Customers of some Telephone companies in Germany, including Vodafone and Deutsche Telekom, have had a slightly different browsing experience from those of other providers since the beginning of April. Instead of seeing ads through regular third-party tracking cookies stored on devices, they have been part of a trial period called TrustPid.
TrustPid allows mobile operators to generate pseudo-anonymous tokens based on a user’s IP address managed by a company also called TrustPid. Each user is assigned a different token for each participating site they visit, and these can be used to provide personalized product recommendations – but in which TrustPid calls “a secure and privacy-friendly way.” It’s the “privacy” part that has raised the critics’ hackles.
The Internet runs on advertisements: Digital ads worth a total of $ 189 billion was bought and sold last year, according to the Internet Advertising Bureau (IAB). But the ad industry’s dirty little not-so-secret is that it relies on intrusive monitoring of people’s online activities, and gathers their interests based on the sites they visit, what they post, and more.
For Vodafone, the company running the trial in Germany, TrustPid offers an alternative by allowing advertisers to gain value from customer insights, while allegedly also keeping these users’ data private. But does not everybody agree. Internet privacy experts have branded TrustPid a supercookie – a piece of technology that connects a bit of data to a user’s IP address and mobile phone number – and believes the lawsuit should be stopped and commercial plans shelved. They are particularly concerned about the way network operators record what is meant as a simple passage of communication data, to which they have unique access, in order to transform them into a targeted advertising platform. Deutsche Telekom did not respond to WIRED’s request for comment. Vodafone says the whole thing is a misunderstanding.
“Let me emphasize that the TrustPid service is not a super-cookie,” said Simon Poulter, senior head of corporate communications at Vodafone Group, which oversees the German lawsuit. Instead, the telecommunications company refers to the technology as being “based on digital tokens that do not contain any personally identifiable information.” Each token, says Poulter, has a limited lifespan of 90 days, which is specific to individual advertisers and publishers.
William Harmer, product manager at Vodafone, says the project is not a super-cookie because it does not use eavesdropping to build customer profiles, unlike the advertising technology once used by Verizon Wireless, which in 2016 became a fine of 1.35 million by the US Federal Communications Commission (FCC) for injecting supercookies into users’ mobile browser requests for two years without consent. ONE 2015 survey by digital civil rights nonprofit Access Now found that providers across 10 different countries used supercookies dating back to 2000. These negative headlines are the reason why Vodafone is pushing so fiercely back towards the supercookie designation.
Vodafone claims that TrustPid, which causes each partner site to generate a different token for the same user, reduces the likelihood of user data being triangulated across sites to create comprehensive user interest profiles – a major concern for Internet users who are tired of to be chased around the web by targeted ads. “The technology is built on a privacy-first design, and it complies with all GDPR requirements and related legislation,” says Poulter.