O2 leaks users’ numbers to every website visited
O2 UK is handing out its customers’ mobile telephone numbers like free sweets to every website they visit on their phones.
However, for customers using the Internet on an O2 3G connection, this data also includes their telephone number in an “x-up-calling-line-id” line, added in by a proxy server running on the company’s network.
Other 3G networks aren’t appending their users’ mobile numbers to the HTTP headers, and O2 users using WiFi rather than 3G won’t have the issue, neither will users using browsers such as Opera Mini, which have their own proxy servers.
From statements on Twitter, it appears that BlackBerry users on O2 don’t experience the problem because RIM runs its own proxy servers, and neither do O2 customers outside the United Kingdom because the network operates separate proxy servers in each nation.
The issue also affects users on GiffGaff and Tesco Mobile, which are MVNO (Mobile Virtual Network Operator) networks using on O2′s infrastructure to offer their customers lower prices.
Update: after a high number of complaints, O2 appears to have shut off the proxy server issue, however the company has not issued an official statement yet.