What Are 'Zombie' Cookies, And Why Did They Cost Verizon $1.35M?

What Are 'Zombie' Cookies, And Why Did They Cost Verizon $1.35M?
Verizon has agreed to a settlement fee with the FCC over charges the company violated subscribers' privacy.

Verizon has agreed to cough up a small fortune to settle with the Federal Communications Commission over charges the company violated subscribers' privacy using "zombie" cookies. We'll explain in a sec.

The $1.35 million slap-on-the-wrist isn't much for a company that made more than $34 billion in revenue last quarter. What probably hurt the company more was cutting back on using those unkillable cookies, also called "supercookies."

They're much like normal Internet cookies: small text strings stored on whatever device is doing the Web browsing. When a server sends a cookie to a phone or computer, the device's Web browser stores that cookie. If the same device visits the site again, the browser returns the cookie to the server.

In this Verizon case, subscribers never agreed to letting the "zombie" cookies create identifying numbers for their devices. And while a user can normally clear cookies from a browser, Verizon's cookies just kept coming back — hence the zombie nickname.

The nonprofit journalism site ProPublica reported last year "that the tracking number could be used by any website [users] visited from their phone to build a dossier about their behavior — what sites they went to, what apps they used."

As part of the settlement, Verizon had agreed to make the "zombie" cookie an opt-in program. That just means people aren't being tracked by default anymore, but Verizon is still using "zombie" cookies.

The FCC settlement has done a lot for customer privacy, but the terms don't include websites using Verizon's AOL ad network. According to ProPublica, that group makes up about 40 percent of websites.

This video includes clips from Verizon and Adversitement and images from jake sones / CC BY 2.0 and Aldric Rodríguez Iborra / CC BY 2.0.