Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aussie Telco Caught Handing Over User Mobile Numbers To Websites Without Consent

Posted by Soulskill on from the upside-down-morals dept.

AlbanX writes: Australian telco Optus has been nabbed passing its customers' mobile phone numbers to third-party websites without the customers' knowledge or consent. The practice, known as HTTP header enrichment, aims to streamline the process of direct billing for customers, but they're not happy. The discovery was made by a user on the telco forum Whirlpool, and Optus confirmed it. They said, "Optus adds our customers' mobile number to the information in select circumstances where we have a commercial relationship with owners of particular websites."

8 of 35 comments (clear)

  1. "Caught" would imply... by geekmux · · Score: 5, Insightful

    ...a crime was committed, or at minimum that we're going to actually do something to them.

    Of course, we all know nothing will come of this, or at best a slap-on-the-wrist fine, which they've probably already calculated as a standard business expense.

    Might as well just stop putting stories out like this until consumers are actually willing to act upon it. I'm willing to be there isn't enough consumer give-a-shit left in the world to tackle even this single issue, let alone tackle the mass arrogance that corporations pull off today at the expense of the customer.

    What does it matter if you label someone as "caught" if the reaction is nothing.

    1. Re:"Caught" would imply... by Psychotria · · Score: 2

      TL;DR... TH;DR Too Hard, Didn't React

    2. Re:"Caught" would imply... by Gadget_Guy · · Score: 3, Insightful

      "Caught" does not imply anything of the sort. If you were caught cheating on your wife, no crime is implied. If you were caught picking your nose, nothing would be done to you (unless you work in food preparation, perhaps).

      In this case, "caught" simply means that the telco was found to be doing something that they hadn't told their customers about (and would obviously prefer they didn't know about). And no, we shouldn't stop posting stories like this. Perhaps Optus will get away with it this time, but each time something similar comes to light it will build in the collective-minds of the public. Eventually something will be done to protect privacy; either at the legal level or the personal level like everyone starting to use VPNs. We will all say the VPNs are to protect us from corporate privacy issues, but really it will be to get around the Great Firewall of Australia or data retention laws.

  2. I do want a HTTPS web by Lennie · · Score: 5, Informative

    See, this is exactly why I want a HTTPS web.

    I do think Let's Encrypt is on the right track. When they show their protocol and open source software works. I'm pretty sure other CA's will follow.

    Automating HTTPS deployment is a good thing.

    Yes, the CA-system isn't a perfect system at all, but at least we are seeing some improvements in use of HTTPS:
    - https://en.wikipedia.org/wiki/... (better revocation of certificates and faster loading of sites and better privacy)
    - https://blog.mozilla.org/secur... (better revocation of certificates)
    - https://en.wikipedia.org/wiki/... (old browser finally dying)
    - HTTP/2 is faster than HTTP and sort of depends on HTTPS for backward compatibility for old proxy servers and public websites
    - finally we are getting rid of all the old protocols like SSLv3 and get our server configurations cleaned up

    Especially for regular visitors of a site things are improving:
    https://developer.mozilla.org/... (a CA can NOT issue a cert for a fake certificate - works in Firefox and Chrome)
    https://en.wikipedia.org/wiki/... (always HTTPS, no HTTP on the second visit)

    --
    New things are always on the horizon
  3. Nomenclature by Lightn · · Score: 2

    I don't think we should cede the rhetorical battle by letting them call it "header enrichment."

    I say we call it "tracking injection."

  4. IP to Phone Number by Voice+of+Meson · · Score: 2

    They can talk about 'trusted partners' and 'optimising websites' all they want, but the main point here is that they are sending your phone number over HTTP. Anyone on a hop along the way or of course the end website and their 'trusted partners' can now link an IP address to a phone number. Via other cookies they can tie that IP address to your previous ones and suddenly they have a Phone Number to go with the previously anonymous browsing history and customer profile.

    Just imagine if that irritating banner ad could actually call you! It really is a phenomenal breach of privacy and security.

    --
    Dammit! I had a good one.
  5. It's not my fault!!! Money made me do it!!! by BringMyShuttle · · Score: 3, Insightful

    > "Optus adds our customers' mobile number to the information in select circumstances where we have a commercial relationship with owners of particular websites."

    Someone needs to tell the weasel at Optus pushing this excuse that they have a COMMERCIAL RELATIONSHIP WITH THEIR CUSTOMERS TOO.

    1. Re:It's not my fault!!! Money made me do it!!! by Anne+Thwacks · · Score: 2
      COMMERCIAL RELATIONSHIP WITH THEIR CUSTOMERS TOO.

      In the same sense that burglars and their victims have a relationship?

      --
      Sent from my ASR33 using ASCII