What is a UID header?

UIDH stands for “Unique Identifier Header.” When you visit a website on your phone or computer, you typically send certain information to the website provider identifying your IP address, the software you’re using to browse the web, and more.

UIDH’s are “perma-cookies” that some mobile carriers inject into the information you’re sending when you surf the web. Mobile carriers use these unique identifiers to track the websites you visit, sometimes to share that data with third parties and other times for unknown reasons. Normal cookies allow users to maintain control, while perma-cookies are injected beyond reach, out of control of the user.

Why is this bad?

Privacy is a human right, recognized by the United Nations and protected in countries around the world, and privacy is essential to the exercise of most online activities, whether it’s e-banking, researching health problems, or organizing for change.

The use of these headers can violate this most fundamental right. We do not know how the data is shared with third parties, and often users don’t know that they’ve agreed to allow such behavior. There is also the possibility that criminals and other malicious attackers could take advantage of the header to track your online activity and invade your privacy.

Are UID headers only used on mobile phones?

UID headers can be injected on any unencrypted connection to the internet, whether you are using a mobile phone, a Kindle, a laptop or a tablet such as an iPad.

What carriers have been shown to be tracking their users with UIDH headers?

You can see the list of carriers in our report.

What countries have carriers which are tracking their users with UIDH headers?

You can see the list of countries in our report.

What impact did Am i being tracked have?

Thanks to our work and other activists and researchers, Verizon was fined $1.35 million by the Federal Communications Commission for the use of tracking headers. Our report was widely covered in international media around the world. In addition, we were able to directly pressure telecommunications companies to improve their data practices.

Can my provider track me if I’m using an SSL connection?

HTTPS sites use Secure Socket Layer encryption (SSL) which, in addition to helping to secure your online communications, prevent the UID header from being injected. The UID tracker mechanism is not effective in HTTPS connections. Unfortunately, millions of sites on the internet do not use SSL protection.

I can’t find where I should click to test my device.

Our test is no longer active, and we have disabled it. This is an archive site that shares information for users, researchers, and activists who are interested in the project.

Can I grab the code and try to do this myself?

Yes, you can! You can grab the code for the Amibeingtracked tool at our GitHub page here.

What data did Access Now collect with the test?

Our test examined whether your carrier inserted a UID header into your web traffic. The test gathered connection data, including the name of your mobile carrier, your mobile IP address, the country your request originates from, and HTTP header values. After our test, we transferred the results of the test to data servers located in Latin America and scrubbed your personal identifying information.

How did Access Now use the data?

We used the scrubbed data to analyze the results over time. We issue a report on the results of the data. We also intended to release scrubbed data to academic researchers. Your personal information will never be shared with third parties. The Access Now Data Usage Policy covers the Amibeingtracked website and the test.

Did Access Now do anything else with my private information?

We strongly believe in protecting our users and fight for opting-in. You can read our organizational Data Usage Policy here.

How did Access Now come up with this idea?

We were first alerted to this issue by researcher Kenn White.

What is Access Now, anyway?

We defend and extend the digital rights of users at risk around the world. By combining innovative policy, user engagement, and direct technical support, we fight for open and secure communications for all. You can find out more at https://www.accessnow.org.

How do I stay informed about this campaign?

The best way is to sign up for Access Now’ newsletter. We keep our members informed about the latest news in digital rights — including this campaign.