Verizon PermaCookies Cannot Penetrate ssRwd™ HSTS Security

Verizon PermaCookies Cannot Penetrate ssRwd™ HSTS Security

Some say the deadly Ebola virus is unstoppable and the privacy-killing UID your ISP may be injecting into your web traffic is unblockable but a Miami web development firm just verified its antidote for one of them.

South Florida-based HTML5/CSS3 mobile web app, secure eCommerce/WordPress website design and jQuery/PHP web development firm WebFL.US recently validated and today announced that business website owners interested in protecting their site visitors from privacy invasion and their customer information exchanges and transactions from unauthorized snooping, personal/financial information collection and smartphone/online activity tracking can rely on their trademarked speedy secure responsive web design methodology ssRwd™ to permanently prevent the permacookies and undo the unoptoutability of the unique identifiers that might be injected into their HTTP headers by Verizon, ATT/AT&T and other Internet service providers large and small.

Earlier this week Wired.com disclosed that “Verizon Wireless has been subtly altering the web traffic of its wireless customers for the past two years, inserting a string of about 50 letters, numbers, and characters into data flowing between these customers and the websites they visit.” Soon after Forbes.com revealed that ATT/AT&T and other ISPs are engaging in similar activities, quoting security consultant Kenn White as saying: “In AT&T’s case, the code has four parts; only one part changes… It’s like if you were identified by a birth month, a birth year, a birth day, and a zip code, and they remove one of those things… You’d still be able to reasonably track that person with the other three.”

Using those Unique Identifier Headers (UIDHs), ISPs are able to track and collect detailed information on the mobile, tablet, notebook and desktop online activities of their customers which they can sell to advertisers – or possibly serve up without warrant to government agencies. And with these UIDH “permacookies” Verizon, ATT/AT&T and others can accomplish that even if their Internet access subscribers set their web browsers to block all cookies, even if they opt for private browser sessions, even if they opt-in for “Do Not Track”, and even after they log into their accounts and opt-out of all so-called “relevant advertising” programs. To find out if your ISP is using universal identifiers (UIDs) to track you right now, for example, you can click or tap here:

Is your ISP tracking you?

Like most web pages – and websites pasted into native app wrappers so they can be called “mobile apps” – this test page is being served up unencrypted using standard Hypertext Transfer Protocol (HTTP|RFC 2616). And because the transmission is unencrypted, it is vulnerable to ISP UID(H) injections – as well as a host of other potential privacy invasions, malware insertions and hacker attacks. If instead it had been encrypted and transmitted via Hypertext Transfer Protocol Secure (HTTPS|RFC 2818), the ISP header injection scheme would be defeated because UID permacookies cannot pass through the HTTPS transport layer security envelope.

The ssRwd speedy secure responsive web design and web development methodology offered by WebFL.US delivers transfer protocol security in its most impregnable form which is HTTPS Strict Transport Security or HSTS. HSTS not only shields website visitors and mobile app users from unwanted ISP injections, unappreciated malware insertions, unwarranted government surveillance and unrelenting hacker attacks but also enables SPDY, an open network protocol built on HTTPS which can significantly speed up page content delivery and thereby measurably reduce session as well as shopping cart abandonment. Along with speed and security, ssRwd serves up web pages in a fluid, flexible, mobile-friendly responsive web design format that assures proper presentation and optimal user experience cross-browser and multi-platform from the smallest smartphone screen to the largest desktop monitor.

Every visitor to a website designed and developed with ssRwd by WebFL.US is vaccinated against UID permacookie injections for the length of their session. That’s because on delivery every web page on a WebFL.US ssRwd website passes 15 objective tests of speedy secure responsive web design. How does your website measure up? To find out, you can click or tap here:

Do you have a speedy secure responsive web design?

Both comments and trackbacks are currently closed.