Knowledge Base
Community

Mobile Number Information Issue [25/01/12] [Resolved]

Started by: craig_t
On: 25/01/2012 | 12:26
Replies: 295
Reply

by: cbh1948
on: 25/01/2012 | 12:45

@hc_1540 wrote:

 

And by the way, this is an O2 issue and should always be referred to as such. While gg uses the O2 network, it has no responsibility for the pieces of kit that are causing this to happen.



Are you absolutely sure about that?  I understand that the problem ultimately rests with o2; however, as I've mentioned in previous posts, I very much doubt that giffgaff can contract out of its obligations to us under the Data Protection Act.  They would have to take reasonable steps to show that they had reason to believe that our information was being protected.  Of course, o2 will inturn be liable to giffgaff.*

 

* I'm not a lawyer (although do have a legal background) and do not have any firm knowledge of the DPA.  However, from some of the links I have posted it does look as though giffgaff are responsible to its customers.

Get a free Giffgaff Sim
Message 89 of 296
by: oldyorkie
on: 25/01/2012 | 12:47

Update on Sky News 30mins ago ....

 

Data protection watchdog, the Information Commissioner's Office said in a statement: "When people visit a website via their mobile phone they would not expect their number to be made available to that website.

"We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed."

 

We watch and wait ... but ultimately 02 to blame and not gg until can be proved otherwise...

I'm not too concerned ...yet...

To Read is To Learn - go on - give it a try Smiley Wink
Teamwork is essential - it gives the enemy someone else to shoot at Smiley TongueGet a free giffgaff Simsignature 1.jpg
Message 91 of 296
by: kurik
on: 25/01/2012 | 12:49
Thanks Craig. Please could you keep us updated on this very important matter. I'm very uncomfortable about this.
Message 94 of 296
by: cgimusic
on: 25/01/2012 | 12:49

This is insane. Now we really need a bypass for O2's HTTP proxy. O2 users get one, why don't we?

Message 95 of 296
by: hc_1540
on: 25/01/2012 | 12:53

@cbh1948 wrote:

@hc_1540 wrote:

 

And by the way, this is an O2 issue and should always be referred to as such. While gg uses the O2 network, it has no responsibility for the pieces of kit that are causing this to happen.



Are you absolutely sure about that?  I understand that the problem ultimately rests with o2; however, as I've mentioned in previous posts, I very much doubt that giffgaff can contract out of its obligations to us under the Data Protection Act.  They would have to take reasonable steps to show that they had reason to believe that our information was being protected.  Of course, o2 will inturn be liable to giffgaff.*

 

* I'm not a lawyer (although do have a legal background) and do not have any firm knowledge of the DPA.  However, from some of the links I have posted it does look as though giffgaff are responsible to its customers.


It is an O2 issue as gg doesn't own/manage the underlying infrastructure. Having said that, gg will still need to handle any issues/complaints as a result of this which they will then pass straight to O2.

 

The point I'm trying to make is that this is not due to any action/inaction on gg part and that needs to be made clear. It seems the various articles that are circulating are being clear on this distinction (the Engadget one being a good example), we as a Community need to be clear as well.

Get a free giffgaff Sim
Message 99 of 296
by: craig_t
former giff-staffer

on: 25/01/2012 | 12:53

Afternoon,

 

We've got a service thread update on this here - so I'll be locking this thread (potentially doing a merge) so we can both discuss and update you on this in one place.

 

Kind regards,

 

--craig

-Into The West-

Play League of Legends free
Message 100 of 296
by: severian
on: 25/01/2012 | 13:35 edited: 25/01/2012 | 13:39

@dteg wrote:

Don't worry, random websites won't have it. Only websites specifically set to record all the information about visitors would, and there's so much garbage in a web request it would probably make the servers explode to retain it all Smiley Happy

 

As standard, the visitor information collected by websites does not include this field - usually just IP address, page linked from, and the make of web browser.



How does anyone know what websites have been trawling for this data though?  If this has been a known issue in security circles for years then other less savoury types will have known about it as well.  You only have to look at things like Phorm or the many sites found tracking every other site you visit via cookies or other means to know that the internet is full of people who are happy to hoover up any and all information about you.  I only give my mobile number to close friends and family, everyone else gets a disposable forwarding number.  The idea that O2 have been publically broadcasting my number to every website I visit is appalling.

 

I think it would be handy if giffgaff could offer advice on how we would go about submitting a formal complaint to O2 as giffgaff customers.

Message 167 of 296
Highlighted
by: kinghbill
on: 25/01/2012 | 13:35
Good to see, on going issuse and updates.
PM Me for a Ipad/Iphone 4 Micro SIM or for a normal sim Click below Get a free giffgaff Sim
Message 168 of 296
by: andy0
on: 25/01/2012 | 13:40

@j_lowey wrote:

@dteg wrote:
Standard server logs simply do not record this information - even though they can, it's hardly worth it for one carrier in the world.


Take a look at this: http://www.mulliner.org/collin/academic/publications/icin2010_mulliner.pdf

 

It's definitely not just one carrier in the world. The difference is that a lot of them seem to have fixed it since that security researcher published papers and did talks about it in 2009 and 2010.



Interesting.

 

I must admit I've been tempted in the last hour or two to try this with one or two foreign SIM cards, but I haven't got round to it yet. 

Message 169 of 296
by: turkeyphant
on: 25/01/2012 | 13:42
Please let us know what you find, andy Smiley Happy
Message 170 of 296