Alex headshot

AlBlue’s Blog

Macs, Modularity and More

Oh dear oh dear O2

2012, crap

Today hasn’t been a good day, all in all. No sooner than I had posted on the depressing state that is Google- than O2 disclose that they are sending my mobile number through to any website that I care to navigate to via my iPhone’s data connection.

The fact that it was discovered today led to a veritable twitstorm on the O2 twitter feed, and the eventual blog post seemed fairly contrite as to the reasons behind it. They put it to a configuration error which accidentally led to the phone number being sent to more sites than they had intended.

This doesn’t excuse the fact that there is no reason for O2 to be sending my phone number to anyone, whether they intended it or not. I don’t see why my phone number is necessary – as they put it – to verify my age for certain sites. And it’s not like such a header couldn’t trivially be faked, nor of a phone number being any kind of guarantee of an age in any case (unless they’re also sending a lot more data to those allegedly trusted providers as well).

They claim that this is “standard practice” in the industry, which makes you wonder how many other internet data providers are doing much the same thing, except they haven’t cocked it up as badly as O2 have yet. It was also instructive to find out that O2 are mangling data that goes through their network; for example, this blog post highlights how O2 are in-lining style information causing semantic errors in the page itself. You can determine it for yourself by going to http://mnementh.csi.cam.ac.uk/atimport/ – if you see a red background with “Test” on it then it works as expected; however, if you browse it from an O2 equipped data phone then you’ll see they have in-lined the referred CSS then it will read “If this text renders in a browser then something is very broken.”

Perhaps the best thing to come out of this is the highlight on the practices that O2 are doing, and encourage the use of a VPN connection to a server which is not going to cause any further problems. O2, it seems, cannot be trusted with my business and therefore I will have to take it into my own hands.