Re: [swinog] O2 (UK) sends your mobile number in HTTP header to every website you visit

2012-01-26 Diskussionsfäden Steven Glogger 
as far as i know the design, there is no way that the NAT gateway knows 
the number. correlation is done later or so.

and that would definetly break the rules of data protection / law.

-steven



On 01/25/12 13:55, Guillaume Leclanche wrote:

Hi,

I just did a dump of packets reaching a website from Swisscom, and no 
phone number nor other identification data is inserted.


Guillaume

2012/1/25 Stanislav Sinyagin >


http://news.ycombinator.com/item?id=3508857

did anyone test this for Swiss operators?


___
swinog mailing list
swinog@lists.swinog.ch 
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] O2 (UK) sends your mobile number in HTTP header to every website you visit

2012-01-25 Diskussionsfäden Mihai Tanasescu 


On 1/25/12 3:12 PM, Stephen Wilcox wrote:



On Wed, Jan 25, 2012 at 2:04 PM, Martin Ebnoether 
mailto:ventila...@semmel.ch>> wrote:


On the Wed, Jan 25, 2012 at 03:59:29AM -0800, Stanislav Sinyagin
blubbered:

Hi all.

> http://news.ycombinator.com/item?id=3508857
>
> did anyone test this for Swiss operators?

Since I have an O2 (Germany) prepaid card which I use for mobile
Internet access when in Germany:

Are O2 UK and O2 Germany different companies just operating
under the same brand?


The O2 brand is owned by Telefonica...




Hi all,

And the article about it here:

http://www.bbc.co.uk/news/technology-16725531

seems it was only UK related.


--
Mihai


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] O2 (UK) sends your mobile number in HTTP header to every website you visit

2012-01-25 Diskussionsfäden Stephen Wilcox 
On Wed, Jan 25, 2012 at 2:04 PM, Martin Ebnoether wrote:

> On the Wed, Jan 25, 2012 at 03:59:29AM -0800, Stanislav Sinyagin blubbered:
>
> Hi all.
>
> > http://news.ycombinator.com/item?id=3508857
> >
> > did anyone test this for Swiss operators?
>
> Since I have an O2 (Germany) prepaid card which I use for mobile
> Internet access when in Germany:
>
> Are O2 UK and O2 Germany different companies just operating
> under the same brand?
>

The O2 brand is owned by Telefonica...

Steve

>
> Anyway, I think I will test tonight, if this happens for O2
> Germany too if nobody else does it until then. And I will
> happily ignore the fact that roaming fees will probably cost me
> an arm and a leg, maybe even my own!
>
> CU, Venty
>
> --
> ASAP DO $liste_mit_zeugs @once UNTIL yesterday!
> BUT DO NOT ask_back() IF unclear ELSE END with_coredump = 3GB!
> LIE "All done."!
> PROCRASTINATE UNTIL year=year + 1!
>
>
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>



-- 
Director / Founder
IX Reach Ltd
E: steve.wil...@ixreach.com
M: +44 7966 048633
35 Jackson Court, High Wycombe, UK. HP15 7TZ

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] O2 (UK) sends your mobile number in HTTP header to every website you visit

2012-01-25 Diskussionsfäden Martin Ebnoether 
On the Wed, Jan 25, 2012 at 03:59:29AM -0800, Stanislav Sinyagin blubbered:

Hi all.

> http://news.ycombinator.com/item?id=3508857
> 
> did anyone test this for Swiss operators?

Since I have an O2 (Germany) prepaid card which I use for mobile
Internet access when in Germany:

Are O2 UK and O2 Germany different companies just operating
under the same brand? 

Anyway, I think I will test tonight, if this happens for O2
Germany too if nobody else does it until then. And I will
happily ignore the fact that roaming fees will probably cost me
an arm and a leg, maybe even my own!

CU, Venty 

-- 
ASAP DO $liste_mit_zeugs @once UNTIL yesterday!
BUT DO NOT ask_back() IF unclear ELSE END with_coredump = 3GB!
LIE "All done."!   
PROCRASTINATE UNTIL year=year + 1!


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] O2 (UK) sends your mobile number in HTTP header to every website you visit

2012-01-25 Diskussionsfäden Stephen Wilcox 
On Wed, Jan 25, 2012 at 1:16 PM, Rene Luria  wrote:

> On 25. 01. 12 14:03, Stephen Wilcox wrote:
>
>> Someone created this.. altho its just printing the http headers so not
>> rocket science..
>>
>
>  http://lew.io/headers.php
>>
>
> And you would take this as a definitive answer ?
>
> Look closely on what this page shows and you will see headers your browser
> did not send (x-forwarded-for even without a proxy) and will miss some your
> browser did send (connection, cache-control).
> Why ? Because it's certainly hosted behind some reverse proxy.
>
> At the end of the day, you have no clue about what headers you did really
> send or not.
>
> Guillaume's point is a good one, get back to what you know.
>
> And on a network oriented mailing list, a dump of packets never looks like
> rocket science :)
>

I for one do not have a webpage ready to output headers, although it would
only take me 1 minute to login to a box and create one. It seems easier to
forward something.. no?

Yes, I understand headers and issues with them, but it does show the
offending headers if they are present, which was the point (x-forwarded is
not of interest)..

Steve



> --
> Rene Luria
>
>
>
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>
>


-- 
Director / Founder
IX Reach Ltd
E: steve.wil...@ixreach.com
M: +44 7966 048633
35 Jackson Court, High Wycombe, UK. HP15 7TZ

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] O2 (UK) sends your mobile number in HTTP header to every website you visit

2012-01-25 Diskussionsfäden Rene Luria 

On 25. 01. 12 14:03, Stephen Wilcox wrote:

Someone created this.. altho its just printing the http headers so not
rocket science..



http://lew.io/headers.php


And you would take this as a definitive answer ?

Look closely on what this page shows and you will see headers your 
browser did not send (x-forwarded-for even without a proxy) and will 
miss some your browser did send (connection, cache-control).

Why ? Because it's certainly hosted behind some reverse proxy.

At the end of the day, you have no clue about what headers you did 
really send or not.


Guillaume's point is a good one, get back to what you know.

And on a network oriented mailing list, a dump of packets never looks 
like rocket science :)


--
Rene Luria



smime.p7s
Description: S/MIME Cryptographic Signature

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] O2 (UK) sends your mobile number in HTTP header to every website you visit

2012-01-25 Diskussionsfäden Stephen Wilcox 
Someone created this.. altho its just printing the http headers so not
rocket science..

http://lew.io/headers.php


On Wed, Jan 25, 2012 at 12:55 PM, Guillaume Leclanche <
guilla...@leclanche.net> wrote:

> Hi,
>
> I just did a dump of packets reaching a website from Swisscom, and no
> phone number nor other identification data is inserted.
>
> Guillaume
>
> 2012/1/25 Stanislav Sinyagin 
>
>> http://news.ycombinator.com/item?id=3508857
>>
>> did anyone test this for Swiss operators?
>>
>>
>> ___
>> swinog mailing list
>> swinog@lists.swinog.ch
>> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>>
>>
>
>
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>
>


-- 
Director / Founder
IX Reach Ltd
E: steve.wil...@ixreach.com
M: +44 7966 048633
35 Jackson Court, High Wycombe, UK. HP15 7TZ

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] O2 (UK) sends your mobile number in HTTP header to every website you visit

2012-01-25 Diskussionsfäden Guillaume Leclanche 
Hi,

I just did a dump of packets reaching a website from Swisscom, and no phone
number nor other identification data is inserted.

Guillaume

2012/1/25 Stanislav Sinyagin 

> http://news.ycombinator.com/item?id=3508857
>
> did anyone test this for Swiss operators?
>
>
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>
>

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] O2 (UK) sends your mobile number in HTTP header to every website you visit

2012-01-25 Diskussionsfäden Stephen Wilcox 
Lol, I think they are investigating it... at least thats what the 3 or 4
canned messages repeated over and over say.

There's some pretty heavy penalties for breaching personal data in the UK..
will be interesting to see if the law is put to proper use.

Steve

On Wed, Jan 25, 2012 at 12:36 PM, Silvan Gebhardt
wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Sorry for follow up, but funny... their twitter account is swamped as
> everyone asks them.
>
> https://twitter.com/o2
>
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk8f91sACgkQC82WwYR1u2q7PwCgk4eSZOXmsO5DLvuX9ek/2Ohn
> pdIAnjTlciMjwT1i0zkkj8+AU5BjkTWM
> =FbAL
> -END PGP SIGNATURE-
>
>
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>



-- 
Director / Founder
IX Reach Ltd
E: steve.wil...@ixreach.com
M: +44 7966 048633
35 Jackson Court, High Wycombe, UK. HP15 7TZ

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] O2 (UK) sends your mobile number in HTTP header to every website you visit

2012-01-25 Diskussionsfäden Silvan Gebhardt 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Sorry for follow up, but funny... their twitter account is swamped as
everyone asks them.

https://twitter.com/o2


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8f91sACgkQC82WwYR1u2q7PwCgk4eSZOXmsO5DLvuX9ek/2Ohn
pdIAnjTlciMjwT1i0zkkj8+AU5BjkTWM
=FbAL
-END PGP SIGNATURE-


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] O2 (UK) sends your mobile number in HTTP header to every website you visit

2012-01-25 Diskussionsfäden Silvan Gebhardt 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Orange seems fine to me

>>> 

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Host: lew.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.7 (KHTML,
like Gecko) Chrome/16.0.912.75 Safari/535.7
x-bearer-type: UMTS
x-forwarded-for: 10.157.85.200, 213.55.184.167
x-roaming: NO
x-up-bearer-type: UMTS
 

That explains why I can't use Google Maps on my Laptop anymore.
the mobile version does not work in the desktop chrome



Am 25.01.2012 12:59, schrieb Stanislav Sinyagin:
> http://news.ycombinator.com/item?id=3508857
> 
> did anyone test this for Swiss operators?
> 
> 
> 
> ___ swinog mailing
> list swinog@lists.swinog.ch 
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8f9CYACgkQC82WwYR1u2ryFgCfdpnLcsTWTrSbpIv/G5avn+Vd
mvYAn1osY6fFxCw8zFZnAbF5dnZ2kIcU
=wM2D
-END PGP SIGNATURE-


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] O2 (UK) sends your mobile number in HTTP header to every website you visit

2012-01-25 Diskussionsfäden Stanislav Sinyagin 
http://news.ycombinator.com/item?id=3508857

did anyone test this for Swiss operators?
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog