O2 phone number revealing "scandal". A common sense perspective
[Short link to this post if you need it: http://goo.gl/ayGcB or retweet me ] Yesterday @lewispeckover published an article about the fact that O2 were putting an HTTP header (x-up-calling-line-id) with the user's phone number in place on every non-encrypted web request put through their network by their proxies. This also affected MVNOs using O2, such as GiffGaff and Tesco Mobile. The proxies are used, amongst other things, to reduce image quality to improve page load times and other things. The injection of the HTTP header with the phone number is something they do to give the number to "trusted parties" who provide certain age-related services, where they can verify the number with the provider. This only happens when using O2's data network where the proxies are used, and not over any other connection such as your home wifi. Also some browsers, such as Opera and the BlackBerry ones make use of their own proxes and bypass O2's ones, and will therefore not be s