Vodacom exposing your number to every website you visit
HTTP headers are being injected into requests you send to web servers. Vodacom is providing information which uniquely identifies you as a subscriber to every website you visit while on its data network
HTTP headers are being injected into requests you send to web servers
Vodacom is providing information which uniquely identifies you as a subscriber to every website you visit while on its data network. This was revealed by an online tool created by security researcher Kenneth White.
Among the data Vodacom subscribers are inadvertently providing to web servers is their phone number and a unique identifier for their device called the IMEI/SV.
Recent media reports suggest that this data is being sent to web servers because Vodacom is modifying the web traffic of its subscribers.
In particular, it is injecting an additional hypertext transfer protocol (HTTP) header into the messages subscribers send to servers when requesting items such as web pages.
Tech-savvy Vodacom customers noticed and started reporting the issue after international publications picked up that Verizon, a mobile network in the United States, was sending websites a “permanent cookie”.
Verizon calls the technology “PrecisionID”, and refers to this “perma-cookie” (a string of many characters) as the Unique Identifier Header (UIDH).
Advertising industry reports say that PrecisionID was designed to help advertisers uniquely identify mobile subscribers to better target ads at them.
White said that, in the wake of the ad industry reports, he decided to develop a web page to let people check if they are sending out a UIDH.
After reading about PrecisionID, South Africans used White’s tool to test our mobile networks and were horrified to discover that Vodacom was sending out far more than just a random string of characters as a UIDH.
source: https://mybroadband.co.za
