O2 has come under fire as reports are coming through of the network sharing mobile numbers with websites when browsing the web via 3G. Whenever you connect to a website from a mobile device you provide information detailing what model the phone is as well as the web browser. This data enables that website to be displayed more effectively for your handset (taking into account different screen resolutions as an example).
It seems O2 is going one step further by providing actual phone numbers in with this data, which would unacceptable as malicious websites could use this information to contact the user, and it would be a breach of the Data Protection Act. Check out the below capture of an O2 number being sent with the header data.
Twitter user @lewispeckover has set up a webpage (seen above) that displays HTTP header information sent by the connecting device, so you can check for yourself whether your carrier is sending your number to every website you visit. Scary stuff. We checked on Three UK and everything seems normal. Let us know in the comments or in the WPCentral Forum's discussion (opens in new tab) if you try out the script (your number will be displayed after "x-up-calling-line-id" if it's being sent) and can see your number displayed.
Data Protection Watchdog has since issued a statement on the situation:
Rich Edmonds is Senior Editor of PC hardware at Windows Central, covering everything related to PC components and NAS. He's been involved in technology for more than a decade and knows a thing or two about the magic inside a PC chassis. You can follow him over on Twitter at @RichEdmonds.
Something like this doesn't happen randomly, but I wonder how O2 profits from telling the number...
Your report appeared after they had fixed it. You snooze, you lose ;)
Really? According to O2 they're still looking into it, and the commissioner's office is still going to report on the findings. It's good to have this information up so consumers are aware of the breach nonetheless.
O2 only fixed the problem this afternoon (UK time) and only when everyone knew about it. If websites don't publish the information O2 sure as hell aren't as there still isn't anything obvious on their homepage to reassure their customers.
I saw this on Twitter by a Guardian writer but I checked it earlier both on my Edge and HDSPA and it wasn't displaying my phone number. I'm on 02 with a HD7
I believe that this issue only applies to pay monthly users in London area.
This is just another reason why we need VPN capabilities built into the phone. The main reason would be increase security when using WiFi hotspots while out and about
Get the best of Windows Central in in your inbox, every day!
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.