AmIBeingTracked: Frequently Asked Questions

Home
Go Back

What is a UID header?

UIDH stands for “Unique Identifier Header.” When you visit a website on your phone or your computer, you typically send certain information to the website provider identifying your IP address, the software you’re using to browse the web, and more.

UIDH’s are “perma-cookies” that some mobile carriers inject into the information you’re sending when you surf the web. Mobile carriers use these unique identifiers to track the websites you visit, sometimes to share that data with third parties and other times for unknown reasons. Normal cookies allow users to maintain control, while perma-cookies are injected beyond reach, out of control of the user.

Why is this bad?

Privacy is a human right, recognized by the United Nations and protected in countries around the world, and privacy is essential to the exercise of most online activities, whether it’s e-banking, researching health problems, or organizing for change.

The use of these headers can violate this most fundamental right. We do not know how the data is shared with third parties, and often users don’t know that they’ve agreed to allow such behavior. There is also the possibility that criminals and other malicious attackers could take advantage of the header to track your online activity and invade your privacy.

Are UID headers only used on mobile phones?

UID headers can be injected on any unencrypted connection to the internet, whether you are using a mobile phone, a Kindle, a laptop or a tablet such as an iPad.

The Amibeingtracked test said that I was not using 3G or LTE.

The test is designed to detect 3G or LTE connections. You must turn off your Wifi for the test to work.

The Amibeingtracked test said it does not recognize my carrier. Why?

Our test works with perma-cookies that we have identified through our research. Your carrier may be using a new header. When we identify a new header, we incorporate it into the tool as soon as we can.

What carriers have been shown to be tracking their users with UIDH headers?

We will be releasing the full list of carriers in the future.

What countries have carriers which are tracking their users with UIDH headers?

We will be releasing the full list of countries in the future.

Can my provider track me if I’m using an SSL connection?

HTTPS sites use Secure Socket Layer encryption (SSL) which, in addition to helping to secure your online communications, prevent the UID header from being injected. The UID tracker mechanism is not effective in HTTPS connections. Unfortunately, millions of sites on the internet do not use SSL protection.

What data does Access collect with this test?

Our test examines whether your carrier inserts a UID header into your web traffic. The test gathers connection data, including the name of your mobile carrier, your mobile IP address, the country your request originates from, and HTTP header values. After our test, we transfer the results of the test to data servers located in Latin America and scrub your personal identifying information.

How does Access use the data?

We use this scrubbed data to analyze the results over time. We intend to issue a report on the results of this data. We also intend to release your scrubbed data to academic researchers. Your personal information will never be shared with third parties. The Access Privacy Policy covers this website and the test.

Does Access do anything else with my private information?

We strongly believe in protecting our users and fight for opting-in. You can read our organizational Privacy Policy here.

How did Access come up with this idea?

We were first alerted to this issue by researcher Kenn White.

What is Access, anyway?

Access defends and extends the digital rights of users at risk around the world. By combining innovative policy, user engagement, and direct technical support, we fight for open and secure communications for all. You can find out more at https://accessnow.org.

How do I stay informed about this campaign?

The best way is to sign up for Access’ newsletter, the Access Express. We keep our members informed about the latest news in digital rights--including this campaign.

Go Back



Check out our newly released report The Rise of Mobile TrackingHeaders: How Telcos Around the World Are Threatening Your Privacy.

Media coverage: Wall Street Journal, National Journal, Medianama, India Today, Wired, The Register, Techdirt, Vice: Motherboard, RCR Wireless News, Security Lab, Dutch News, Network World, Lava Soft, Help Net Security, Hipertextual, Version 2, Mename, Tech Republic, Globb Security, Observer

If you have any questions, or are a researcher and would like to carry on this work, please contact info@accessnow.org.