Service giants Verizon and AT\u0026amp;T have been quietly following more than 100 million users’ internet activity without their consent for years through the use of invasive \u0022supercookie\u0022 tracking technology that is nearly impossible to detect or escape.According to the Electronic Frontier Foundation (EFF), those methods may violate federal laws.The tracking codes—called Unique Identifier Headers, or X-UIDH—are installed on every unencrypted web page that users of both services visit on their mobile devices, which in turn allows Verizon and AT\u0026amp;T to monitor their customers’ browsing history and create permanent identification profiles of their habits, likes, and interests. Once installed, the supercookies cannot be deleted nor evaded, even if customers clear their cookies, use private browsing modes, disable third-party cookies, or select \u0022Do Not Track\u0022 in their settings.Verizon allows individual users to opt-out of the marketing program—but that option does not prevent the company from collecting its customers’ browsing data, only from sharing it with third-party advertisers.\u0022Verizon\u0026#039;s failure to permit its users to opt out of X-UIDH may be a violation of the federal law that requires phone companies to maintain the confidentiality of their customers\u0026#039; data,\u0022 EFF senior staff technologist Jacob Hoffman-Andrews explains.That federal law is the Communications Act, a portion of which requires service providers to protect their customers’ confidential data, and bars carriers from using information they acquire from other providers for their own marketing efforts.The Washington Post notes that Verizon and AT\u0026amp;T could also be in violation of the federal Wiretap Act, \u0022which prohibits altering personal communications during transmission without consent or a court order.... the companies could be vulnerable if a court found that the notification efforts by Verizon and AT\u0026amp;T were not adequate.\u0022According to Verizon, which has been gathering data on its customers since 2012 with its Precision Marketing Insights tracking program, the technology was developed to help third-party companies create targeted ads for users—but as experts point out, its privacy implications go far beyond that.\u0022We have seen that the NSA [National Security Agency] uses similar identifying metadata as \u0026#039;selectors\u0026#039; to collect all of a single person\u0026#039;s Internet activity,\u0022 Hoffman-Andrews says. \u0022Having all Verizon mobile users\u0026#039; web traffic marked with a persistent, unique identifier makes it trivial for anyone passively eavesdropping on the Internet to associate that traffic with the individual user in a way not possible with IP addresses alone.\u0022Unlike regular cookies, supercookies are tied to data plans, so anyone who browses the internet through hotspots or shares computers that use cellular data gets monitored as well.\u0022That means advertisers may build a profile that reveals private browsing activity to coworkers, friends, or family through targeted advertising,\u0022 Hoffman-Andrews says.Even those who are not Verizon customers are subject to tracking. Because the code is injected at the network level, it interacts with devices and servers—so the supercookies are installed on any phone or tablet which uses a Verizon tower.A select few customers are not targeted by the tracking tool, EFF notes. According to AdAge, \u0022Corporate and government subscribers are excluded from the new marketing solution.\u0022\u0022If they are indeed excepted from the program, that indicates to us that implementing an opt-out is feasible,\u0022 Hoffman-Andrews says. \u0022We\u0026#039;re disappointed that Verizon takes some of its users\u0026#039; privacy more seriously than others.\u0022There are other privacy concerns as well. The Post continues:Verizon’s experimentation with supercookies is almost certain to spur copycats eager to compete for a larger share of the multibillion-dollar advertising profits won by Google, Facebook and others.Those companies track their users and sell targeted advertising based on what they learn. Supercookies could allow cellular carriers and other Internet providers to do the same, potentially encircling ordinary users in a Web of tracking far more extensive than experienced today.AT\u0026amp;T would not disclose how long it has been using supercookies. The company says it is putting protective measures in place to ensure that their X-UIDH codes change daily for every user, but security researcher Kenneth White—who discovered AT\u0026amp;T\u0026#039;s tracking program—told Forbes that those claims are \u0022categorically untrue.\u0022 At least three of the AT\u0026amp;T\u0026#039;s identifying codes are persistent, White said.Mobile users can check if their web activity is being monitored at AmIBeingTracked.com or lessonslearned.org/sniff.