Customers of some telephone companies in Germany, including Vodafone and Deutsche Telekom, have had a slightly different browsing experience than other carriers since early April. Instead of seeing ads through regular third-party tracking cookies stored on devices, they’ve been part of a trial called TrustPid.
TrustPid allows mobile carriers to generate pseudo-anonymous tokens based on a user’s IP address that are managed by a company also called TrustPid. Each user is assigned a different token for each participating website they visit, and these can be used to provide personalized product recommendations, but in which TrustPid calls “a safe and privacy-friendly way.” It’s that “privacy-friendly” part that has raised the hairs of critics.
The internet runs on advertisements: Digital Ads Totaling $189 Billion were bought and sold last year, according to the Internet Advertising Bureau (IAB). But the dirty, not-so-secret about the ad industry is that it relies on intrusive monitoring of people’s online activities, pooling their interests based on the websites they visit, what they post, and more.
For Vodafone, the company conducting the trial in Germany, TrustPid offers an alternative by enabling advertisers to extract value from customer insights while keeping those users’ data private. But not everybody agree† Internet privacy experts have labeled TrustPid a supercookie — a piece of technology that links a crumb of data to a user’s IP address and mobile phone number — and believe that the trial should be halted and commercial plans suspended. They are particularly concerned about how network operators are co-opting what is meant to be a simple passage of communication data, which they have unique access to, to turn it into a targeted advertising platform. Deutsche Telekom did not respond to WIRED’s request for comment. Vodafone says it’s all a misunderstanding.
“Let me emphasize that the TrustPid service is not a supercookie,” said Simon Poulter, senior manager of corporate communications at Vodafone Group, who oversees the German trial. Instead, the telco refers to the technology as being “based on digital tokens that contain no personally identifiable information.” Each token, Poulter says, has a limited life of 90 days that is specific to individual advertisers and publishers.
William Harmer, product lead at Vodafone, says the project isn’t a supercookie because it doesn’t use data interception to build customer profiles, unlike the ad technology once used by Verizon Wireless, which launched in 2016. fine of $1.35 million by the US Federal Communications Commission (FCC) for injecting supercookies into users’ mobile browser requests for two years without consent. A 2015 research by digital civil rights nonprofit Access Now found that carriers in 10 different countries used supercookies dating back to 2000. Those negative headlines are why Vodafone is pushing back so vehemently against the supercookie designation.
Vodafone claims that TrustPid, where each partner website generates a different token for the same user, reduces the chances of user data being triangulated across websites to create comprehensive profiles of user interests – a major concern for internet users tired of being chased across the web by targeted ads. “The technology is built with a privacy-first design and complies with all GDPR requirements and related legislation,” said Poulter.
