When the Data Protection Ombudsman opens his mail in the morning.
If you’re reading this news article using your O2 mobile phone, you’ll be pleased to know that O2 have already sent me your mobile phone number within the HTTP headers which normally contain information about how content can be displayed on your device.
Fortunately for you, I am not technically savvy enough to retrieve this information, nor bitchy enough to send you a text message on your mobile phone in the middle of Coronation Street this evening apparently from the local STD clinic or worse…
Other web sites you visit might not be so well mannered or considerate.
For example, if you open an e-mail which includes references to external images, the mere action of opening the e-mail would divulge your phone number. This could be used by anyone undertaking a phishing attack or other scam to get more information from you. The opportunity to abuse this is potentially endless.
This glitch in O2s software was allegedly revealed by the thinkbroadband site this afternoon, but worryingly, a little research reveals that it was identified 12 months ago by a young hacker at the CanSecWest conference in Vancouver. Quite amazing that a full year later, the same glitch existed.
There is a site here where you can check whether O2 are handing out your mobile phone number to every Tom, Dick and Harry you surf to meet…..it means potentially giving your phone number to Lewis Peckover but at least you will know who you’ve given it to!
Anna is the landlady of the Raccoon Arms. She lives in the Monbazillac area of South West France and still takes a keen interest in British politics.
{ 10 comments }
“Quite amazing that a full year later, the same glitch existed”
Only if you assume it’s a bug rather than a feature.
Anna,
with a headline like that, are you angling to be a sub at the Currant Bun?
I know, I’m wasted here, wasted I tell you……
It appears that it has been fixed now http://www.theregister.co.uk/2012/01/25/o2_stop_phone_number_leak/
I don’t understand this ‘modern’ generation. Once upon a time your phone number was public, it appeared in telephone directories, the point of having a telephone was that people could get in touch with you.
Now, with the advent of mobiles, the number is ‘private’, shared only with your little in-group. Heaven forbid that your next door neighbour or fellow worker might urgently want to contact you.
But then these self-same people tell all on Facebook. Anyone in the world can now potentially track you down with clues of pictures, friends, schools etc. apparently freely give. A far cry from the thick directory set in small type in which you were hidden amongst all the other “Smith, J.”‘s.
So what a shock that people using their mobiles to access the internet are having their ‘secret’ IDs forwarded and that the Data Protection Commissioner might need to get involved. Don’t shout too loud though, don’t these wombats realise that when they access the internet using their PCs that their unique IP address is also being forwarded and revealed to every website that they visit too. Better block that too – oh sorry, that is how the internet works.
“Once upon a time your phone number was public, it appeared in telephone directories,”
Yes, but that was before the whole world caught paranoia and started treating everyone else as strangers and criminals.
Perhaps, but it was also before the advent of automated diallers, voice playout systems and call centres with scripts to try and sell you services no sane person should want.
Cold-calling then required a phone book, calloused fingers for manual dialling and a very thick skin.
Playing Devil’s Advocate here for a moment…
Firstly an IP address might not be related to a person specifically – DHCP from an IP address pool means that it’s far easier for most of Joe Public to change an IP address than a phone number.
And secondly, you can’t harrass someone via an IP address; unlike a mobile phone number which will have a device on the other end capable of receiving a torrent of spam, cold callers or heavy breathing depending on the outlook of the tormentor…
I fully agree with your diatribe against the idiots who want to live their lives splashed across the internet. *shudders*
Well explained Uncle Nick,
Browser User Agent string (HEADER) usually carries 5-15 bits of identifying information.. That means that on average, only one person in about 1,500 (210.5) will have the same User Agent as you of all the people on the internet.
On its own, that isn’t enough to recreate cookies and track people perfectly, but in combination with another detail like geolocation to a particular ZIP/post code or having an uncommon browser plugin installed, the User Agent string becomes a real privacy problem.
If you add a unique telephone number it is a perfect method of tracking. The people who are in the business of tracking operate across millions of websites via Ads and plugins. Eg. All the handy Apps you download on your iphone or plugins for your browser are often frontend surveillence for advertising trackers, spammers, botnets and government snoopers.
O2 already had all your demographic information stored on your registration for the phone. By using your phone number as a reference point for all websites you they visited they have you totally monitored at all times.
The leaking of the information is likely to have occurred when the O2 servers have not been configured to modify the User Agent tags from the outbound requests to the internet thus rebroadcasting externally the information they were wishing to secretly harvest for themselves.
There failure has allowed every website you travel too and every server you travel through (Any their are many) to gather information and identify you precisely while also being able to track your habbits and preferences via cookies through the wider adware networks.
There are many criminal activities that can be exploited by such information but their is no point in explaining these in detail, I am sure you an imagine.
If you want to see how Big Brother techincally works Google “bits of entropy” & “internet anonymity” then proceed to make a toilfoil hat for your head.
The only real solution is TOR Bundle also to be found. It is also wise to request an https connection when ever possible to avoid snooping between parts of the internet.
15 minutes of installation leaves your internet slightly slower but totally Anonymous if operated correctly. This is how the Chinese and Iranain, etc political activists operate.
It is fascinating that as the years drift by how much equipment is totally foreign to one. I have no idea what an O2 is ( and dont want to know) . We only own an electric mobile phone as the occaisional lorry cuts our outside phone line.
The frenzy to buy new ‘stuff’ is quite amazing. But even more so is how all the youf have become right chatterboxes.
Why do you do it?