O2 UK is handing out its customers' mobile telephone numbers like free sweets to every website they visit on their phones.
Lewis Peckover, a system administrator for a mobile gaming company, highlighted the flaw in O2's system after setting up a website that displays the HTTP header information sent to sites by web browsers when users connect. This data includes details such as the URL of the page requested, the web browser version and the operating system of the user, and are used for statistics-gathering by the site owner.
However, for customers using the Internet on an O2 3G connection, this data also includes their telephone number in an "x-up-calling-line-id" line, added in by a proxy server running on the company's network.
Other 3G networks aren't appending their users' mobile numbers to the HTTP headers, and O2 users using WiFi rather than 3G won't have the issue, neither will users using browsers such as Opera Mini, which have their own proxy servers.
From statements on Twitter, it appears that BlackBerry users on O2 don't experience the problem because RIM runs its own proxy servers, and neither do O2 customers outside the United Kingdom because the network operates separate proxy servers in each nation.
The issue also affects users on GiffGaff and Tesco Mobile, which are MVNO (Mobile Virtual Network Operator) networks using on O2's infrastructure to offer their customers lower prices.
Update: after a high number of complaints, O2 appears to have shut off the proxy server issue, however the company has not issued an official statement yet.