Illustration of telecom towers, user data streams, and browser tracking symbols representing Utiq’s ISP-level tracking system and telecom-based surveillance advertising.

The Telecom Super-Cookie: Why Privacy Experts Are Watching Utiq Closely

4 Mins Read

PureVPNCybersecurityThe Telecom Super-Cookie: Why Privacy Experts Are Watching Utiq Closely

For years, advertisers relied on third-party cookies to track users across the internet. These small browser-based trackers powered the modern ad industry by monitoring what people searched, clicked, watched, and purchased online.

But the system started collapsing under public pressure.

Apple introduced App Tracking Transparency. Firefox blocked third-party cookies by default. Google announced plans to phase out cookies in Chrome. At the same time, privacy laws like GDPR forced companies to rethink how user tracking worked.

The advertising industry needed a replacement.

That replacement may now be arriving through telecom companies themselves.

What Is Utiq?

Utiq is an advertising technology company launched in 2023 by four of Europe’s largest telecom operators: Deutsche Telekom, Orange, Telefónica, and Vodafone.

Unlike traditional advertising trackers that operate inside your browser, Utiq works at the ISP level through participating mobile carriers and broadband providers.

By June 2025, Utiq claimed it had partnered with 26 telecom operators across Europe and generated more than 55 million unique “ConsentPass” identifiers. The company currently operates in Germany, Austria, Spain, France, Italy, and the UK.

That scale matters because telecom providers already occupy one of the most powerful positions on the internet. They control the infrastructure users rely on to connect online in the first place.

How Utiq Works

When a user visits a participating website, the site checks whether the visitor’s internet connection belongs to a telecom operator partnered with Utiq.

If it does, the user receives a consent prompt asking whether they agree to network-level personalised advertising.

Once accepted, the ISP generates an encrypted identifier known as a “ConsentPass”. According to Utiq, this identifier is created using subscriber-level information such as a mobile number or broadband account reference, combined with cryptographic hashing techniques designed to pseudonymise the user.

Utiq then generates additional identifiers, including MartechPass and AdtechPass, that advertisers use for ad targeting and campaign measurement across websites.

Functionally, the system behaves similarly to third-party cookies. The major difference is that the identifier originates from telecom infrastructure rather than the browser itself.

Researchers from the Universitat Politècnica de Catalunya described ConsentPass tokens as persistent cross-site identifiers that closely resemble traditional tracking systems.

Why Privacy Experts Are Concerned

Utiq markets itself as a “privacy-by-design” alternative to cookies, emphasizing consent flows and encrypted identifiers. But many privacy researchers argue that the bigger issue is where the tracking now takes place.

Cookies lived inside browsers. Users could block them, clear them, or isolate them using privacy-focused tools.

Telecom-linked identifiers are different because they operate closer to the network layer itself.

The same academic study from the Universitat Politècnica de Catalunya found that 100% of the 10,000 websites they analysed that used Utiq also deployed additional tracking technologies, including browser fingerprinting. In practice, Utiq was not replacing surveillance advertising; it was being added alongside it.

Researchers also warned that telecom-generated identifiers may become more persistent than traditional cookies because they are linked to infrastructure-level account systems rather than temporary browser storage.

The Phone Number Debate

One of the most controversial aspects of Utiq is its connection to subscriber-level telecom data.

The company states that phone numbers themselves are never shared directly with advertisers. Instead, identifiers are cryptographically transformed before use.

Technically, that is true.

However, pseudonymised systems are not the same as anonymous systems.

If telecom mapping databases were ever leaked, breached, or legally compelled through government requests, identifiers could theoretically be tied back to real users. Privacy advocates argue that centralising identity systems at the ISP level creates a much larger long-term risk surface than traditional browser cookies ever did.

This concern becomes more serious when viewed against broader industry trends. According to IBM’s 2024 Cost of a Data Breach Report, the global average cost of a data breach reached $4.88 million, the highest figure ever recorded.

The more centralised identity systems become, the more valuable they become to attackers.

Can a VPN Stop Utiq?

In many cases, yes.

Utiq activates only when websites detect that a user is connected through a participating telecom network. A VPN masks your real IP address and routes traffic through an encrypted server, preventing websites from directly identifying your ISP relationship.

This means:

  • Utiq consent prompts may never activate
  • Telecom-level tracking visibility is reduced
  • ISPs lose direct visibility into browsing destinations

Traditional anti-tracking measures such as clearing cookies or using incognito mode do little against infrastructure-level tracking systems.

A VPN changes the network path itself, which is why it remains one of the most effective privacy defences against telecom-linked advertising technologies.

The Bigger Shift Nobody Is Talking About

Utiq is important because it represents a broader transformation happening inside the advertising industry.

Tracking is moving away from browser cookies and toward:

  • ISP-linked identifiers
  • Device fingerprinting
  • Logged-in identity systems
  • AI-driven behavioral profiling
  • Infrastructure-level surveillance

The death of third-party cookies did not eliminate online tracking.

It simply pushed the surveillance ecosystem deeper into the architecture of the internet itself.

And that changes the balance of power dramatically.

Because once internet providers become advertising platforms, users lose one of the last layers of separation between connectivity and surveillance.

Final Thoughts

Today, Utiq remains primarily a European issue. But the underlying model has no geographic limitations.

If telecom-backed advertising systems prove commercially successful, similar technologies could rapidly expand into other markets, carriers, and connected ecosystems.

The real question is no longer whether advertisers will track users.

The question is whether internet infrastructure providers should be allowed to monetise the networks people depend on every day.

That debate is only beginning.

Topics :

Related Stories

What PureVPN Found: How PlayStation’s Age Verification Compares to Global Surveillance Standards

What PureVPN Found: How PlayStation’s Age Verification Compares to Global Surveillance Standards
Posted on June 4, 2026
What Is a VPN Used For? 11 Practical VPN Uses in 2026

What Is a VPN Used For? 11 Practical VPN Uses in 2026
Posted on June 3, 2026
Grafana Breach Linked to TanStack npm Supply Chain Attack

Grafana Breach Linked to TanStack npm Supply Chain Attack
Posted on May 26, 2026

Have Your Say!!