Whether you’re one of those people who dishes out your number at the drop of a hat or guards it with your life, odds are you’d be pretty miffed if you found out your network operator was sending it out to each and every website you visited on your phone when browsing via a mobile data connection. After all, your browsing patterns are extremely valuable, telling a lot about you as a consumer and potentially opening you up to unwanted, very targeted SMS adverts and cold calls.
Unfortunately for O2 however, it looks like they’ve been guilty of doing just that. Intentionally or not, along with the standard information shared about your browser, host ID and referrer has been your x-up-calling-line-id, aka, your mobile number. As pointed out by Charles Arthur in the tweet below, O2 are in their rights to do so, however being the only UK operator sharing this information doesn’t look good in a privacy conscious age of Carrier IQ and PlayStation Network hacks.
At the heart of this is Collin Mulliner, a German mobile security expert who even went so far as to publish a paper on the subject of privacy leaks via mobile internet last year. He has also created a privacy checker site, http://www.mulliner.org/pc.cgi where you can isolate just what is being shared through your mobile browser. We tried it ourselves and as you can see from the image to the left, either the issue has been resolved or doesn’t affect every O2 user. O2 haven’t disclosed an official statement thus far, we will update this feature when they do.
This is nothing new with Orange in Spain having shared the same information in 2010 and reports dating back to 2002 on Nokia developer forums. With mobile internet browsing on the rise now however and the browsing history being so telling about your buying patterns, this information is more valuable than it has ever been and in turn, so is the trust between customer and network operator to appropriately manage it.
So while no privacy laws have been broken, the reaction to this O2 blunder from consumers and press alike proves that networks and manufacturers alike are going to have to become even more vigilant on the subject of privacy if they want mobile users to feel safe in the knowledge their personal information is indeed their personal information.
*Update: O2 have indeed fixed this loophole which has been open since early January after routine maintenance left a misconfiguration in their systems.
Source: The Next Web