A story has surfaced today which is very concerning.  If you are using the O2 mobile network in the UK you are sending your mobile phone number to every website you visit using the mobile phone.  This means website developers can grab your number without your consent!

UPDATE:  O2 have now rectified the problem and apologise.  The issue was evident from 10 January 2011 and fixed at 2pm today.  The full detail in their blog post.  This does make a mockery of the "O2 Guru" who implied it was normal to send your mobile number (see later in this post).

As a proof of concept I pulled together a simple web page to show your mobile number.  I wanted to write my own code to ensure there were no smoke and mirrors involved.  In fact it took one line of code to get the number!   Please be assured I am not storing your number, simply displaying it. http://theonlycog.com/o2header.php

Make sure you are on O2 UK and are using the data connection, not Wifi.  You should then see your mobile number. This is also the case if you are on Tesco mobile or GiffGaff (both use O2 UK).

There seems no reason why O2 should do this, in fact they may be contravening  Data Protection laws by sharing your private data without your consent!

Lewis Pecker, who discovered the flaw, asked O2 why -- their response is quite wrong!

The mobile number in the HTML is linked to how the site determines that your browsing from a mobile device

If O2 come up with a sensible reply, or even better a fix, I will update the story.  For now, surf as much as you can using WiFi and your mobile number will not be inserted by O2!

Other UK network do not seem to send your mobile number.

site by DAJ