David Pottage
January 25, 2012 at 11:58 am
I used to work in the mobile website industry, and it is a standard feature of most mobile networks, but usualy only if the webiste signs an agreement with the network. Sometimes other information is also avalable such as the user's location, what sort of contract they are on, and if they have proved they are old enough to view pornography.
The mobile website wants the costomer phone number so that they can track individual users through their site, and recognise them when they return. This is sometimes done just for statistics and adverts, but mostly it is done to create user accounts for subscriptions or paid for content. Phone numbers are prefered over cookes for this becuase many older phones don't support cookes, or will delete them frequently, and also because phone numbers are hard to spoof or change, and and can be traced back to an individual user in case of fraud or abuse. It is also used for reverse SMS billing on some sites. (This is where you pay for content by receving one or more premium rate text messages).
What generaly happens is that a mobile website will request certain information be passed along from the mobile network, and will offer to share revenue in return. If the network agrees, then the IP address of the web server in question will be added to a white list at the network and the information will be supplied.
Different networks have different rules on what will be supplied under what curcumstances. For example I did some work with Teliasonera in Finland, and they would only supply one of the mobile number or the users location, but not both, and if a web page contained adult materal you had to set a number of headers to indicate what type (from their list of categories) and they would block it from the user at their end if necessary.
I suspect what has happend in the case of O2 is that something has broken in their systems, so they are passing along phone numbers in the http headers to all websites when they should not. I doubt they would want to do that by default as it is a usefull for them to take a cut from mobile website revenues.