As I talk to people about privacy, I've found a lot of misunderstanding. HTTPS applies encryption to the communication channel between you and the website you're looking at. It's an absolute necessity when someone's making a password or sending a credit card number, but the modern web environment has also made it important for any communication that expects privacy.
It used to be that network providers didn't read your web browsing traffic or insert content into it, but now they do so routinely. This week we learned that Verizon and AT&T were inserting an "X-UIDH" header into your mobile phone web traffic. So for example, if a teen was browsing a library catalog for books on "pregnancy" using a mobile phone, Verizon's advertising partners could, in theory, deliver advertising for maternity products.
The only way to stop this header insertion is for websites to use HTTPS. So do it. Or you're a snitch.
Sorry, Blogger.com doesn't support HTTPS. So if you mysteriously get ads for snitch-related products, or if the phrase "Verizon and AT&T" is not equal to "V*erizo*n and A*T*&T" without the asterisks, blame me and blame Google.
Here's more on the X-UIDH header.
- Verizon Injecting Perma-Cookies to Track Mobile Customers, Bypassing Privacy Controls
- Verizon's 'Perma-Cookie' Is a Privacy-Killing Machine
- Do Verizon and AT&T's Super Cookies Count as Session Identifiers?
- Privacy: It’s Time for the Library Community To Speak Up About Verizon and AT&T Use of X-UIDH Header to Track Wireless Web Users