Update: (Wednesday, 25 January, 14:30) It appears as if O2 has now tweaked its system to prevent your phone numbers being transmitted to websites you are visiting. We have checked with phones on the O2 network on both test sites listed below and both suggest the problem has been remedied.
O2 itself has yet to make an official statement on the problem, saying it is still looking into the matter.
(Originally Published Wednesday, 25 January, 11:00)
It appears as if O2 mobile phone users who use their handsets to visit websites are inadvertently giving their mobile phone numbers to the websites.
Lewis Peckover, an O2 customer and web systems administrator, noticed the problem when he was investigating ways to verify a user is on a mobile device/network. He has set up a website, here, to show all the headers (information) which is collected by websites about their visitors. You can also check what information is being sent out here.
It appears that unlike Vodafone, T-Mobile, Three and Orange, customers using O2 (as well as affiliates GiffGaff and Tesco Mobile) are unknowingly sending their mobile numbers to these websites.
Using both an O2 and GiffGaff SIM in the office this morning, we visited the site and it clearly showed the x-up-calling-line-id header which requests the visitors mobile phone number. While a person’s mobile phone number on its own may not be seen as a breach of the Data Protection Act as it doesn’t automatically identify the person, it is not an ideal situation.
According to the Information Commissioners Office (ICO), phone numbers can be said to be personally identifying information (PII) but only in certain circumstances. Whether or not this circumstance is one of those is yet to be determines. There is more information on what can be thought of as PII on the ICO website.
While a website may not be able to identify you by an 11-digit phone number, more malicious sites may be able to use the information to send out spam messages to the phones which have visited their sites.
Angry O2 customers have taken to Twitter this morning to complain about the situation and O2 has responded, to almost every customer, saying its internal team is investigating the situation and will update everyone as soon as possible.
The phone numbers will only show up if you are browsing using 3G and not on Wi-Fi and while it seems that nearly all models and OSes are affected, O2 customers using BlackBerry devices don’t’ seem to be affected, probably because of how their traffic is handled.
We’ll be updating this story as it develops, but for now let us know in the comments how serious you think sending your phone number without your permission to all websites is?
Source: Lewis Peckover (Twitter)