When it comes to privacy, mobile carriers must choose whether they serve customers or advertisers

Mobile carriers are always trying to find new places to insert themselves in the mobile value chain. They want to be indispensable, not just suppliers of commoditized connectivity that lets others make big money off new services running over the carriers’ networks.

But what can carriers in a competitive market can offer that no one else can? Their presence at the most important gate – the connection between the mobile user and the wider world. They manage the connection on a device that’s becoming more personal by the year, a device through which people live their lives. And there’s more than one thing they can do with that position of power.

Operators can use their stewardship of the user’s identity, represented by their SIM card and phone number, to act as a provider of security and guardian of the user’s privacy. More on that shortly, but let’s look first at the other path – privacy-busting for money, as exemplified by Verizon.

The permacookie

For the last couple of years, [company]Verizon[/company] has been making it easy to track many of its mobile users. As part of an ad-targeting program, the carrier has been adding a unique identifier header (UIDH) string to the HTTP requests sent by users’ devices – the purpose is to make it easier to deliver targeted advertising to the user, but as Wired reported last week, the UIDH gets sent out even when customers have opted out of the carrier’s marketing program.

It appears not all Verizon customers are affected by this, but other carriers may employ similar practices, such as AT&T and the U.K.’s Vodafone. The implications are fairly appalling: even when customers think they’ve opted out, they’re still trackable across every site they visit. Great news for ad networks that are irritated by manufacturers’ shift away from persistent device identifiers, and perhaps for intelligence agencies too.

Because cookies don’t work on phones as such, no other party, except for the device vendors, has the ability to play this game, and the device vendors are at least trying to make a show of giving users control over their privacy. [company]Apple[/company]’s Identifier for Advertisers (IDFA) and [company]Google[/company]’s Advertising ID for Android both let users opt out of being tracked for marketing purposes altogether.

Consumers who care about privacy may feel reassured by those moves, and they may see carriers effectively providing ad networks with a way around these privacy protections as something of a betrayal. It may be that Verizon’s UIDH system is badly designed, as Stanford’s Jonathan Mayer has suggested, but either way it’s not going to engender trust.

Identity protector

Now let’s have a look at a very different scheme that also gives carriers a valuable role in the online ecosystem. It’s called Mobile Connect, and it’s a program that’s being developed under the auspices of carrier trade body the GSMA.

With Mobile Connect, the user’s phone number – managed by the carrier – becomes their login credential for web services from news sites to banking. Instead of choosing a login mechanism such as Google or Facebook, the user chooses Mobile Connect, enters her phone number (which doesn’t go to the web service itself), then enters a pin code when challenged on her phone. It’s based on a new standard called OpenID Connect. A couple of operators have set it live already and big players like Orange will dive in soon, and the big benefit is supposed to be privacy protection.

Enterprise mobility
As GSMA mobile identity chief Marie Austena explained to me, Mobile Connect will give carriers a wider view of which services their customers are using across the desktop and mobile, but not beyond the level of person-X-logged-into-service-Y. “The extent to which they can use this information is very limited – only for the purposes of their core business,” Austena told me in an interview earlier this month.

“Consumers are often using their Twitter or Facebook accounts to log in, but of course that has privacy implications,” Austena said. “This is about having another secure way of authenticating and combining that with privacy protection – this is pretty much the starting point for Mobile Connect.”

There’s certainly some cause for suspicion here, particularly in countries such as the U.K. and Australia that force operators to hang onto user metadata for the authorities’ benefit, but overall it’s not a bad idea. A phone number is all about identity anyway – why not use that in the online context to provide a trusted alternative to clunky old passwords and the mechanisms of tracking-mad web firms?

The idea only works, though, if the carrier can plausibly play the part of a trusted authentication provider. It all falls apart if the carrier has skin in the ad game – a change in role that makes it no better than Google or Facebook, from a privacy perspective at least. As far as I can tell, Verizon and other suspected supercookie-planting carriers aren’t trying to play the Mobile Connect authentication game, for now at least. But they should be aware that tracking and profiling users’ mobile internet usage is incompatible with that role.

They’re choosing to serve advertisers rather than their users. If their rivals find success in playing the role of trusted privacy guardian and security provider, that may turn out to be a bad marketing call.

This article was updated at 7.50am PT to note that the UIDH system is not associated with the Verizon Selects program, but rather a separate effort. A Verizon spokesperson wrote to me: “The UIDH can be used to help associate devices with targeted ad campaigns for Precision Market Insights from Verizon’s Relevant Mobile Advertising program to the extent a customer has not opted-out of the program.”