If you’ve been following our forum announcements you’ll have seen that last week a serious data privacy problem was discovered that affected giffgaff members – it meant that the mobile number of giffgaff members was made available to websites in the “header” information that is passed between web servers and mobile handsets during web browsing.
The problem affected O2 and some of the partners that use its network, which is why giffgaff was affected, and after being detected on Wednesday morning it was quickly fixed by 2pm on Wednesday afternoon. However, the fault had actually been in place since 10th Jan so any web browsing that our members did since between that date and last Wednesday would have been equally vulnerable.
The fault occurred when some maintenance work meant that mobile numbers were shared with all websites and not special, trusted sites. This has raised some alarm as it not generally known that your mobile number can be shared in this way – although it has been standard practice in the mobile industry for over 10 years and the vast majority of networks work in this way.
These trusted sites are ones that need your mobile number to either verify your identity or to bill for content – most ringtone and wallpaper sites work in this way. Our members have been debating whether mobile numbers should be made available in this way – the answer isn’t as straightforward as you might imagine since anytime you call a business without blocking your number that business could very easily log it and use it to call you back or text you (although what they could say to you is quiet restricted under data protection laws - they certainly couldn't sell your number to a 3rd party).
My personal view is that mobile number sharing on the web should use the same controls as for voice calls – so if you withhold your number it works for websites too. It would mean that some websites wouldn’t work properly, but then if you withhold your number many people you call will decline to answer. It’s about personal choice after all.