O2 has come under fire as reports are coming through of the network sharing mobile numbers with websites when browsing the web via 3G. Whenever you connect to a website from a mobile device you provide information detailing what model the phone is as well as the web browser. This data enables that website to be displayed more effectively for your handset (taking into account different screen resolutions as an example).
It seems O2 is going one step further by providing actual phone numbers in with this data, which would unacceptable as malicious websites could use this information to contact the user, and it would be a breach of the Data Protection Act. Check out the below capture of an O2 number being sent with the header data.
Twitter user @lewispeckover has set up a webpage (seen above) that displays HTTP header information sent by the connecting device, so you can check for yourself whether your carrier is sending your number to every website you visit. Scary stuff. We checked on Three UK and everything seems normal. Let us know in the comments or in the WPCentral Forum's discussion if you try out the script (your number will be displayed after "x-up-calling-line-id" if it's being sent) and can see your number displayed.
Data Protection Watchdog has since issued a statement on the situation:
"When people visit a website via their mobile phone they would not expect their number to be made available to that website. We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed."