MyBroadband broke a story today on Vodacom exposing your cellphone number in HTTP headers for sites that you visit.

I played around and found a few workarounds, some are trivial, and others are less so.

The MyBroadband story is HERE and it is not the first time that this has been noticed, in a MyBroadband forum two years ago there has also been mention of this HERE

Three ways to get around this and keep your Cellphone number from being exposed:

  1. Tunnel your traffic through an HTTP Proxy. I tested Squid and Firefox with the proxy addon for mobile and without more than enabling Squid Auth the headers were altered and my cellphone number was no longer exposed.
  2. Use the Opera Mini Browser. It also tunnels your traffic through a proxy server and the details get stripped and replaced with others.
  3. Change your APN on your phone. In SETTINGS under Mobile Networks I added another APN with the same settings as the standard one and without using the proxy settings my cellphone number is not exposed any more. No idea if this will last though. Adding a custom APN does mean that you can add proxy settings for it, meaning you can play with what gets sent to the world from there. The Vodacom supplied APN cannot be edited to have proxy settings added. To update, this only works for a few hours before the numbers get displayed again, and in some cases not at all.

You could also use a VPN, I did not test this since I am not in the mood for that kind of PT at this late hour.

If  you want to test if your cellphone number is still exposed after you made your changes go to lessonslearned.org/sniff and check if you can see your number at the top of the page.