Visiting a website from a smartphone? If you’re on Verizon or T-Mobile (also Cricket and MetroPCS), your phone number is included in the headers of every HTTP request you make.
D’oh. Especially since (as covered here a few times) just about anyone these days can translate your cell number into your location. And do it pretty precisely.
http://click-fraud-fun.blogspot.ca/2012/07/header-hunter-beware-misconfigured.html http://click-fraud-fun.blogspot.de/2012/07/more-mobile-madness.html http://www.theregister.co.uk/2012/01/25/o2_hands_out_phone_numbers_to_websites/
“Essentially for some US carriers when you visit a website via your 3g/4g connection your phone number can be leaked via a web request, in some cases it is leaked via internal telco proxy credentials that are passed past the last proxy.* The blog notes that this issue has come up before and provides some background links.
By watching the development of Silica and STALKER for the past few years Mark and AlexI have basically convinced me that 802.11 wireless is the devil. So I keep it permanently disabled on my phone. Now it seems that if I leave a snarky comment on a site I got to using my phone I might get a phone call from the site owner. If we can’t be jerks to each other anonymously on the internet then what’s the point?”