O2 accused of leaking phone numbers online - we show how to plug the hole
The Internet is awash with claims that O2 is sharing customers' mobile phone numbers with websites. Twitter users are posting that, after checking with a site that examines data sent from their phone to webservers, that their phone number is clearly visible.
Pocket-lint has checked, using a number of devices, and all are exhibiting the problem. An Android Samsung Galaxy Tab 7-inch and an iPhone 4S both send their phone numbers to any website that cares to capture information from the headers.
Headers are sent along with every web page request, which is perfectly normal and usually nothing to worry about. When you visit a site, it may query your browser to find out information that helps it better display web pages to you. This data usually includes the type of browser and often information about the language you're reading in, and the web site you were referred from. It is how, for example, sites redirect you to a mobile page instead of the full version.
However, what O2 appears to be doing is taking your phone number from its system and attaching it to this header information. Quite why it's doing this, we don't know as yet. We can think of some reasons, like allowing O2 customers to check their account information without logging in. But to pass such details on to the Internet at large seems absurd.
From our tests, other operators do not do this. But be aware that the likes of GiffGaff and Tesco Mobile both use the O2 network, and may also provide this information. It seems that T-Mobile, Orange, Virgin Mobile, Three and Vodafone do not suffer from the same issue.
Further testing, based on a suggestion made on the thinkbroadband.com story, shows that using the O2 proxy bypass account removes your phone number from the header information. The proxy is used by O2 to reduce the cost of transferring large amounts of data via 3G. It compresses images, so web pages load quickly and uses less of your data allowance.
If you want to remove your phone number, and switch to the O2 proxy bypass APN until the firm fixes this leak, you need to enter the following in to your APN settings:
O2 has stated that it is currently investigating the problem and we await the company's official word.
UPDATE: It seems as if O2 may have fixed the issue. When we visit the test site on our devices now, the number has vanished. Do let us know, however, if you are still experiencing the former problem.
What do you make of all this? Are you outraged, or do you think it's a storm in a teacup? Let us know in the comments below...