ensure the phase-out is truly complete. Angwin also reports that Verizon is continuing its tracking program. EFF’s own tests so far confirm the tracking header is now absent from accounts that were previously subject to header injection.
Read more on EFF.