UK carrier O2 finds itself embroiled in data protection controversy today, with allegations that the operator is revealing mobile users cellphone number to each website they visit on their phone. According to Lewis Peckover, buried in among the header data from each O2 visitor is a line revealing their own mobile number; he set up a site to show off just what O2 is including. However, while some O2 users are corroborating the claims, our own tests have failed to do so. Update: Temporary workaround after the cut.
We visited the site on a Galaxy Nexus using an O2 SIM and the carrier’s 3G network, and saw no evidence of the number registered to the account. The screenshot above shows exactly what data is being received by Peckover’s site.
Where his testing identified a line in the headers called “x-up-calling-line-id:” with the mobile number in international format, though, ours did not. A quick check of Twitter indicates we’re not the only one to see it too. O2 says, via Twitter, that “we’re checking this out with our internal teams as we speak. Once we’ve got an update, we’ll let everyone know.”
Some giffgaff subscribers – an MVNO using O2′s network – also report seeing their own number show up in the headers. Even inconsistent across users, though, the issue could be potentially very damaging to O2′s reputation; we’ll update when we know more.
Update: TNW is reporting that its own testing – using an iPhone on O2 – showed the account’s phone number in the header data.
Update 2: Pocket-lint has suggested a temporary workaround, which involves using an alternative APN for O2. Changing to the following settings seemingly prevents your number from being shared:
[via Matt Parker]