British cellphone carrier O2 appears to be sending customers' cellphone numbers in HTTP header traffic, inserting the info in data sent to websites over O2's connection. Lewis Peckover discovered the problem this week and setup a website to document it. The site allows O2 users in the UK to check to see whether their number is being sent along with HTTP traffic. We have confirmed the issue on two O2 numbers in the UK, and our testing with other networks indicates it is isolated to O2. Orange, Three and Vodafone were unaffected in our tests.
O2 says it is "investigating this at the moment and will update everyone as soon as [it] can," but customers have reacted in anger on Twitter this morning. The issue appears to stem from O2's use of transparent proxies, common for cellphone network providers. The proxies allow firms to balance network load, but carriers typically inject a unique identifier into HTTP headers to help webmasters identify visitors with non-personal information. We're waiting to hear more from O2 on the matter, and we'll update you accordingly.
Update: Commenters point out that O2's Mobile Virtual Network Operators (MVNO) — GiffGaff and Tesco Mobile — are affected by the phone number sharing problem too.
Update 2: Pocket-lint notes that you can stop broadcasting your number by switching to the following settings:
APN: mobile.o2.co.uk
Username: bypass
Password: password
Update 3: Lewis Peckover believes O2 may have resolved the issue. We're waiting for an official confirmation from the mobile operator.
Update 4: O2 has confirmed it fixed the problem at 2PM GMT today. The issue affected customers accessing the internet via their mobile phone on 3G or WAP services, between January 10th and 2PM GMT on Wednesday January 25th, and occurred as a result of technical changes in routine maintenance.
Thanks, Liam Gladdy!