"By February?" If they were truly serious, they could effect such a change much quicker. Also note that in their blog post, they still defend this practise but are just re-evaluating because people got upset.
A company truly "committed to privacy" would have been insulted by Verizon's header manipulation and not have touched it in the first place.
And, as they have shown that they feel this type of method is OK, then what's to say they're not just making a slicker system behind the scenes? Verizon knows each subscriber->TCP tuple and can easily expose such an API for companies like Turn. Their actions show they are not opposed to such data sharing.
February is two weeks away. That seems like a reasonably quick timeline to me. Many companies have deployment practices - sometimes for good reason - that preclude getting changes live instantly.
This is probably a net loss for privacy in so far as it somewhat reduces the pressure on verizon to change their ridiculous cookie practice.
Asking the industry to self regulate, by ignoring verizons cookie or adhering to "do not track", distracts from the real problems that we need to solve technically.
I am of the opinion that user tracking should be illegal unless the user opts-in to it. And sites should not be able to require an opt-in in order to provide a service or site.
No doubt this sense of entitlement to the service of others is due to some sort of social contract the site operators implicitly agreed to by breathing oxygen, right?
No, there is no entitlement, I just don't believe that using a site entitles that site's owner to track you all over the Internet. And if you can't see why it's wrong, you're hopeless.
These aren't cookies in the traditional sense, they encode tracking data and store it in a non-volatile storage accessible from the browser this can be anything from a simple cache to a WebSQL database.
Then they use Javascript to either read the tracking data directly and embed it into each request manually, or issue you a new cookie immediately if their tracking cookie is missing but the data is still accessible.
The main problem with these types of tracking is that for the most part browser manufacturers have no reason to restrict the use of such tracking techniques because it will affect their business models.
Other techniques abuse unforeseen uses of new standards such as HTML5 and WebSQL however as the W3C is your usual comity it takes years for any meaningful stance to be taken, and even then they still have quite a bit of conflicting interests.
The problem is that people want a free web, both as in free speech, and as in free beer and these world views tend to collide when pretty much everything out there is commercial.
With how little revenue actually comes from web ads these days due to the constant devaluation of "ad clicks" companies go out of there way to squeeze every penny from each visitor. What you end up is with tracking, tailored advertisement and your habits being sold for data mining.
What I mean is, when they regenerated the HTTP cookie from other sources, they generated the exact same cookie, so you could tell.
If they change it to say `encrypt(tracking number + nonce)`, then it will be effectively the same cookie, but you wont be able to tell from the client perspective.
Many times don't regenerate the exact same cookie. Many of them generate a different cookie to avoid detection many of them will have random names and other "random" identifiers, some of them will even attempt to hide them selves as GA cookies(UTM UTA etc), however they will always embed the same identifiable information they've retrieved from other stores in your browser.
A company truly "committed to privacy" would have been insulted by Verizon's header manipulation and not have touched it in the first place.
And, as they have shown that they feel this type of method is OK, then what's to say they're not just making a slicker system behind the scenes? Verizon knows each subscriber->TCP tuple and can easily expose such an API for companies like Turn. Their actions show they are not opposed to such data sharing.