Watch how this one plays out: o2 sending mobile numbers to every website you visit

There’s a mini firestorm brewing this morning around o2 UK. Earlier this morning, Matt Brian over at The Next Web broke the story about a ridiculously shocking privacy breach by o2.

Here’s a bit of Matt’s story:

If you reside in the UK and you are one of the millions of subscribers to mobile operator O2, you may be alarmed to learn that the carrier is sending your mobile number to every website you visit on your mobile phone.

The issue was brought to our attention by Lewis Peckover, who created a simple webpage to check the information that a mobile browser would send to a website when it requested data.

The story is still developing, however it’s clear that o2 has been passing your phone number to every website you visit. It’s passed in the headers — which most sites will ignore. Indeed, if your server isn’t looking for the field, then it’ll simply ignore it.

This is clearly a mistake and certainly not normal practice. If anything, I suspect it’s a misconfiguration or a standard configuration on a particular server, gateway or system at o2.

o2 will be horrified.

It’s going to be fascinating to see how they handle this. People are still hugely attached to their perceived privacy and the knowledge that every website you’ve visited via your phone could have retrieved your phone number will be massively discomforting.

The real problem is if the mainstream media pick it up. It looks like a bit of a slow news day — and it’s a terribly sexy issue, this, especially in the context of phone hacking. The headlines boiled down will make highly frustrating reading. I wouldn’t be surprised to see headlines like, “o2 exposes your phone number to every website” or “o2 gives your phone number to spammers” appearing shortly in the mainstream press.

o2 need to respond very, very quickly. I think they’ve got until midday to deliver a formal response. It’s 11am now. After midday the story could potentially gravitate from a Twitter firestorm into mainstream consciousness.

Can you imagine the implications of an adult website claiming that [insert famous person here] has visited their site 100 times in the last 2 days — and they’ve got the logs to prove it? Ooof!

What should o2 do?

Well I think that depends on how the media treat the issue. If it’s picked up by the Daily Mail anywhere near their front page, then they’ll need a mega response. Definitely.

Normal mobile users on o2 reading the story will go nuts. Folk will want to do something in response to the perceived privacy invasion, even if it didn’t actually affect them. The first instinct will be to cancel the line and churn to another network. The next instinct will be some kind of recompense — a free credit, some extra text messages or something like that. Quite possibly legions of users will demand that their phone numbers be changed.

Goodness me. It’s a bit of a mess.

There’s not much o2 can do, I don’t think, that would appease me as a normal user. I’d probably react very, very negatively to a £5 credit offer (“Is that what my privacy is worth?”).

The underlying issue here is the break down of trust that many o2 consumers will feel when they read the news. I think o2 should act decisively, positively — and if anything, they should over-react. Do everything. Offer everything. And put the CEO or a C-Level executive on camera right-away to speak to the media.

Of course we’re going to want to know how long this flaw has been live on the o2 systems; how many users have been potentially compromised and so on. That could take days to determine. So an immediate response is required now and then hourly updates should be issued throughout today and, say, tomorrow, until all the information is in o2’s hands.

We shall see.

If anyone can handle this kind of challenge, it’s o2. The team there are seriously capable. If anything, I think they could possibly use this as an opportunity to engage brilliantly with their customers and boost loyalty even more.

Bring it on, o2!

Update: Matt is back with a related post — How O2 could unwittingly help spammers conduct a nasty phishing campaign that’s worth a read.

Update 2: o2 has posted a public announcement on the matter (thanks Adrian)

Recently Published

“Apple will only sell 100,000 of their headsets in the first year” Really?

BGR reports a TrendForce estimate that Apple will sell 100k units of their new headset when released and says “but that’s still a big...

The BlackBerry Movie: Worth a look, but it’s heavy on fiction

I went to see the BlackBerry movie last night here in Dubai. I was astonished to find the movie theatre almost full, apart from...

Question: When is the only time a traffic jam is good news in the UK?

Answer: When you're sitting in the back of an Uber and you need reliable mobile signal. Boom! Sad, isn't it, dear reader? Travel all around...

Ah yes, an S23 with a BlackBerry Bold Keyboard: Exactly what I (think) I need

I was playing with Midjourney, the AI/photo generation service and I asked it to show me what a Samsung S23 would look like with...

It’s ok, your moon photos aren’t fake, they are just enhanced – quite a bit

Have you taken a photo of the moon recently? I almost did, the other day, when I spotted a fabulous moment here in Dubai....

Don’t move! You’ll jinx it! This looks like a tiny bit of innovation in the mobile world

It has been quite a while since I’ve seen anything in the mobile industry that’s caused me to want to write much. Just look...