Apparently O2’s sending some customer phone numbers in the HTTP header to every website they browse over its cellular network. It’s not unusual to send identifier information to sites when you visit — it’s normally your IP address — but your phone number? That’s a whole different ball game.
I don’t know about you, but I sure as hell don’t want every website I visit to have my phone number. Whether they collect it or not, I get enough cold calls and spam texts as it is. You can check it out for yourself courtesy of @lewispeckover at his headers test site; some are reporting that it does send their phone number, others aren’t seeing it. It certainly seems a bit odd, but we’ve checked it out for ourselves and sure enough, our phone number is visible on O2 for us (see below). It’s also not visible on any of the other networks we’ve tried, including Three and Orange, but might be for any other MVNO that uses O2 like GiffGaff.
We’ve reached out to O2 about this, and will keep you posted on what they say. Hopefully it’s just some kind of error that can be easily corrected; it’s certainly a bit odd that it’s happening for some but not others. Who knows what nefarious sites might do with your phone number, especially now it’s become widely known. [ThinkBroadband]
Updated: It looks as though O2 have scrambled to fix it and it’s no longer sending your number out, at least as far as we can tell. That was pretty quick, but considering it’s been happening for a while, there might be repercussions from the Information Commissioner’s Office in O2′s future.