Why You Should Opt Out of Sharing Data With Your Mobile Provider

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how.

Image: Shutterstock

Telecommunications giant AT&T disclosed this month that a breach at a marketing vendor exposed certain account information for nine million customers. AT&T said the data exposed did not include sensitive information, such as credit card or Social Security numbers, or account passwords, but was limited to “Customer Proprietary Network Information” (CPNI), such as the number of lines on an account.

Certain questions may be coming to mind right now, like “What the heck is CPNI?” And, ‘If it’s so ‘customer proprietary,’ why is AT&T sharing it with marketers?” Also maybe, “What can I do about it?” Read on for answers to all three questions.

AT&T’s disclosure said the information exposed included customer first name, wireless account number, wireless phone number and email address. In addition, a small percentage of customer records also exposed the rate plan name, past due amounts, monthly payment amounts and minutes used.

CPNI refers to customer-specific “metadata” about the account and account usage, and may include:

-Called phone numbers
-Time of calls
-Length of calls
-Cost and billing of calls
-Service features
-Premium services, such as directory call assistance

According to a succinct CPNI explainer at TechTarget, CPNI is private and protected information that cannot be used for advertising or marketing directly.

“An individual’s CPNI can be shared with other telecommunications providers for network operating reasons,” wrote TechTarget’s Gavin Wright. “So, when the individual first signs up for phone service, this information is automatically shared by the phone provider to partner companies.”

Is your mobile Internet usage covered by CPNI laws? That’s less clear, as the CPNI rules were established before mobile phones and wireless Internet access were common. TechTarget’s CPNI primer explains:

“Under current U.S. law, cellphone use is only protected as CPNI when it is being used as a telephone. During this time, the company is acting as a telecommunications provider requiring CPNI rules. Internet use, websites visited, search history or apps used are not protected CPNI because the company is acting as an information services provider not subject to these laws.”

Hence, the carriers can share and sell this data because they’re not explicitly prohibited from doing so. All three major carriers say they take steps to anonymize the customer data they share, but researchers have shown it is not terribly difficult to de-anonymize supposedly anonymous web-browsing data.

“Your phone, and consequently your mobile provider, know a lot about you,” wrote Jack Morse for Mashable. “The places you go, apps you use, and the websites you visit potentially reveal all kinds of private information — e.g. religious beliefs, health conditions, travel plans, income level, and specific tastes in pornography. This should bother you.”

Happily, all of the U.S. carriers are required to offer customers ways to opt out of having data about how they use their devices shared with marketers. Here’s a look at some of the carrier-specific practices and opt-out options.


AT&T’s policy says it shares device or “ad ID”, combined with demographics including age range, gender, and ZIP code information with third parties which explicitly include advertisers, programmers, and networks, social media networks, analytics firms, ad networks and other similar companies that are involved in creating and delivering advertisements.

AT&T said the data exposed on 9 million customers was several years old, and mostly related to device upgrade eligibility. This may sound like the data went to just one of its partners who experienced a breach, but in all likelihood it also went to hundreds of AT&T’s partners.

AT&T’s CPNI opt-out page says it shares CPNI data with several of its affiliates, including WarnerMedia, DirecTV and Cricket Wireless. Until recently, AT&T also shared CPNI data with Xandr, whose privacy policy in turn explains that it shares data with hundreds of other advertising firms. Microsoft bought Xandr from AT&T last year.


According to the Electronic Privacy Information Center (EPIC), T-Mobile seems to be the only company out of the big three to extend to all customers the rights conferred by the California Consumer Privacy Act (CCPA).

EPIC says T-Mobile customer data sold to third parties uses another unique identifier called mobile advertising IDs or “MAIDs.” T-Mobile claims that MAIDs don’t directly identify consumers, but under the CCPA MAIDs are considered “personal information” that can be connected to IP addresses, mobile apps installed or used with the device, any video or content viewing information, and device activity and attributes.

T-Mobile customers can opt out by logging into their account and navigating to the profile page, then to “Privacy and Notifications.” From there, toggle off the options for “Use my data for analytics and reporting” and “Use my data to make ads more relevant to me.”


Verizon’s privacy policy says it does not sell information that personally identities customers (e.g., name, telephone number or email address), but it does allow third-party advertising companies to collect information about activity on Verizon websites and in Verizon apps, through MAIDs, pixels, web beacons and social network plugins.

According to Wired.com’s tutorial, Verizon users can opt out by logging into their Verizon account through a web browser or the My Verizon mobile app. From there, select the Account tab, then click Account Settings and Privacy Settings on the web. For the mobile app, click the gear icon in the upper right corner and then Manage Privacy Settings.

On the privacy preferences page, web users can choose “Don’t use” under the Custom Experience section. On the My Verizon app, toggle any green sliders to the left.

EPIC notes that all three major carriers say resetting the consumer’s device ID and/or clearing cookies in the browser will similarly reset any opt-out preferences (i.e., the customer will need to opt out again), and that blocking cookies by default may also block the opt-out cookie from being set.

T-Mobile says its opt out is device-specific and/or browser-specific. “In most cases, your opt-out choice will apply only to the specific device or browser on which it was made. You may need to separately opt out from your other devices and browsers.”

Both AT&T and Verizon offer opt-in programs that gather and share far more information, including device location, the phone numbers you call, and which sites you visit using your mobile and/or home Internet connection. AT&T calls this their Enhanced Relevant Advertising Program; Verizon’s is called Custom Experience Plus.

In 2021, multiple media outlets reported that some Verizon customers were being automatically enrolled in Custom Experience Plus — even after those customers had already opted out of the same program under its previous name — “Verizon Selects.”

If none of the above opt out options work for you, at a minimum you should be able to opt out of CPNI sharing by calling your carrier, or by visiting one of their stores.


Why should you opt out of sharing CPNI data? For starters, some of the nation’s largest wireless carriers don’t have a great track record in terms of protecting the sensitive information that you give them solely for the purposes of becoming a customer — let alone the information they collect about your use of their services after that point.

In January 2023, T-Mobile disclosed that someone stole data on 37 million customer accounts, including customer name, billing address, email, phone number, date of birth, T-Mobile account number and plan details. In August 2021, T-Mobile acknowledged that hackers made off with the names, dates of birth, Social Security numbers and driver’s license/ID information on more than 40 million current, former or prospective customers who applied for credit with the company.

Last summer, a cybercriminal began selling the names, email addresses, phone numbers, SSNs and dates of birth on 23 million Americans. An exhaustive analysis of the data strongly suggested it all belonged to customers of one AT&T company or another. AT&T stopped short of saying the data wasn’t theirs, but said the records did not appear to have come from its systems and may be tied to a previous data incident at another company.

However frequently the carriers may alert consumers about CPNI breaches, it’s probably nowhere near often enough. Currently, the carriers are required to report a consumer CPNI breach only in cases “when a person, without authorization or exceeding authorization, has intentionally gained access to, used or disclosed CPNI.”

But that definition of breach was crafted eons ago, back when the primary way CPNI was exposed was through “pretexting,” such when the phone company’s employees are tricked into giving away protected customer data.

In January, regulators at the U.S. Federal Communications Commission (FCC) proposed amending the definition of “breach” to include things like inadvertent disclosure — such as when companies expose CPNI data on a poorly-secured server in the cloud. The FCC is accepting public comments on the matter until March 24, 2023.

While it’s true that the leak of CPNI data does not involve sensitive information like Social Security or credit card numbers, one thing AT&T’s breach notice doesn’t mention is that CPNI data — such as balances and payments made — can be abused by fraudsters to make scam emails and text messages more believable when they’re trying to impersonate AT&T and phish AT&T customers.

The other problem with letting companies share or sell your CPNI data is that the wireless carriers can change their privacy policies at any time, and you are assumed to be okay with those changes as long as you keep using their services.

For example, location data from your wireless device is most definitely CPNI, and yet until very recently all of the major carriers sold their customers’ real-time location data to third party data brokers without customer consent.

What was their punishment? In 2020, the FCC proposed fines totaling $208 million against all of the major carriers for selling their customers’ real-time location data. If that sounds like a lot of money, consider that all of the major wireless providers reported tens of billions of dollars in revenue last year (e.g., Verizon’s consumer revenue alone was more than $100 billion last year).

If the United States had federal privacy laws that were at all consumer-friendly and relevant to today’s digital economy, this kind of data collection and sharing would always be opt-in by default. In such a world, the enormously profitable wireless industry would likely be forced to offer clear financial incentives to customers who choose to share this information.

But until that day arrives, understand that the carriers can change their data collection and sharing policies when it suits them. And regardless of whether you actually read any notices about changes to their privacy policies, you will have agreed to those changes as long as you continue using their service.

What Are Some of the Top Tech Services Businesses Should Use More

Businesses of all sizes, from small startups to large enterprises, are increasingly relying on technology to remain competitive and grow. The right technology services not only make businesses more efficient but also provide a platform for innovation. Technology can increase customer satisfaction and help business owners stay ahead of the competition. Here are some of the top technology services businesses should be utilizing.

1. Cloud Computing

Cloud computing provides businesses with a secure, cost-effective way to store and access data. Cloud services provide reliable server storage for critical applications and data backups. If you use a cloud service, you will no longer need to purchase, maintain, and upgrade on-site servers. It’s also easier and faster to share information between remote employees. Additionally, businesses can use cloud-based software tools to manage marketing, customer service, accounting, and more. While cloud services may require an upfront investment, long-term cost savings can be significant. Also, cloud computing is more secure than traditional on-site solutions.

2. Business Intelligence (BI) Solutions

Business intelligence (BI) solutions are essential for any business that wants to stay competitive in the ever-changing tech world. BI solutions help businesses capture, store and analyze data to make informed decisions. They provide insights into customer behavior, product or service performance, market trends, and other important business metrics. These insights can be used to hone strategies and create an edge over competitors.

Additionally, BI solutions enable businesses to easily identify opportunities for growth and improvement, as well as pinpoint areas of risk. If the business is looking to gain a deeper understanding of its analytics, BI solutions are the way to go.

3. Customer Relationship Management (CRM)

Customer Relationship Management (CRM) is a type of software that helps businesses manage their customer relationships from lead generation to the sales process and beyond. CRM tools help businesses build better relationships with customers, track customer information, prioritize tasks, and streamline business processes. By using a CRM system, businesses can more effectively engage with customers in order to increase loyalty and satisfaction.

Additionally, by leveraging automation capabilities within CRMs such as automated email campaigns, businesses can save both time and money while still providing excellent customer service. By utilizing a comprehensive CRM solution for managing customer data, businesses can make sure no opportunity for increasing revenue is missed.

4. Mobile Applications

Mobile applications are an important component of any company’s digital strategy. They enable businesses to engage with customers on the go, increasing customer satisfaction, and loyalty. Additionally, mobile apps can be used to track customer activity, increase brand awareness and even generate leads. Companies should take advantage of this technology to stay competitive in their markets and provide a better experience for their customers.

If you’re not sure where to start, look into mobile app development services to get started. They can provide valuable insights into the best strategies for your business and create custom mobile applications that make it easier for customers to interact with your brand.

5. Artificial Intelligence (AI) and Machine Learning

AI and machine learning are becoming increasingly popular tools for businesses looking to increase efficiency, reduce costs, and improve customer experience. AI can be used to automate processes such as customer service, data entry, and analytics. It can also be used to develop more accurate predictive models, allowing businesses to better anticipate customers’ needs or wants. Furthermore, machine learning algorithms enable computers to learn from past experiences and use the information they gain to create smarter decisions in less time than traditional computing methods.

6. Internet of Things (IoT)

The internet of things has become a popular technology for businesses and organizations, allowing them to create connected devices that can interact with each other over the web. IoT services offer an easy way for businesses to harness the power of the internet of things by connecting their products, machines, and processes together in order to track data and monitor performance. With IoT services, businesses can gain insights into operational efficiency, customer satisfaction, and product usage all while reducing costs associated with manual monitoring.

Additionally, they can use automated systems such as sensors and tracking devices to better understand their customers’ needs and preferences in order to improve customer service.

The best tech services businesses should use depend on their individual needs and goals. In general, the top options include data analytics, customer relationship management tools, mobile applications, AI and machine learning solutions, and internet of things services. By leveraging these technologies, businesses can gain meaningful insights into their operations while improving customer service and increasing revenue. Lastly, don’t forget to consider the advantages of outsourcing. Companies can save time and money while still taking advantage of the best available tech services.

Everything You Important You Should Know About the known_hosts file in Linux

Everything You Important You Should Know About the known_hosts file in Linux

If you look into the .ssh folder in your home directory, you’ll see a known_hosts file among other files.

abhishek@LHB:~$ ls -l .ssh
total 16
-rwxr-xr-x 1 abhishek abhishek  618 Aug 30 16:52 config
-rw------- 1 abhishek abhishek 1766 Nov 12  2017 id_rsa
-rw-r--r-- 1 abhishek abhishek  398 Nov 12  2017 id_rsa.pub
-rw------- 1 abhishek abhishek    1 Sep 26 15:00 known_hosts

Here, id_rsa is your private SSH key, id_rsa.pub is the public SSH key. The config file in SSH is used for creating profiles to connect easily to various hosts. It is not a common file and I have created it specifically.

The focus of this article is on the last file, known_hosts. This ~/.ssh/known_hosts file is a vital part of client SSH configuration files.

Let me share more details on it.

What is the known_hosts file in SSH?

The known_hosts file stores the public keys of the hosts accessed by a user. This is a very important file that assures that the user is connecting to a legitimate server by saving its identity to your local system. It also helps in avoiding the man-in-the-middle attacks.

When you connect to a new remote server via SSH, you are prompted whether you want to add the remote hosts to known_hosts file.

Everything You Important You Should Know About the known_hosts file in Linux

The message basically asked if you wanted to add the details of the remote system to your system.

The authenticity of host ' (' can't be established.
ED25519 key fingerprint is SHA256:wF2qILJg7VbqEE4/zWmyMTSwy3ja7be1jTIg3WzmpeE.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?

If you go with yes, the identity of the server is saved to your system.

Avoiding man in the middle attack

Everything You Important You Should Know About the known_hosts file in Linux

Imagine that you connect to a server regularly and have added it to the known_hosts file.

If there is a change in the public key of the remote server, your system will note this change thanks to the information stored in the known_hosts file. You’ll be alerted immediately about this change:

The RSA host key for xyz remote host has changed,and the key for the corresponding IP address xxx.yy.xxx.yy is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time.
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /home/.ssh/known_hosts to get rid of this message.
Offending key in /home/.ssh/known_hosts:1
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.

In such a case, you can contact the remote server’s administrator prior to accepting this new key. In this way, you can ensure that the remote server or host has not been compromised.

Sometimes a server’s or host’s key is intentionally altered either by the administrator or due to re-installation of the server.

Whatever be the reason for this change, you will need to first delete the old key from the known_hosts file for reconnecting to the remote server. Next time when you connect to this server, the client host will create a new host key for this server.

Managing Multiple Authenticated Users

As mentioned earlier, once a client host successfully connects to a remote server, its known_hosts file is appended with the server’s public key.

Sometimes you want a server to be authenticated to multiple users without being prompted for server key verification. For example, you are running some sort of configuration management tool like Ansible and you don’t want the client host to ask for server key verification.

So, If you have multiple users, you can bypass the SSH interactive prompt using three ways:

  • Manually appending the public key of the server to the known_hosts file of each user.
  • Use a command-line option -o StrictHostKeyChecking=no with each client while accessing the server over SSH (not recommended)
  • Register all your hosts in a master or primary ssh_known_hosts file and then orchestrate this file to all the client hosts. Also, to make this work, the ssh-keyscan command can be used:
ssh-keyscan -H -t rsa ‘your-server-ip’ >> /etc/ssh/ssh_known_hosts

The below screenshot shows how to use the StrictHostKeyChecking=no option:

Everything You Important You Should Know About the known_hosts file in Linux

The first method of managing multiple users for authenticating a server is the most toilsome as compared to the other two.

Getting remote system details from the known_hosts file

This is not an easy and straightforward task.

Almost all Linux systems set HashKnownHosts parameter to Yes in the SSH config file. It is a security feature.

This means that the details in the known_hosts file are hashed. You can see random numbers but cannot make anything out of them.

abhishek@LHB:~$ cat .ssh/known_hosts

|1|yWIW17YIg0wBRXJ8Ktt4mcfBqsk=|cFHOrZ8VEx0vdOjau2XQr/K7B/c= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR293PJnDCj59XxfqYGctrMo60ZU5IOjACZZNRp9D6f
|1|Ta7hoH/az4O3l2dwfaKh8O2jitI=|WGU5TKhMA+2og1qMKE6kmynFNYo= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmrxLW436AyBGyGCggl/j2qBCr782AVIvbiTEsWNBWLcWMKYAQpTdAXnaV4bBRqnk2NJg/60XDHKC2DF1tzx6ABWN/R6vcUAbulI9H1RUWpJ1AiDmFL84MvW2UukbpN5a6Lr+DvjclVqPxJRjQKr6Vy2K9oJgGKnHVcWSIHeAlW49kCCg5fIxF8stBTqJg0cRk6uxmcYVud1vh9a7SaZGK+jFZTB75RiHAVFuitHWpljecMxJRNYy/EhmmXrrvyU8pObVXlWlDd61uwExi4uEwNSY+Do7vR1y8svnt9mjTzzyM6MhT4sOcxWmNgdmw7bU/wPpie3dSjZMQeu2mQCSM7SG28dwjSyFPpanRsZKzkh0okAaCSItoNwl6zOf6dE3zt0s5EI6BPolhFAbT3NqmXRblxb7eV8rGEPf14iguHUkg6ZQr2OUdfeN1FYNMJ8Gb9RD159Mwjl4/jPIBdnXvt7zYct3XhPKm7Wxv4K/RWZE837C7mGQh2KEahWajdq8=
|1|NonAy25kVXL24U2mx6ZNxAY5m98=|ypf0IMpf3qq3vhrvUMprssOhODs= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE3br/9jaZfdB+qBxiVEZBJMb4XQONwzV4tH1xeFZX/zkyws2eBHrVO9O5l9b6M6+gO6nBtCwAzzaeLOn6mo8GQ=

You can get the related entries from the known_hosts if you know the hostname or the IP address of the system:

ssh-keygen -l -F <server-IP-or-hostname>

But if you want a single command that could list all the servers and their details in clear text, that’s not possible.

There are specially crafted tools and scripts used for deciphering the known_hosts but that’s not in the scope for a regular user like you and me.

Remove an entry from the known_hosts

If you want to remove a specific entry from the known_hosts file, you can do so if you know the hostname or IP of the remote system.

ssh-keygen -R server-hostname-or-IP

This is much better than identifying the entries related to a server and then manually removing them using the rm command.


You have a better hold of system security with proper knowledge of various SSH configuration files. ‘Known_hosts’ is a vital part of these files.

I have only covered the known_hosts file here; if you’d like to explore more about SSH, look at our Getting Started With SSH in Linux guide.

Why Should Tech Businesses Prioritise Occupational Health?    

Statistics show that the risks of occupational injuries in the tech sector are lower compared to other industries. A tech career doesn’t sound like something that poses significant risks. So, the question is, should tech businesses be concerned about employees’ health and safety? 

The simple answer is yes! Even if the risks are lower, that doesn’t mean they don’t exist at all. Providing a safe work environment is not only beneficial for the employees’ wellbeing but also a legal obligation – and no business is an exception from the rule.

 More often than not, safety is an afterthought in the tech sector. However, it’s worth mentioning that individuals working in this industry are not invulnerable to injuries. Therefore, businesses operating in the tech sector should prioritise occupational health, just like any other company. Regardless of the industry, employees are an invaluable asset, and it is paramount to ensure they are healthy and fulfilled. 





What are the most common injuries in the tech sector?

While some jobs may be much more hazardous, the tech sector involves its own level of risk. Even if you spend most of your work time attending meetings or writing code, this doesn’t mean you are entirely safe. Injuries can occur unexpectedly – for instance, you could trip and get injured while going to the kitchen to get some coffee. The most common injuries in the tech sector are:

Slips, trips and falls

This type of injury is common in every work environment. While they may sound harmless, slips, trips and falls can lead to severe consequences. Even milder injuries, like bruising and sprains, can cause significant pain that will affect employees’ performance.   

Several factors lead to slips, including wet floors and obstacles such as cables. Other times, uneven flooring panels can be the reason why employees may end up tripping and injuring themselves. If employees sustain an injury resulting from a slip, trip or fall, they are entitled to make a claim and get compensation for the damage they’ve suffered. 

Nowadays, finding a personal injury expert on online platforms is very easy. Employees can get legal advice and file a claim against your company without much effort. However, if this happens, it will put your business operations at risk. Therefore, it’s crucial to avoid this scenario by taking the required steps to create a safer workplace. This means ensuring the floors are clean and dry and eliminating any other hazard that could result in this type of injury.

Musculoskeletal disorders

Programmers and other tech employees repeatedly use a specific body part for the same movement in a day, which can strain that particular body part. One significant concern is carpal tunnel syndrome – this condition can cause numbness, pain and tingling in the arm and wrist and may lead to a loss of strength and inability to grip. 

Business owners can help prevent these issues by implementing an ergonomic process. This is an efficient way to reduce costs and improve employee engagement and productivity. What’s more, ergonomics shows your business’s commitment to health and safety, which is paramount for employees that end up working for you. 

What can you do to reduce hazards?

So, now that we’ve made clear that the tech sector also involves risks, the question is, what can you do to reduce them? Perhaps the most important thing you can do is build a workplace safety program. This involves writing a plan on how you can identify and control workplace dangers, establish safety responsibilities and respond to emergencies that can occur in the workplace. You must encourage employees to maintain the workstation clean, keep a correct posture and take regular breaks. If you already have a workplace safety program in place, consider improving it to ensure it covers the aspects mentioned above. This shows that you care about your employees’ welfare above anything else, which can be highly beneficial for both onboarding and retaining top talent.  

Training and written safety policies are also critical elements of a workplace safety program. Beyond specific risks like slips, trips, and falls, you should also train employees on Emergency Preparedness and Fire Extinguisher Safety. Other ways you can create a healthier work environment include:  

  • Rewarding workers for safe actions;
  • Encouraging stretch breaks;
  • Ensuring you get the adequate equipment and suitable tools for your business;
  • Having frequent meetings to talk about workplace safety. 

Combining technology with safety to create a better work environment 

Nowadays, businesses have the chance to combine tech with safety and health. This can take a business to the next level, ensuring employees perform tasks at their fullest potential. Using tech allows employees to be more aware of the threats they may face. For instance, 3D visualisation technology enables workers to determine if there is any danger before entering a particular website. Real-time data technology can be revolutionary for employees working remotely, as it improves safety. 

Moreover, technology has also improved protective equipment, as workers can use safety glasses for increased protection while working on a computer. Tech companies are responsible for protecting employees and keeping them healthy, as new technologies enable workers to perform better. Considering that the workforce is becoming younger, training methods must also evolve. Innovative technologies like virtual reality, AI and 3D training can ease the working process, making it more appealing. Moreover, a safer workplace leads to higher productivity in terms of income. These are excellent tools that you can use to detect hazardous work situations and help employees learn and work efficiently and safely. 

Tech in the workplace doesn’t only mean advanced IT strategies – you can also use it to improve workers’ health and safety, enhancing productivity. Some technologies that can help lower workplace hazards include training, reporting and monitoring workers’ safety. Technology provides all these fantastic resources that will boost your business and ensure it will last for a long time without experiencing severe disruptions. Therefore, every company operating in the tech sector should embrace all these technological advancements and use them to their advantage to create a safe workplace culture.  

The post Why Should Tech Businesses Prioritise Occupational Health?     appeared first on IT Security Guru.