Slashdot Mirror
Sprint Web Phones Leak Users' Phone Numbers
Anonymous Coward writes: "Tasty Bits From the Technology Front says that Sprint PCS phones leak your phone number when browsing the Web. The unique ID number each phone has to help assure privacy is ... your phone number." (And TBTF is a good read anyhow.)
There's a much longer article on this here.
-------------------
-------------------
This is my SIG. There are many like it, but this one is mine.
This is nothing new. I have a Sprint PCS Phone (Samsung 3500, great phone!) and I wrote a little perl script which checks my IMAP mail. While doing that I found lots of resources at phone.com. They have example perl scripts included in their development tools which show you everything your phone gives away.
(If there is interest in the IMAP mail checking script for HDML phones, let me know.)
Scuse me? Why do so many people think that a cell phone is a good medium from which to browse the web? I think wireless is _awesome_ for things like monitoring and notification, but, really, most of those phones have like 10x20 screens.. I don't really think that's "browsing' Size.. Sure, you can get some stock quotes or something..
:P
Does anyone else wonder if the over-hyping of everything internet related will die down any time soon, and just become another information medium?
Does anyone else PRAY for it every day?
--
blue
i browse at -1 because they're funnier than you are.
An international Uber-corporation violating it's privacy policy - DEAR GOD! we must contain these types of problems before they spread, and other companies get the same ideas!!!
LMAO!
-FluX
-------------------------
Your Ad Here!
-------------------------
"It is seldom that liberty of any kind is lost all at once." -David Hume
My experience with Sprint PCS and the 'Wireless Web':
It costs a lot (at least when I used it) about 35 cents a minute, with a minute minimum. I would logon, schlep through the crappy four line text menus only to get to a 'this feature coming soon' message. 35 cents down the drain.
It is almost unusable. Do you want to order a book from Amazon after going 19 levels deep in a text menu, typing your credit card number and address on a numeric keypad? gimme a break.
The features you would want just aren't there. How about a user customizable 'home page'. Quick shortcuts to stock quotes, weather, news briefs, sports scores - nope, have to navigate the menu system to get anywhere. Usability testing - anyone, anyone?
Spring PCS service just sucks period. At least in Chicago. My phone dropped nearly half the calls I made, and failed to ring on incoming calls more times than I care to count.
Just avoid Sprint period. My terrible experience with them just makes me laugh at the irony of their TV adds. 'Crystal Clear'? Can't they be sued for outright lies?
-josh
On the other hand, the damn thing doesn't work half the time, giving all kinds of arcane errors.
Sure, I once spent $3.50 browsing through amazon, but it would have taken me about $5.00 just to enter my address and credit card number. thanks but no thanks Sprint.
Want to work at Transmeta? Hedgefund.net? Priceline?
Can your IM do this?
And the only one that counts is "Microsoft". Yeah, it's probably a coincidence, but it does seem odd that this would happen just when MS is gearing up their new web-phone strategy. Their Spring holdings will lose some value, but not much, and to MS the affect on consumer thinking will be worth a billion or so dollars more. In the coming weeks, you can expect to see a lot more "freak malfunctions" in the telecom industry, all tending to convince people that the old tech doesn't work.
If you ask me, it's a bit disgusting: Peoples' security is being compromised, just for the sake of helping somebody's marketing strategy. Oh, well, that's capitalism! Anything goes, as long as it makes a buck.
Imagine if someone tries to hack your server using one of these accounts. You could give him/her a call, and congratulate them on trying...
JB
Feed The Need[goatse.cx]
And analog works in more places than digital. And when reception is bad, analog might cut in and out but still be understandable. Poor reception on digital breaks up into an unintelligible buzzing rasping noise, that often does not recover, unlike with analog. And what's with the tinyness of new phones? I see people constantly shifting microsized cell phones from ear to mouth to ear to mouth to ear to... There is such a thing as too small. I love my old Mot flip phone. Always works. When the company switched to these LGI pieces of crap, we had to swap 'em out 3 times cause some of them kept quietly going into 'roam mode' afterwhich no calls could be mace or received, until you rebooted the phone. Yeesh. It's just like a PC.
1. If you can find someone else's unique ID (easy because they used the phone number), you can get them in trouble by impersonating them to websites.
2. Websites can track you without cookies - and this includes tracking across websites.
No, Sprint needs to set up a proxy that gives a number unique to each website by which Sprint can track abusers.
--
The shareholder is always right.
In a nutshell:
They said that they have a agreement with websites that they won't use the phone number for telemarketing. I don't remember getting asked, do you?
The other good reason not to use a cell phone is it's inherent trackability. But this is less publicized.
...is if it turned out they were transmitting both halves of the MIN/ESN pair, and thereby providing instant cloneability for anyone with access to the server logs.
OTOH, I'm sure that will happen at some point soon anyway.
spawn_of_yog_sothoth
I have and use Sprint PCS. And the phone I use the Denso Touchpoint, the phone used to launch these services in the US. I am extremely satisfied with the voice service. I rarely have a problem with signal getting through, and it's a dual-band phone, which means I can switch to analog if digital doesn't get through. Above all, I have been most impressed with the quality of calls. Back to the topic, I did manage to rack up more than $20 in the first month playing around with the web.
The service can be extremely useful and useless at the same time. All depends on how you want to use the service because of the weakness of the software used to browse. I found it was awesome for 3 main uses. First is stock and news information. It was easy enough to use the phone get this information from CNN and Yahoo!. Second, I found that the Mapquest can be useful. Although it can be cumbersome to use, it could serve a purpose to get direction from zip code to zip code or from address to address. But what impressed me the most was Yahoo!'s personalized services. You can check your email from the phone and even get access to a web scheduler or something like that (didn't bother exploring it).
Overall, the service is cool, until you consider the alternatives. It's a pain the ass to even log in considering you have to punch the buttons 16 times for an 8 letter login. I've also seen those RIM two-way pagers in action, and got damn can it do so much more so much faster. As much as people are screaming about the need for better screens and speed, until there is a way to input with something over than keypad these things will remain only toys.
Thank you for pointing this out--not enough people are aware of it.
What most folks don't seem to realize is that no new legislation or technology is required for a cell phone provider to get a fix on your location: *they already have this ability*. All they need to do is triangulate based on the relative signal strength received from two or more nearby towers.
This happens all the time in "emergency" situations; the only reason it's not (yet) a big deal is because the technology is being used to rescue people in danger, rather than, say, to track down and silence thought-criminals.
So far as you know.
spawn_of_yog_sothoth
The difference between a cell phone that can surf the web and one that doesn't is probably a $0.50 computer chip. If there's any difference at all. Sure it might not be the BEST idea. Sure there are probably better solutions down the road. But what's the problem if the carriers want to give you MORE capability with your existing hardware? Isn't that classic geek?
I complained to SprintPCS in February about this problem. If you'd like to hear about my saga and also run a script to test your phone for this privacy problem, see http://snafu.fooworld.org/~fubob/ hdmlprivacy.html.
It does not use triangulation algorithm. It uses some sort of hyperbolic curvature algorithm based on signal strength and the location of the cell you are currently in and can be done with only one base tranceiver station. Trust me I work with the elves!
Isn't putting the phrase "Unique ID number" next to "privacy" a contradiction?
Sprint seems to have a skewed idea of privacy...
Anonymity is privacy!
-An Anonymous CowHerd.
Don't get all giddy yet. I have some concerns. Wireless carriers have a direct monitary incentive to compell you to use on-line services so they can get their 90 cents a minute. On-line services have an interest in having whatever personal information they can get through your patronage. I'm also sure there are several government agencies, commercial entities, etc, that would love to know where you are, where you're going, and who you're going to meet. The possibilities range from the most innocent (showing you a banner ad for someplace you're going to pass near, remember the Ericcson Banner Ad article a couple days ago?) to the most egregious (i.e., everything Big Brother wants to know, you give without even thinking about it). If I've thought about it, you can bet that smarter people with power and influence have thought about it too.
You're probably thinking to yourself how far fetched this is. Is it that far-fetched? If a phone is giving up your phone number to every web site it visits, all someone needs to do is connect that phone number to whoever the owner is. The comment I'm replying to mentioned that Yahoo has a personal scheduler service on-line and accessible from web-browsing phones. If you're asking a site for directions from Point A to Point B, chances are, you're either at Point A, or will soon be at Point B. What better way to keep tabs on people's activities then to have their phone number associated with personal information you deposit in centralized computer systems? As is it now, you can already be somewhat tracked down by carrying your cell phone when it's turned on.
I see two possibilities: A) Phones will become simply wireless phone that double as a decent portible web terminal with better displays and input options, or B) Phones will become a combination of a wireless phone and a powerful PDA as well as a great solution for mobile web browsing.
Of course, solution A offers more profit and more power then option B. So naturally, which option do you think we'll get offered?
--
Intelligence is definitely a recessive trait.
I'm the person that runs the Uplink servers for AT&T. (Uplink = Phone.com phone gateway software)
AT&T is doing it right. We don't use phone numbers for subscriber IDs.
Thou I do tend to use phone numbers for my test phones.
Phones never talk to any web site directly, they use a proxy agent.
The IP that is logged shows the agent IP, not the cell phone.
Alot of posts bashing sprint. Just some quick information about Sprint vs. AT&T Wireless.
Sprint uses on their own network and charges per kilobyte of SMS traffic.
AT&T has roaming agreements with other cdpd carriers. (Larger coverage area)
AT&T also has an unlimited usage plan.
As for the phones being usable. They are not over hyped.
You can view html web sites, but hdml and wap/wml/wml+ sites are native to the phone. (No translation needed.)
Some of the interesting things you can use them for, Email, Info services (news, stocks, sports scores, phone book, fax, games), customized apps (Server status, ping, traceroute, circuit testing...), e-commerce (flowers, food, movie tickets), and on and on..
One of the hottest usages are for dispatch customers. Check your next delivery, pickup, work order, etc...
At work we can access our Exchange server to read our email and view our calendars. (This is priceless in a large company.)
Most configuration for phones are done with a personalized web site. You use your personal computers web browser too setup your Email, Bookmarks, Calendar (sync to your exchange, notes, schedule+, etc.)
Hookup a special cable to your internet phone and make your laptop wireless.
If you just want the one piece wireless solution, get a sierra wireless air card (pc card).
You need to think of the internet phone as a PDA. Extend your office, have quick access to your information. The biggest mistake I see people do is try to replace their laptop.
IMHO,
-Brook Harty
(All comments are my own and not the opinion of AT&T Wireless.)
PS. Whats the largest IPO ever? AT&T Wireless.
When resources and connectivity is what you pay for, and not airtime(like flat rate fees for normal phones) what you can get is a mixed voice activated PDA/cell/thingy
You speak into the phone, it transmits to a processing center, does the appropriate action, and sends you back data.
Of course, this does nothing for privacy, but is loads faster when trying to, say, browse a map, or find a restaurant, etc.
Why put any processing power into a cell phone when it is already a wireless device?
-AS
-AS
*Pikachu*
This was reported by HackerNewsNetwork.com a few days ago. Apparently (according to hackernewnetwork.com) Sprint intends to change their policy. Check out the article.
Distance (well, not really, but lag) is allready calculated for GSM/PCS/PCN AFAIK.
:)
The deal is that with TDMA there are several 'slots' in a given 'channel' for handsets to communicate. What is happening is that there are (IIRC) 4 slots of about 20ms, and each handset grabs one and transmits during this window only. Now for the signals from potentially four handsets on a given 'channel' speaking with a base station from different distances to arrive at the correct time (with no overlap) the protocol *has* to take into account the speed of light which is not infinite, compute the lag, and ensure that the handsets broadcast that little bit earlier for everything to work.
What this means is that the base station allready knows with great accuracy the distance of a handset from it. The rest is trivial I guess. They allready track cellphones that are switched on from cell to cell (so that they know how to route the calls), and while you are actually making a call they know your exact location - I wouldn't be surprised if there was a way for the base station to initiate a 'trace' without you having to make a call. That would simplify matters greatly for the powers that be
-W
If you're looking for a way to comunicate with clients, family and friends while on the go, I think you'll have better "crystal clear digital clarity" if you put your message on a wadded up spit ball and did a 'drive-by straw-spit' on their house.
On a lighter side, I really had to laugh at the headline and it's use of the word "Leak": Sprint Web Phones Leak Users' Phone Numbers
As if to imply: "those pesky little phone numbers wouldn't leak out onto every server log on the net if it wasn't for that hole on the bottom of the router." Perhaps if we tried asking the little dutch boy to come along and put his finger in the leak, we could prevent this leaking travesty from befauling inosent Sprint and it's happy users.
It's a molicious attempt to make money from the tracking data on a conection that the user pays for at the expense of privacy, and it's wrong.
_________________________
The privacy thing is a bit worrisome, and Sprint should consider identifying a phone to the net using something other than its number. It's just too easy to abuse.
However, that's just common sense and isn't the reason why I'm posting. What stikes me is that a lot of the posts here sound like they're written by people who just don't get it. Web phones are in their infancy - think back to the web in 1992, when every browser was incompatible with all the others and each new release broke pages which worked fine before. That's the way it is with web phones now.
This is new technology, and still has a lot of rough edges as site designers learn how to work within the limitations of the devices. The content designers are going to get better, and the phones themselves are going to improve. The keyboards are always going to be small, as are the displays (although the resolution will improve). Complaining that a phone keypad isn't good for entering lots of text. Well, duh! We'll just have to find a better way, like speech recognition or maybe setting up shortcuts using a full size keyboard and loading them into the phone.
The pricing model sucks right now, but remember the web at 2400bps with time metered usage. We didn't give up on it just because it wasn't perfect. In fact we loved it and the competition soon brought prices down. That's what's going to happen with web phones, and right now is the most fascinating part, seeing all the possibilities and being able to influence how it all turns out.
I guess I'm just surprised to see people on Slashdot slagging off these devices just because they're new, unfamiliar and still a bit clunky. To those people, all I can suggest is that they stick with their nice comfortable rotary dial phone and leave all this new fangled stuff to us nerds who like that sort of thing.
(No, I don't work for Sprint, but I do work with web phones, so maybe I'm biased.)
If the phone cannot handle cookies, then the server would have to do something to remember your last page hit. Who wants to surf the net on such a little and underpowered device? Connection bandwidth iss low and the browser is like lynx on acid. I would rather tote along a pda or laptop.
Romanes eunt domus? People called Romanes, they go the 'ouse? It says Romans go home. No it doesn't. What's Latin fo
And here was me expecting to get flamed into a pair of smoking boots. Nice to know there are other neophiles out there.