Aussie Telco Caught Handing Over User Mobile Numbers To Websites Without Consent

AlbanX writes: Australian telco Optus has been nabbed passing its customers' mobile phone numbers to third-party websites without the customers' knowledge or consent. The practice, known as HTTP header enrichment, aims to streamline the process of direct billing for customers, but they're not happy. The discovery was made by a user on the telco forum Whirlpool, and Optus confirmed it. They said, "Optus adds our customers' mobile number to the information in select circumstances where we have a commercial relationship with owners of particular websites."

I do want a HTTPS web

[Lennie]

See, this is exactly why I want a HTTPS web.

I do think Let's Encrypt is on the right track. When they show their protocol and open source software works. I'm pretty sure other CA's will follow.

Automating HTTPS deployment is a good thing.

Yes, the CA-system isn't a perfect system at all, but at least we are seeing some improvements in use of HTTPS:
- https://en.wikipedia.org/wiki/... (better revocation of certificates and faster loading of sites and better privacy)
- https://blog.mozilla.org/secur... (better revocation of certificates)
- https://en.wikipedia.org/wiki/... (old browser finally dying)
- HTTP/2 is faster than HTTP and sort of depends on HTTPS for backward compatibility for old proxy servers and public websites
- finally we are getting rid of all the old protocols like SSLv3 and get our server configurations cleaned up

Especially for regular visitors of a site things are improving:
https://developer.mozilla.org/... (a CA can NOT issue a cert for a fake certificate - works in Firefox and Chrome)
https://en.wikipedia.org/wiki/... (always HTTPS, no HTTP on the second visit)