Today in my RSS feed an interesting article appeared, stating that O2 send your mobile number to every webpage you visit. I couldn’t believe this so decided to spend 5 minutes confirming that they do and it’s stupidly easy for anyone to get your number to spam you.
A bit of background.
When you send a request to a website for a page you send along a number of headers stating things like what device you are on, what screen size you have and what features your browser support. This means web pages can change to show you less images for your mobile, some even change the formatting to make it easier to read, all very good stuff.
However this news reveals that O2 add an extra header in that tells the website what your mobile number is! Think about how many websites you visit, think about how many people could grab your mobile number from this! I spent all of 30 seconds writing the following script to dump out the http headers to the screen to check this, here is the entire script:
You can see this script running here: http://bite-code.com/scripts/dumpHeaders.php
Just make sure you visit over 3G not WiFi and you will see your mobile number listed there in the headers! It’s called HTTP_X_UP_CALLING_LINE_ID.
Don’t worry I don’t record any headers or log this information, but other websites could!
This probably explains how spammers keep getting your mobile number. I suggest you call O2 immediately and complain, I know I will.
Full credit for the original discovery and info is here: http://t.co/7IOw7gqI