Utiq: The new telecom 'Super-Cookie' threatening your privacy
Ecosystem<br>ArpokratOS
Messenger & Wallet
Trust & SecurityInfrastructure<br>Messenger Protocol
MissionPhilosophy<br>For Whom?
Blog<br>FAQ<br>Contact
EnglishFrançaisPortuguêsDeutschEspañolItalianoNederlandsPolskiČeštinaShqipSrpskiIndonesiaTürkçeРусскийУкраїнськаहिन्दी日本語KiswahiliAfrikaans한국어简体中文繁體中文العربيةفارسیעברית
Utiq: The new telecom 'Super-Cookie' threatening your privacy<br>Presented as a privacy-friendly alternative, Utiq is actually a massive tracking tool operated directly by your Internet Service Provider.<br>June 1, 2026<br>|Reading time: 4 minutes
Arpokrat Security Team<br>Privacy Advocates & Developers
Share
The scheduled end of third-party cookies on web browsers has triggered a true arms race in the targeted advertising industry. While Google is trying to impose its own standards (like the Privacy Sandbox), another unexpected player has decided to grab a piece of the pie: your Internet Service Provider (ISP) .<br>Thus was born Utiq (formerly known as project TrustPid), a joint venture founded by European telecommunications giants. Sold to the general public as a “transparent and respectful” solution, Utiq is actually what cybersecurity experts fear most: a “supercookie” operating at the network level.<br>What is Utiq and how does it work?<br>Traditionally, advertising tracking (cookies) is managed by your web browser (Chrome, Firefox, Safari). You could block it using extensions (like uBlock Origin) or a privacy-oriented browser (like Brave).<br>Utiq shifts the problem one step back: to the level of your network connection.<br>Here is how the trap springs:<br>Network interception: When you browse the internet via your mobile connection (4G/5G) or your fiber box, Utiq uses your IP address and your telecom subscription data to identify you.<br>Consent (the false choice): Upon arriving at a partner site, a pop-up window asks you to accept Utiq. Due to the fatigue associated with cookie banners (Consent Fatigue), millions of users click “Accept” without reading.<br>The “Network Signal”: Once consent is given, Utiq directly contacts your telecom operator. The latter generates a unique, pseudonymized identification token (the network signal) which it transmits to advertisers.<br>You are now trackable from site to site, not by a file stored on your computer, but by the very infrastructure that provides you with the internet .<br>Why Utiq is a privacy nightmare (OPSEC)<br>The initiative raises serious problems for digital sovereignty and the confidentiality of your data:<br>Tracking at the source: Unlike classic cookies, you cannot simply “clear your history” or “empty your cache” to get rid of Utiq. The identification token is generated by your ISP.<br>The centralization of profiles: Telecom operators already know your name, physical address, banking details, and location in real-time. By linking your web browsing history via Utiq to this, they create behavioral profiling of daunting precision.<br>The flaw of pseudonymization: Utiq defends itself by not sharing your name in plain text, claiming to use “encrypted” tokens. However, in the cybersecurity world, it is proven that pseudonymization is reversible. Cross-referencing these tokens with other databases allows individuals to be easily re-identified.<br>Which operators use Utiq?<br>Utiq was founded by an alliance of the four largest European operators. If you are a customer of one of them (or one of their low-cost subsidiaries), your connection is potentially already “compatible” with this tracking.<br>Here are the founders and links to their respective privacy policies:<br>Orange (France, Spain, Poland, etc.)<br>Vodafone (Germany, Spain, UK, etc.)<br>Telefónica / O2 / Movistar (Spain, Germany, etc.)<br>Deutsche Telekom (Germany, Central Europe)<br>The OPSEC tip: Although Utiq offers a centralized consent management portal (consenthub.utiq.com) to revoke access, the best defense remains technological.
The Zero-Trust approach to counter Utiq<br>The philosophy of digital sovereignty, driven by ecosystems like Arpokrat , relies on a simple principle: never trust the network infrastructure.<br>To technically neutralize systems like Utiq, the solution is to hide your traffic from your own internet service provider:<br>Using a sovereign VPN: By encrypting your traffic as soon as it leaves your device, your ISP only sees an unreadable stream of data directed towards a VPN server. It can no longer inject or read Utiq tokens.<br>The Tor network (Orbot): Onion routing prevents any end-to-end identification.<br>DNS Encryption (DoH/DoT): Prevents your operator from knowing which websites you request to visit.<br>In summary, Utiq is proof that internet service providers are no longer content with being mere “pipes”; they want to become data brokers. More than ever, encrypting your traffic is no longer a security option, but an absolute necessity to preserve your digital silence.
Tags...