You should join our great online community now - you can win great prizes
Register now
You should subscribe to our free MyBroadband newsletter


+ Reply to Thread
Results 1 to 15 of 15

Thread: Celll phone number is possibly transmitted when browsing the Internet

  1. #1

    Default Celll phone number is possibly transmitted when browsing the Internet

    I found this article: O2 shares your mobile phone number with every website you visit

    So, I thought - I wonder if any of the South African service providers do this?

    Checking from the link in the article: http://lew.io/headers.php:

    1) Cell C (prepaid - All-In-One R199 voucher) - No

    2) Vodacom (contract): YES! The interesting headers are:
    x-up-calling-line-id: 2776xxxxxxx (number obscured obviously)
    x-up-subscriber-cos: mobileGenericPlan,Vodacom,mobilePushEnabledPlan

    This is really unacceptable, and in my opinion, a total breach of privacy.

    Can anyone else confirm what they get with the other service providers?

  2. #2

    Default

    Quote Originally Posted by LightningSux View Post
    I found this article: O2 shares your mobile phone number with every website you visit

    So, I thought - I wonder if any of the South African service providers do this?

    Checking from the link in the article: http://lew.io/headers.php:

    1) Cell C (prepaid - All-In-One R199 voucher) - No

    2) Vodacom (contract): YES! The interesting headers are:
    x-up-calling-line-id: 2776xxxxxxx (number obscured obviously)
    x-up-subscriber-cos: mobileGenericPlan,Vodacom,mobilePushEnabledPlan


    This is really unacceptable, and in my opinion, a total breach of privacy.

    Can anyone else confirm what they get with the other service providers?
    Doesn't say anything like the Vodacom info - MTN contract. Does show phone model
    "The truth is incontrovertible. Malice may attack it, ignorance may deride it, but in the end, there it is."
    Winston Churchill

  3. #3
    Super Grandmaster Elimentals's Avatar
    Join Date
    Dec 2010
    Location
    PE
    Posts
    10,820
    Blog Entries
    8

    Default

    Quote Originally Posted by LightningSux View Post
    2) Vodacom (contract): YES! The interesting headers are:
    x-up-calling-line-id: 2776xxxxxxx (number obscured obviously)
    x-up-subscriber-cos: mobileGenericPlan,Vodacom,mobilePushEnabledPlan

    This is really unacceptable, and in my opinion, a total breach of privacy.

    Can anyone else confirm what they get with the other service providers?
    Well oddly Vodacom pre-paid = no
    .... and thanks for all the fish.

  4. #4
    Super Grandmaster Nerfherder's Avatar
    Join Date
    Apr 2008
    Location
    /\/ŻŻŻŻŻŻ\/\
    Posts
    22,326

    Default

    Vodacom Blackberry 100... no phone number but interesting to see that it reports my browser as Safari ???
    "What can be asserted without proof can be dismissed without proof." ~ Christopher Hitchens

    My idea of "Help from above" is a sniper on a roof.

  5. #5
    Senior Member
    Join Date
    Mar 2008
    Location
    The Great East Rand
    Posts
    133

    Default

    Vodacom prepaid with default network settings (VC proxy enabled):
    x-up-calling-line-id: 2782xxxxxxx
    x-up-subscriber-cos: mobileGenericPlan,Vodacom,mobilePushEnabledPlan

    Same device with VC proxy removed:
    All x-up headers gone...

    Agreed - Total breach of privacy! Thanks VC... Eish!

  6. #6
    Super Grandmaster Elimentals's Avatar
    Join Date
    Dec 2010
    Location
    PE
    Posts
    10,820
    Blog Entries
    8

    Default

    Quote Originally Posted by JAV View Post
    Vodacom prepaid with default network settings (VC proxy enabled):
    x-up-calling-line-id: 2782xxxxxxx
    x-up-subscriber-cos: mobileGenericPlan,Vodacom,mobilePushEnabledPlan

    Same device with VC proxy removed:
    All x-up headers gone...

    Agreed - Total breach of privacy! Thanks VC... Eish!
    Odd mine only gives

    Code:
    Host: lew.io
    User-Agent: Mozilla/5.0 (Ubuntu; X11; Linux x86_64; rv:8.0) Gecko/20100101 Firefox/8.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip, deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    X-Forwarded-For: 41.x.x.x
    Am I missing something or is it only sending the data when you use a phone instead of a PC thats using 3g?
    .... and thanks for all the fish.

  7. #7
    Super Grandmaster HapticSimian's Avatar
    Join Date
    Apr 2007
    Location
    Johannesburg
    Posts
    15,899

    Default

    No such stunts on MTN contract:

    Host: lew.io
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    x-wap-profile: http://www.htcmms.com.tw/Android/Com...ua-profile.xml
    User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.3; en-za; HTC_Sensation_Z710e Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
    Accept-Encoding: gzip,deflate Accept-Language: en-ZA, en-US
    Accept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7
    X-Forwarded-For: 196.xxx.xxx.xxx
    Last edited by HapticSimian; 26-01-2012 at 08:27 AM.
    In the Age of Information
    ignorance is a choice

  8. #8
    Super Grandmaster Elimentals's Avatar
    Join Date
    Dec 2010
    Location
    PE
    Posts
    10,820
    Blog Entries
    8

    Default

    I have a feeling this is initially device related and not the SP's fault, but yeah they should strip it anyway.
    .... and thanks for all the fish.

  9. #9
    Senior Member
    Join Date
    Mar 2008
    Location
    The Great East Rand
    Posts
    133

    Default

    Did some more investigation...

    Using VC proxy with default browser on Samsung GS2 - number is transmitted. Default browser without proxy - no number.

    Different browser (Dolphin) same device - no number transmitted on both connection types...

    On PC with phone tethered via usb using FF - no number transmitted...

    Would seem it is the default browser that is sending the headers.. But agree with Elimentals, SP's probably should check for and strip these headers. But then again, would this be seen as data intercepting? Hmmm...

    Sorry VC!
    "It is difficult to get a man to understand something when his salary depends upon his not understanding it." - Upton Sinclair

  10. #10
    Super Grandmaster Elimentals's Avatar
    Join Date
    Dec 2010
    Location
    PE
    Posts
    10,820
    Blog Entries
    8

    Default

    Quote Originally Posted by JAV View Post
    ...
    Would seem it is the default browser that is sending the headers.. But agree with Elimentals, SP's probably should check for and strip these headers. But then again, would this be seen as data intercepting? Hmmm...

    Sorry VC!
    Technically its part of the network layer in my view, no actual user data in that section. I see it the same as inspecting tcp/ip packet on a statefull firewall so I dont see anything against the law about it.... I might be wrong
    .... and thanks for all the fish.

  11. #11

    Default My phone is sharing my number

    I have found that my phone shares details about me too.

    I am with Vodacom and have a Samsung Galaxy sII. Strangely it only does it if I browse from native browser.

    Either way I set up my own little test which includes MXIT user id which seems to also be the users phone number (not tested please let me know if you have MXIT): http://jeffsdigitalkitchen.co.za/phonetest/

    I also wrote a blog post about it here: http://www.jeffsdigitalkitchen.co.za/cellular-privacy/

    I also found a document of previous user information collected by a South African website which contains a lot of user data include a ton of phone numbers: http://wap.defza.com/ua/ua.txt

    Looking at this you can see that it is pretty much only be Vodacom contract phones. Except for the MXIT data that does not seem to be network specific.

    Does anyone know if this is legal? I shouldn't think it is to be honest.

  12. #12
    Super Grandmaster Elimentals's Avatar
    Join Date
    Dec 2010
    Location
    PE
    Posts
    10,820
    Blog Entries
    8

    Default

    Hmmm can we get a mod to bump this into a VC section so we can get it sorted?

    Or I would actually recommend goofas to post his reply in there as a new thread.
    .... and thanks for all the fish.

  13. #13

    Default

    This is how premium sms spam links where you click on a browser link on your phone and get auto-subscribed work ^ It's a bit old news,just the data breach and privacy laws in EU are now getting more aggressive
    50% off 1 month Afrihost Uncapped here
    Speak to me about Priority after-hours technical support and remote maintenance (Server and Desktop support)

  14. #14

  15. #15
    MyBB Legend
    Join Date
    Jun 2007
    Location
    /\/ŻŻŻŻŻ\/\
    Posts
    32,841
    Any sufficiently advanced technology is indistinguishable from magic. - Arthur C. Clarke

+ Reply to Thread

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •