Protecting your privacy.

Protecting your privacy.

by handy giff-staffer gaffer on ‎30-01-2012 15:01 - last edited on ‎18-12-2013 18:46 by handy giff-staffer zobia22

 

If you’ve been following our forum announcements you’ll have seen that last week a serious data privacy problem was discovered that affected giffgaff members – it meant that the mobile number of giffgaff members was made available to websites in the “header” information that is passed between web servers and mobile handsets during web browsing.

 

The problem affected O2 and some of the partners that use its network, which is why giffgaff was affected, and after being detected on Wednesday morning it was quickly fixed by 2pm on Wednesday afternoon. However, the fault had actually been in place since 10th Jan so any web browsing that our members did since between that date and last Wednesday would have been equally vulnerable.

 

I’d like to reassure all our members that we take data privacy very seriously, and will be working with O2 to ensure that this problem does not re-occur. Like all companies who hold customer data we have a privacy policy that outlines what data we hold and how we use it. We also have a policy of never selling or giving your data to third parties.

 

The fault occurred when some maintenance work meant that mobile numbers were shared with all websites and not special, trusted sites. This has raised some alarm as it not generally known that your mobile number can be shared in this way – although it has been standard practice in the mobile industry for over 10 years and the vast majority of networks work in this way.

 

These trusted sites are ones that need your mobile number to either verify your identity or to bill for content – most ringtone and wallpaper sites work in this way. Our members have been debating whether mobile numbers should be made available in this way – the answer isn’t as straightforward as you might imagine since anytime you call a business without blocking your number that business could very easily log it and use it to call you back or text you (although what they could say to you is quiet restricted under data protection laws - they certainly couldn't sell your number to a 3rd party).

 

My personal view is that mobile number sharing on the web should use the same controls as for voice calls – so if you withhold your number it works for websites too. It would mean that some websites wouldn’t work properly, but then if you withhold your number many people you call will decline to answer. It’s about personal choice after all.

Comments
by kingcabbage on ‎30-01-2012 15:04

Well said.

 

We can't have it all ways.

by turkeyphant on ‎30-01-2012 15:26
Thanks gaffer. What's 100% clear is the following: a) We need a complete list of your "trusted" sites. b) We need the ability to turn this on and off at your soonest convenience.
by iceqntrider on ‎30-01-2012 15:56

"what they could say to you is quiet restricted under data protection laws"

 

Pardon? You'll have to speak up, I'm hard of hearing don't you know! :smileywink:

 

What, in the world, is "quiet restricted"? :smileyindifferent:

by adsyrah on ‎30-01-2012 16:25

gaffer wrote:

 

My personal view is that mobile number sharing on the web should use the same controls as for voice calls – so if you withhold your number it works for websites too. It would mean that some websites wouldn’t work properly, but then if you withhold your number many people you call will decline to answer. It’s about personal choice after all.



That's all well and good, but what are Giffgaff going to do about it?

 

Are they demanding O2 put this functionality into their infrastructure? Is there a way we can block our numbers already? There's a lot of hot air being banded around but very little in terms of decisive action.

by olie122333 on ‎30-01-2012 16:27

Did this affect Tesco Mobile, too? (Being another MNVO of O2)

by mbthapa25 on ‎30-01-2012 16:34

i think any netowrk that used o2's network will most probably have been affected, so tesco too should have been affected

by stealthybigboss2 on ‎30-01-2012 19:19
thanks for this blog post!
by oldyorkie on ‎30-01-2012 19:44

Thanks gaffer for posting this. Appreciate the issues you are pointing out - almost the same statement that was issued by 02 themselves- but then it's to be expected being the general R.O.T that telephone service providers work by.

 

But like iceqntrider has asked .... what is "quiet restricted"??

 

I have read that statement over and over, but it makes no sense to me at all -- please can you explain?

by iceqntrider on ‎30-01-2012 20:01

Hi oldyorkie,

 

Are you serious? :smileyindifferent: I was trying to be ironic...:smileyfrustrated:

 

It should read: 

"what they could say to you is quite restricted under data protection laws"

I was pointing out that the gaffer probably has more important things on his mind, than being able to spell "quite", at this moment in time... :smileywink:
by oldyorkie ‎30-01-2012 20:16 - edited ‎30-01-2012 20:17

Na mate ....seriously wood and trees bud ..... :smileyvery-happy::smileyvery-happy:

 

honestly read it "as is" ...:smileyvery-happy: ,,,feeling rather stupid now,,,,:smileytongue:

 

Thanks for putting me straight ....:smileyembarrassed:

Looking for something?

Join giffgaff
  • For only £10 a month:

    • 500 minutes
    • Unlimited texts
    • 1 GB Internet
    • Free calls to giffgaff