03-25-2012 04:15 PM
I am experiencing a security issue where my cellphone NUMBER is showing up on a website to which I browsed using my cellphone. I did not give permission nor do I want my cellphone number being tracked by sites I visit.
I am visiting a website "m.motime.ca" with my Torch 9810 and it can detect my phone number. I am on ROGERS. This happens with OS 7.0 and OS 7.1, even after SECURITY WIPES with both, and NO APPS installed, using the Blackberry native browser. Here is what I do:
1. visit m.motime.ca
2. click on first ringtone link, for example "empire state of mind"
3. click on "get your ringtone" link
Depending on who you ask, the next page that pops up will either....
A) Show your phone number next to the download link (like happens with me)
B) Show +1 [ empty box ] where you have to type it in your number.
I tried this on my wife's Torch 9800 using Bell, and she had option B show up. On my Blackberry Torch 9810 on Rogers, using the native RIM browser, option A happens and it displays my phone number. When I use a different browser like the Opera Mini on my phone, it DOES NOT put my phone number.
Therefore, based on this I am concluding that somehow the NATIVE BROWSER is giving my number to the website, whereas the OPERA MINI browser is not. If so, this is a major security privacy flaw.
Can someone please explain why this is happening, on my Rogers Torch 9810 and m.motime.ca. Is there something else going on here?
03-25-2012 09:37 PM
Ok, I did a little more digging.... here's what I found.
I turned off ALL radio connections except for WI-FI, so I am connected through my home internet.
I can still browse perfectly fine to all websites, for example:
However, when I try to browse to...
I get the following dialog box *immediately* popping up (extremely fast, almost as if no network traffic was involved at all, making me think it is coming directly from my phone):
"There is insufficient network coverage to process your request. Please try again later." [OK]
That means to me that the phone has a list of sites, perhaps provided by Rogers, that MUST connect through (or simultaneously have access) through Rogers data-plan service. This way, Rogers is somehow able to provide your phone number directly to these websites.
So my question is, did Rogers not inform anyone about this? How do we block this, where is the list of sites that need a phone data-connection to work, which will not work through Wifi only? I was not surprised to see that "m.rogers.com" needs your phone data connection to work.
03-25-2012 11:23 PM
When I do a DNS Lookup in the diagnostics section of my Blackberry phone, it finds that the IP for "m.motime.ca" is 22.214.171.124. This is happening even when I am using ONLY Wi-Fi to connect. So my Blackberry is obviously obtaining an IP for this address, even though when I look for "m.motime.ca" directly in my browser it complains of insufficient network coverage. I can even visit "126.96.36.199" directly and it brings me to a site called "life.dada.it" which then forwards to "www.dada.it" which finally ends up on "www.playme.it".
For some reason, if I try to go directly to "m.motime.ca" in the browser, it brings up that message saying I have insufficient network coverage. So is this Rogers having some routing table in the phone with a list of websites it has agreements with for carrier-mediated transactions? Is the browser not obtaining the same IP from the DNS? Why is it not going to 188.8.131.52? Could it be obtaining a different port which is not being shown?
Someone please explain. More importantly, which websites that I visit are going to find out my number this way from Rogers? Where do I get a list of websites that Rogers is providing my cell phone number to if I visit them?