The Next Web has just reported that UK Operator O2 is sending user's phone numbers in the header information when you visit a website over O2's 3G network.
TNW reports:
The issue was brought to our attention to Lewis Peckover, who created a simple webpage to check the information that a mobile browser would send to a website when it requested data.
Whilst most of the data was to be expected, including the Host, User Agent, Referrer and Encoding, there was also another field in the results — x-up-calling-line-id.
What is x-up-calling-line-id? Your mobile phone number.
TNW also tested this out on their iPhone on O2's network and they received the following results, which included the phone number.
TNW reports that O2 hasn't responded to them though they're telling users on Twitter that they're actively looking into the problem.
We’re investigating this with our internal teams, and will come back with more as soon as we can
O2 is one of Apple's iPhone partner in the UK and was the first operator in the UK to offer Apple's iPhone.
If you're on O2's network then we would strongly recommend you to visit only trusted websites until the issue is resolved.
Update:
O2 has just tweeted that they're looking into the issue on top priority:
@JerryWSL @iphonehackx it's our top priority - we're investigating this at the moment. Once we've got an update, we'll let you know.
[via The Next Web]
Nice one o2 much appreciated
This is scary!
Well this has DEFINITELY made me decide to go onto 3 after my current contract ends this time next year!
Go for the One plan. 5000 same network calls, 5000 texts, 2000 any network and landline calls and the icing on the cake, all you can eat data. I used about 60gb last month (no tethering restrictions or throttling). For only £25 a month (sim only). Obviously depending on the handset you get it may cost a bit more. Good signal too unless you live out the back of beyond. I’ve been on the plan over a year and wouldn’t change it for all the tea in China.
definetely a privacy violation for the phone number gets public to every webmaster & website stats analysis reviewer however, in the uk i’m currently on O2 and never got a phone call by unwelcome individuals.
i did had people around me coming to visit me without notice & without introducing themselves in a appropriate way then, i guess the problem is not on the phone number being sent to websites but the address information, name & last name or GPS position can be located then with O2 members of staff cooperation. rather focusing on the surface, risks & problems are much more lower level down to call centers operators & customer care members of staff who do sell such info & data to others.
take care
marc
thank you for that i was waiting for a unlock for my iphone 4. because im on 3 network. now im glad i havent got it. get stuffed o2 i was with you for years no more o2 grrrrrrrrrrrrrrrrrrrrrrrrrr
Now this explains why I’m getting random marketing text and calls even though I never give out my number. I wonder if this is against the law, as I never opted in for marketing but O2 opted in on behalf of me
All carriers do it. Header enrichment allows for many value added services when on mobile.
My previous employer was a mobile tech company who used this (with permission) on a very regular basis.