Is it time to subscribe to a printer service from HP?

Ever since my dad brought home an...

What’s the best way of buying a phone today?

How did you buy your latest phone?...

MWC: What device highlights did you miss?

So, early last week I predicted that...

Watch how this one plays out: o2 sending mobile numbers to every website you visit

There’s a mini firestorm brewing this morning around o2 UK. Earlier this morning, Matt Brian over at The Next Web broke the story about a ridiculously shocking privacy breach by o2.

Here’s a bit of Matt’s story:

If you reside in the UK and you are one of the millions of subscribers to mobile operator O2, you may be alarmed to learn that the carrier is sending your mobile number to every website you visit on your mobile phone.

The issue was brought to our attention by Lewis Peckover, who created a simple webpage to check the information that a mobile browser would send to a website when it requested data.

The story is still developing, however it’s clear that o2 has been passing your phone number to every website you visit. It’s passed in the headers — which most sites will ignore. Indeed, if your server isn’t looking for the field, then it’ll simply ignore it.

This is clearly a mistake and certainly not normal practice. If anything, I suspect it’s a misconfiguration or a standard configuration on a particular server, gateway or system at o2.

o2 will be horrified.

It’s going to be fascinating to see how they handle this. People are still hugely attached to their perceived privacy and the knowledge that every website you’ve visited via your phone could have retrieved your phone number will be massively discomforting.

The real problem is if the mainstream media pick it up. It looks like a bit of a slow news day — and it’s a terribly sexy issue, this, especially in the context of phone hacking. The headlines boiled down will make highly frustrating reading. I wouldn’t be surprised to see headlines like, “o2 exposes your phone number to every website” or “o2 gives your phone number to spammers” appearing shortly in the mainstream press.

o2 need to respond very, very quickly. I think they’ve got until midday to deliver a formal response. It’s 11am now. After midday the story could potentially gravitate from a Twitter firestorm into mainstream consciousness.

Can you imagine the implications of an adult website claiming that [insert famous person here] has visited their site 100 times in the last 2 days — and they’ve got the logs to prove it? Ooof!

What should o2 do?

Well I think that depends on how the media treat the issue. If it’s picked up by the Daily Mail anywhere near their front page, then they’ll need a mega response. Definitely.

Normal mobile users on o2 reading the story will go nuts. Folk will want to do something in response to the perceived privacy invasion, even if it didn’t actually affect them. The first instinct will be to cancel the line and churn to another network. The next instinct will be some kind of recompense — a free credit, some extra text messages or something like that. Quite possibly legions of users will demand that their phone numbers be changed.

Goodness me. It’s a bit of a mess.

There’s not much o2 can do, I don’t think, that would appease me as a normal user. I’d probably react very, very negatively to a £5 credit offer (“Is that what my privacy is worth?”).

The underlying issue here is the break down of trust that many o2 consumers will feel when they read the news. I think o2 should act decisively, positively — and if anything, they should over-react. Do everything. Offer everything. And put the CEO or a C-Level executive on camera right-away to speak to the media.

Of course we’re going to want to know how long this flaw has been live on the o2 systems; how many users have been potentially compromised and so on. That could take days to determine. So an immediate response is required now and then hourly updates should be issued throughout today and, say, tomorrow, until all the information is in o2’s hands.

We shall see.

If anyone can handle this kind of challenge, it’s o2. The team there are seriously capable. If anything, I think they could possibly use this as an opportunity to engage brilliantly with their customers and boost loyalty even more.

Bring it on, o2!

Update: Matt is back with a related post — How O2 could unwittingly help spammers conduct a nasty phishing campaign that’s worth a read.

Update 2: o2 has posted a public announcement on the matter (thanks Adrian)

11 COMMENTS

  1. Good luck o2. You’re going to need it..

    Seriously though, I don’t see why a mobile ISP should feel they have the right to alter HTTP produced on my device just because it goes through their network. Replacing image links to downscaled copies and inserting JS into pages is a shithead’s activity.

  2. Well…. Yet more proof that O2 are screw ups. In my eyes, their customer service advisors know very little when try’na sort out account issues. In past experience it’s the most un relable UK network. I’ve axed my PAYG account I opened with them last September [to have the international bolt on, irish phone number bolt on] ‘cos all they & the system did was screw up. This just proves that they are careless. Glad they are not my main provider!

  3. One of the interesting outcomes of this of course is that O2 have done nothing that we, as consumers, have already agreed to as it it all contained within the T&C’s of the contract that none of us ever really bother reading. Additionally, what has happened is not illegal as they have not, under the terms of various Data Privacy legislation, actually broken any rules. 

    I do wonder though how many of their 25m+ subscribers actually care or is this once again a tech storm in a teacup? Of course, for the technorati, the media (I have no doubt that Charles Arthur will write about it) and those on the far right of privacy, it is a PR disaster. I am now of course wondering if Vodafone, with whom I have my company contract as well as all my personal devices, do the same!

  4. Who are better at CS in the mobile space then?  I’ve not dealt with T-Mobile, Orange were great when I was with them, Vodafone & Three SUCK BIG TIME.  I’ve always found O2 to be pleasant to deal with.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recently Published

Is it time to subscribe to a printer service from HP?

Ever since my dad brought home an HP LaserJet printer (version 3, if memory serves), I have been printing with an HP. Over the...

What’s the best way of buying a phone today?

How did you buy your latest phone? I'm asking because I'm thinking about what I should be doing. When I was living in Oman, I...

MWC: What device highlights did you miss?

So, early last week I predicted that next to nothing from Mobile World Congress would break through into the mainstream media. I was right,...

How Wireless Will Pave the Path to Neobank Profitability

I'm delighted to bring you an opinion piece from Rafa Plantier at Gigs.com. I think it's particularly relevant given the recent eSIM news from...

An end of an era: Vodafone UK turns off 3G services

I thought it was worthwhile highlighting this one from the Vodafone UK team. For so long - for what feels like years, seeing the...

Mobile World Congress: Did the mainstream media notice?

I resolved this year to make sure I wrote something - anything - about Mobile World Congress, the huge mobile industry trade show taking...