Vodafone & Deutsche Telekom recently started trials with Trustpid to reintroduce persistent user tracking.
Network operators are a vital part of transmitting data traffic on the internet. In this process, the data is sent largely untouched. This is about to change as Vodafone & Deutsche Telekom are tapping into ways to monetize these data streams.
They have recently started a trial to test new ways of marketing customer data together with Trustpid.
Although Vodafone claims there is nothing to worry about, privacy officials are especially concerned about the recent involvement of network operators. Privacy advocates call it the return of the "Super Cookie." If they are correct, this would be a massive step backward in creating an independent web where the privacy of internet users is respected.
- Persistent User tracking: How does it work?
- Why is Vodafone reinventing persistent user tracking?
- How privacy-friendly is this?
- How to avoid persistent user tracking?
- Final Thoughts
Let's dig in!
Persistent User tracking: How does it work?
It's supposed to work like this: Your activity online makes your device send an HTTP request. Network operators like Verizon or Vodafone facilitate the data transmitted by this request. Until now, these network operators did not interfere in the transmission and merely forwarded the data.
Verizon was the first provider to interfere with this data traffic by injecting an HTTP header (basically an identifier), and now Vodafone and Deutsche Telekom are testing something similar.
Trustpid super cookie explained
With TrustPid, Vodafone assigns a fixed ID to a user based on someone's phone number.
Through an API, website operators would then be able to call up this identifier to exactly see what websites this user has visited and create a profile to display targeted ads.
Why is Vodafone reinventing persistent user tracking?
Well, the internet runs on advertising. It's a multi-billion dollar industry that relies on mass surveillance. In recent years the playing field for user tracking has changed a lot for the better (although this depends through what lens you look at it).
GDPR is finally showing its teeth, and consumers demand more privacy. This has led to changes primarily driven by privacy concerns:
- Many web browsers block third-party cookies, and even Google Chrome is phasing out third-party cookies next year.
- Data protection agencies in EU member states have banned using Google Analytics (CNIL, France and DSB, Austria and Garante, Italy).
- Google is sunsetting Universal Analytics in favor of GA4.
Another big blow was Apple cracking down on user tracking, costing Facebook billions in revenue. They recently released the App Tracking Transparency (ATT) feature that asks if users want to be tracked when they open the app. Facebook announced that this move would cost them at least 10 billion in ad revenue.
It has become more challenging to monetize customer data, so the advertising market is looking for new solutions to tap into. They do not want to go back to non-personalized advertising, so they are pushing the frontier to see what's still possible. The Trustpid trial is an example of this.
The industry is losing the battle for third-party cookies, so they are now exploring different ways to get advertising IDs.
Vodafone not only wants to provide the advertising IDs but also manage who can access them. This way, network operators will play a central role in the advertising industry.
How privacy-friendly is this?
In 2016, Verizon received a fine of 1,35 million USD by the FCC for exactly doing this. Vodafone & Deutsche Telekom are doing things differently and claims the trial is privacy-friendly by design and in line with GDPR law.
In a reaction to Wired, Vodafone says that Trustpid is not a super cookie because it does not build customer profiles as Verizon did. Each partner website with access to the data generates a different token for the same user, reducing the likelihood of building a profile across multiple websites.
The Trustpid pilot is designed to be a game changer in the wake of more privacy measures that reduce the effectiveness of online advertising. According to Vodafone, Trustpid will give advertisers again the information they need while protecting personal data.
Not everyone agrees with the privacy-friendliness of this trial. Network operators are in a unique position. They can still link data traffic to a cell phone number even without cookies. This means that users can be tracked across websites, and there is not much you can do about it.
Even if these cell numbers were anonymized, a user profile could be built relatively easily if you connect all the metrics that are being collected. The anonymous identifier can be reassigned to a specific user when, for example, logging in on a website.
The fact that users are less in control raises concerns with privacy advocates. Cookie banners (unclear as they are) still put website visitors in control. In addition, network operators have always been 'just forwarders of data' and are now deliberately putting their trustworthy position at stake.
How to avoid persistent user tracking?
There are a few ways to avoid being tracked by the "Super Cookie." First, you can stop using Vodafone or Deutsche Telekom as your network operator. These are the only networks that are currently involved in the trial.
In addition, Apple is developing features to restrict network operators from intervening in the data traffic. This is called iCloud Private Relay, which ensures providers no longer have access by encrypting and redirecting the data via Apple's servers. Vodafone and Deutsche Telekom have already filed a complaint to the European Commission to stop Apple from doing this.
Another solution would be to use a VPN provider. Like the iCloud Privacy Relay, it will route the traffic encrypted to that one provider. Your network operator only sees that provider, not the websites you visit via the provider. We can recommend Proton VPN and Mozilla VPN based on their mission toward privacy. If you are a developer, you use Algo VPN, which you can install on your own server.
Whether you think persistent user tracking is good or bad depends on your perspective. Advertisers that are struggling to deal with privacy laws might view this as an alternative to third-party cookies.
However, at Simple Analytics, we believe this is a massive step in the wrong direction. We believe in creating an independent web that is friendly to website visitors. This is the reason why we built a privacy-first alternative to Google Analytics.
There is a reason why even Google Chrome is phasing out third-party cookies in 2023. It's because consumers demand privacy.
Privacy is a human right that should be treated as one. Trialing with persistent user trackers, where the effectiveness of consent is very questionable, to say the least, does not treat privacy as such.
We don't need a "new" tracking solution that pushes the edges of what is morally acceptable. We just need to figure out how to navigate our businesses with less tracking. We need to adopt a different mindset and figure out how to become independent of those data-crunching beasts.