You should join our great online community now - you can win great prizes
Register now
You should subscribe to our free MyBroadband newsletter


+ Reply to Thread
Page 2 of 2 FirstFirst 12
Results 16 to 28 of 28

Thread: Vodacom is sharing my number with every site I visit from my phone

  1. #16

    Default

    would be quiet funny if goofas is collecting numbers for a marketing scheme lol

  2. #17

    Default

    http://www.theregister.co.uk/2012/01...umber_sharing/


    Why O2 shared your mobile number with the world

    And why they'll probably do similar again
    By Bill Ray • Get more from this author

    Posted in Mobile, 25th January 2012 17:14*GMT
    O2 has been sharing customers' phone numbers with every website they visited, but O2 isn't the only offender - it's just the one that slipped up and got caught.

    The Information Commissioner will investigate, and O2 will be told it should be more careful in future. Punters will be outraged but actually suffer very little as few websites collect unknown HTTP headers like the one in which mobile numbers were embedded. O2 has provided a simplified FAQ, which explains almost nothing - specifically what the operator might do to prevent such a thing happening again.

    To understand how, and why, O2 started leaking customer data one has to realise that mobile networks are very unlike their fixed contemporaries, that they routinely interfere with the web pages sent and received over data connections, and that if they didn't the UK government would step in and force them to do so.

    Delivering customer phone numbers to every website, in the HTTP headers, wasn't a deliberate policy nor some form of conspiracy, just a badly configured proxy that should have removed the data before it left the company's network. Adding the information wasn't the mistake, failing to take it away is what caused the problem.

    How it happened
    Mobile web browsing is different from fixed browsing for one important reason - the network can absolutely, and securely, identify the customer from the SIM card, which opens up lots of opportunities unavailable to fixed ISPs. Once the customer has been identified then services can be automatically billed to that user, allowing seamless payments, and privileged information (such as billing or customer care) can be displayed without needing passwords or user names, most of which is genuinely very useful.

    A mobile phone can't append its number to web requests: most mobile phones don’t know their own number, and even if they did they couldn't be trusted, so the network identifies the user in communication with the SIM, then appends that information to the HTTP headers for use by other servers within the operator's network.

    There's no standard way of doing that. Back in 2010 researchers in Germany found the same information in about 20 different HTTP headers [PDF], sometimes replicated by different systems within one operator's network (two different routers adding the same information, under a different name, entirely unaware of each others' existence).

  3. #18

    Default

    I've tested on a number of handsets / contract types. So far can't reproduce this.

    1. Galaxy Note on VC contract
    2. Galaxy SII on VC contract
    3. Galaxy Y-Pro on VC prepaid
    4. IPhone 4 on VC contract
    5. BB 9700 on VC Topup

    All of the above on native OS browsers
    Last edited by jannievanzyl; 26-01-2012 at 11:58 PM.

  4. #19

    Default

    OK I have been reading around and found a tantalising little research paper from Germany which attempts to explain how this happens. http://www.mulliner.org/collin/acade...0_mulliner.pdf It says a lot of interesting stuff and is worth a read but I particularly wanted to share this picture with you.



    So what these guys are saying is that the data is added when the signal passes through the WAP/HTTP Gateway/Proxy on Vodacom's side. They also note a significantly high occurrence in South Africa within their results.

  5. #20

    Default

    It is based on whether you are using the Vodacom proxy server or not. The proxy server adds the MSISDN to the headers. I know Vodacom4me used the information at one stage to identify you.
    I've not tried it on my current phone, but about 4 years ago on my Nokia - I could see my number.

  6. #21

    Default

    You know I have to be honest I really don't care if Vodacom uses my number to identify me. I don't even care if they share it with 'trusted partners' or whatever. They are going to share that information anyway. I just don't like that anybody with a little bit of coding knowledge (I extract the number with one line of code) can take my number and do as they please with it. Seriously VC you can't encrypt the damn number or something? Use some other unique identifier associated with my sim card?

    Quote Originally Posted by jannievanzyl View Post
    I've tested on a number of handsets / contract types. So far can't reproduce this.
    Try with other people's contracts and phones. Please don't just ignore this because you couldn't replicate it on a handful of devices. I have found at least 20 people (me included obviously) who this is happening to.

  7. #22
    Senior Member
    Join Date
    Mar 2008
    Location
    The Great East Rand
    Posts
    133

    Default

    Checked my wife's Galaxy Y (with the default browser), didn't show the number. Checked and she wasn't connecting through the proxy. Added proxy info, and voila, number appears. Also did a check on an i-Mate PocketPC, same results - number shown when proxy used.

    Seems that the default configuration sent to my phone contained the proxy settings and the one's to my wife's phone didn't.

    Quote Originally Posted by jannievanzyl View Post
    I've tested on a number of handsets / contract types. So far can't reproduce this.

    1. Galaxy Note on VC contract
    2. Galaxy SII on VC contract
    3. Galaxy Y-Pro on VC prepaid
    4. IPhone 4 on VC contract
    5. BB 9700 on VC Topup

    All of the above on native OS browsers
    Check the same devices with the proxy enabled...

    Quote Originally Posted by goofas View Post
    OK I have been reading around and found a tantalising little research paper from Germany which attempts to explain how this happens. http://www.mulliner.org/collin/acade...0_mulliner.pdf It says a lot of interesting stuff and is worth a read but I particularly wanted to share this picture with you.



    So what these guys are saying is that the data is added when the signal passes through the WAP/HTTP Gateway/Proxy on Vodacom's side. They also note a significantly high occurrence in South Africa within their results.
    Makes for some interesting reading... SA the second highest...

    Quote Originally Posted by ColinR View Post
    It is based on whether you are using the Vodacom proxy server or not. The proxy server adds the MSISDN to the headers. I know Vodacom4me used the information at one stage to identify you.
    I've not tried it on my current phone, but about 4 years ago on my Nokia - I could see my number.
    Definitely my conclusion as well! The proxy is adding the headers...
    "It is difficult to get a man to understand something when his salary depends upon his not understanding it." - Upton Sinclair

  8. #23

    Default

    ColinR, JAV. Genius guys thanks so much for figuring that out! Just for reference I turned off my proxy on my galaxy s2 like this:

    Go to your main settings menu: wireless and network / mobile networks / Access point names / Vlive! / Proxy

    Remove the damn proxy.

    Hit my page again to check if it worked: http://www.jeffsdigitalkitchen.co.za/phonetest/

    It did for me.

    I still think Vodacom should sort this out though. I think we can say without a doubt that the Vodacom Proxy server is what is adding the number.

  9. #24
    Senior Member
    Join Date
    Mar 2008
    Location
    The Great East Rand
    Posts
    133

    Default

    I'm quite a stickler when it comes to online privacy (not to mention just giving out my cell number), and this issue has... well... annoyed a bit!

    I know why VC adds the proxy server (just wonder why only now and again though)... but please Vodacom, look into this issue!

    Quote Originally Posted by goofas View Post
    ColinR, JAV. Genius guys thanks so much for figuring that out! ...
    Now let's just hope Vodacom does something about it!
    "It is difficult to get a man to understand something when his salary depends upon his not understanding it." - Upton Sinclair

  10. #25

    Default

    I just stumbled across this post now but i noticed yesterday when trying to access a certain site on my Nokia C7 using the native browser there was a message from Vodacom stating that they need to send my cell number to certain sites for authentication I think and it gave 3 options, send now only, send for 30 days or decline.

    Didn't think much of it till now.

  11. #26

    Default

    Quote Originally Posted by JAV View Post
    I'm quite a stickler when it comes to online privacy (not to mention just giving out my cell number), and this issue has... well... annoyed a bit!

    I know why VC adds the proxy server (just wonder why only now and again though)... but please Vodacom, look into this issue!


    Now let's just hope Vodacom does something about it!
    Escalated it last night already, so the guys are looking into this.

    Will keep you posted.

  12. #27
    Senior Member
    Join Date
    Mar 2008
    Location
    The Great East Rand
    Posts
    133

    Default

    Quote Originally Posted by jannievanzyl View Post
    Escalated it last night already, so the guys are looking into this.

    Will keep you posted.
    Thanx! Much appreciated!
    "It is difficult to get a man to understand something when his salary depends upon his not understanding it." - Upton Sinclair

  13. #28
    Grandmaster
    Join Date
    Jun 2007
    Location
    Home is where the heart is
    Posts
    2,049

    Default

    I remember this happening with MTN'S network years ago. Was very suspicious.

+ Reply to Thread
Page 2 of 2 FirstFirst 12

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •