Let’s say you visit a website that employs this method without the Verizon header. As detailed at Webpolicy.org, the system simply installs a standard tracking cookie. If you visit it with a Verizon header, the system sets a cookie ID that corresponds to the Verizon header. Remove the tracking cookie, and the system promptly reinstates it with the Verizon header. That’s why it’s being called a “zombie” cookie — it comes back once deleted.
No, the advertiser doesn’t know that UID=123456789 is John Doe from Maryland, but the advertising network can track everywhere that John Doe goes, every website he visits, and every page he touches. If you delete the tracking cookie it’s promptly reconstituted and reassociated with your profile. Full details are available at Mayer’s website, but the collateral damage is significant. Laptops tethered to cell phones on Verizon’s network, for example, can be infected by this process.