Blog of a Long Distance Worker Tech

O2 and its telephone number leak update

January 25, 2012 | Author: Ian Nock

O2 has now posted on its blog, its own description of the problem that occurred today. It describes it pretty much as a misconfiguration that allowed a provision for ‘selected partners’ to receive the client’s phone number in the headers of the HTTP request to spread to be applicable to all sites.

Although seemingly a reasonable explanation, it is the first time that I have heard that O2 would be using this with ANYONE. Almost certainly I will find the clause buried down in my terms of use somewhere (still looking), but this is a shoddy and appalling lack of privacy and control around something that a few people (not me but I still don’t want to share it with web sites unless I choose to) keep VERY private. To not be expressly clear to the user or to provide a mechanism for blocking it is bad. I am reminded of an old Internet Explorer feature that had to be disabled very quickly in the 1990s whereby the browser would present the username of the logged in PC user to every website. The feature was useful in authenticating in a corporate environment but unfortunately they allowed presentation to every site – a horrible privacy AND security issue. The disabling came in to the user control through Security Zones but it was by default turned OFF. This is something that should be the case here.

We shall have to see how this issue progresses. Certainly I am thinking twice about having O2 as a service provider. I will also be more careful about my use of SIM cards from providers I am new to in the future, after all they could similarly do this.

O2 and its Telephone number leak

January 25, 2012 | Author: Ian Nock

This morning a twitter comment alerted me to an issue with the O2 mobile phone broadband data service. In common with all broadband internet services, O2 passes its traffic from customers via a transparent proxy which can additionally do things like reduce the file size of pictures through compression. This is normally specified in the APN configuration of your phone. The ‘new information’ though was that it was making use of a feature of the Openwave WAP proxies to additionally tag a HTTP request header on to each transaction that gave away the subscriber’s mobile phone number. The HTTP request header is the very clear x-u-calling-line-id. You also need to know that this happens regardless of the client device you are using as it is built in to the Openwave proxy.

This is a serious breach of privacy for any mobile phone owner as EVERY SINGLE WEBSITE that the subscriber visits via the broadband connection will then have a copy of the subscribers mobile phone number. No opt-in or opt-out. Also it is quite likely that this has been happening for many years, in fact it could be as old as 3G Broadband from O2. To confirm if you are affected, I suggest you visit a site that displays all of your headers and look for your phone number or other personally identifiable information such as http://www.cylog.org/headers/.

Right now O2 is scrambling to deal with this PR and possible legal issue. I am personally offended that they do this as well. However you need to think wider than this. O2 is not necessarily the only company doing this, nor does it have to be via the same HTTP request header. After all, that header is something that Openwave provides which can be being used by any mobile operator in the world. Additionally other mobile operator WAP gateways manufacturers can and do use different methods of doing the same thing. The result is that privacy can be being breached worldwide, whenever you use your 3G Broadband connectivity.

This means that not only can someone personally identify you very easily, they can pair the informaton directly with the IP address that you are operating on which will also allow the identification of where you are.

If you are interested in background as to what you can be sharing when using your Mobile Broadband connectivity, please look at these two sites http://mobiforge.com/developing/blog/useful-x-headers and http://www.mulliner.org/collin/academic/publications/mobile_web_privacy_icin10_mulliner.pdf.

Laptop Size–How big is big enough

January 13, 2012 | Author: Ian Nock

The main thing that defines a laptop these days is how big it is, and the thing that defines that more than anything else is the screen size. It used to be the fact that every laptop had a 15” screen but the smaller device has grown more popular and it is easy to see why – what point is a mobile device if it huge, even though you can get 17” screen laptops that act as desktop replacements.

The big change tor many was the introduction of the ‘netbook’ which through in mostly 10.1” screens with some smaller ones at 8.9” or right the way down to the original EeePC 4G with 7”. These screens really made laptops extremely portable, and I believe it is the big reason for the growth in laptop ownership amongst ordinary people – as people saw that they could always have a laptop with then when it was a tiny ultra portable machine. However these screens are almost entirely only 1024×600 pixels in size which has been a major problem with Netbooks and I believe the main driver to their reduction in popularly in recent months (along with tablets coming to the fore of course). The problem being that applications expect a minimum of 1024×768 pixels or more specifically at least 768 pixels in the vertical.

In the last 18 months, screen sizes grew into the more manageable 11.6” to 13.3” size ranges and these have been mostly available in 1366×768 pixels in size (or the less popular 1280×800 or 1280×720). For the smaller screen this resolution is a very effective size but in my opinion way too small for the larger 13.3” size screens. Apple lead the way and the new Ultrabooks are following up by introducing 1440 x 900 pixels for these 13.3” sizes, and more effective number of pixels for these sizes.

The combinations of pixels and screen size actually points to the tradeoffs between portability and ensuring you have an effective screen size for applications. I find that for the ultra traveller you need to focus on having a small laptop which is why I have the 11.6” 1366×768 pixels based device and this is great on the go (can open when in economy on planes) and ok when I have arrived, particularly if I am a regular traveller and have organised a second monitor at my destination. I do however keep a 13.3” based machine running which works real well when combined with a decent 7” or 9” tablet for use when the 13.3” screen is impossible to use.

What about you?

Google Chromebooks–nowhere…

January 12, 2012 | Author: Ian Nock

There has been some focus on Google’s failures of last year and they included the Google Chromebook in that. I am not going to argue that they are wrong – they are very right. The Chromebooks are not capturing the public imagination and are making their way into the niche arenas of people who have the most important requirements as being complete security and cloud storage. – in other words almost no one.

The key problem is that when customers are looking for a general purpose computing solution, they are very happy with a full featured laptop and spending £200 to £400 is ok with them as long as it does have flexibility. Chromebooks do not have that flexibility and were being sold at the upper end of the price range that the vast majority of ordinary people want to spend. In other words, they are stupidly expensive and do too little.

The niche below the general purpose computing solution is being happily filled by most people by either smartphone or low cost tablet and ultimately Chromebooks will need to gain features that normal laptops have or they will disappear via a slow death in my view.

Apple and Android–what is a Post PC device

January 11, 2012 | Author: Ian Nock

Last March, when the iPad 2 was released, Steve Jobs described it as a Post PC device. Rather scathingly I could not agree to that as under iOS4 you still needed to activate it using iTunes and a PC of Windows or OSX flavours. The promise was that once iOS5 was available, this would be solved and the iPad would be standalone and be truly a Post PC device.

Well iOS5 came along and it is true that you can activate the device without a PC and make use of iCloud to backup your content and do most things without a PC, but if you do not have a PC then you have lost much functionality for managing your content. Primarily the iPad (or iPhone for that matter) needs to connect to a PC over WiFi to sync content, particularly Podcast audio or video content, where you have to go and get it rather than have it delivered. Since last March, I have moved on Android devices to get that standalone device, and I can say I have pretty much achieved it as I have phone and tablet devices which auto subscribe to audio and video feeds, and give me direct access to home content via DLNA and access to files via online file stores such as Dropbox or Box. So Android of any sort above 2.3 gives you that PC-less experience that was so pushed last March by Apple and they have not yet succeeded in delivering.

I also have to say, I don’t think this sort of device is Post PC in the truest sense of the term – PC stands for Personal Computer. It has become a way of describing a device with a keyboard, a screen and a central processing box. I think the term has to be taken back to its original meaning - a personal computer. In that context, my Smartphone is a PC device… my Tablet is a PC device… my Laptop is a PC device. Post PC devices are actually PC devices where PC stands for a personal computer device and they are all PCs.

Protect You And Your Clients

January 2, 2012 | Author: Ian Nock

I have talked about this before, but this article has reminded me and I am passing it on to every reader of this blog…

The New Year is upon us, and you might be partaking in the tradition of making a resolution for the coming year. This year, why not make a resolution to protect your data privacy with one of the most powerful tools available? Commit to full disk encryption on each of your computers.

via New Years Resolution: Full Disk Encryption on Every Computer You Own | Electronic Frontier Foundation.

This is particularly important for those of you who engage in serious travel with the high risk that your machine can be lost with the resultant risk to yours and your client’s data. Remember to pair this with a serious near real-time data backup/sync solution and strong passwords.

There are no excuses any more.

Just wish that there was a similar solution for my tablet and phone… I just have to rely on remote lock and wipe for those. Still looking for whole device encryption.

Battery Life is a Feature

December 30, 2011 | Author: Ian Nock

I do not always follow every iDevice rumour but the one I do hope would come true (and not just for iDevices) is extending battery life further.

High End Version of New iPads Get Extra Battery Life

Reports are coming in that Apple will be unveiling two versions of iPad3 this early 2012, one for the high-end segment and one for the mid-range segment. One rumored improvement of these new devices over their predecessor is longer battery span, which will be increased to 14,000mAH.

This rumour is probably absolute nonsense but I hope device designers out there really start to focus on battery life as a primary feature of a mobile device, and not as a secondary one. Devices need to be able to run through a heavy working day with some spare capacity without the need for me to carry my trusty recharger.

Happy Holidays and a Fruitful New Year

December 19, 2011 | Author: Ian Nock

Everyone’s thoughts are now focusing on relaxation, family and, for the tech inclined, what interesting gadget will be acquired either through the gifting process or via the retail sales that follow soon after. We wish you all a relaxing and enjoyable holiday, and let all your tech be good and at least be cutting edge through to the end of the month of January.

On a more practical front, news postings will still continue albeit intermittently and on a smaller scale through until the beginning of January. So please do follow on Twitter or check out the daily summaries when you need an escape.

See you on the other side.

Very Low Cost Honeycomb Tablet

December 6, 2011 | Author: Ian Nock

Trawling the bargain bins should start right now, particularly if you are after a decent 7″ tablet. The Dell Streak 7″ has been terminated with extreme prejudice by Dell but there are quite a few still out there and it is well worth the £159 (in airports) to £200 (in stores) price, particularly because of …

Though they all come in Android 2.2 flavor, you can upgrade it to Android 3.2

via Dell Streak 7′s Streak is Over | Eee PC.

The screen at 800×600 is not the biggest in the world but it does work well enough, I am almost tempted myself (whilst I wait for my HTC Flyer Honeycombe 3.2 upgrade in the coming days).

SMS and Old Tech

December 5, 2011 | Author: Ian Nock

19 years ago last Saturday, a momentous event occurred…

The first SMS message^[21] was sent over the Vodafone GSM network in the United Kingdom on 3 December 1992, from Neil Papworth ofSema Group (now Mavenir Systems) using a personal computer to Richard Jarvis of Vodafone using an Orbitel 901 handset. The text of the message was “Merry Christmas”.^[22]

I wouldn’t have mentioned it but it took me back to my first GSM mobile phone – the Orbitel 902.

The reason it took me back was because this mobile phone had a very interesting setup for SMS… it only received messages. This was because back then the messages were never seen as that important for consumers, and it was pretty much to be used for sending messages of a network nature.

That phone was a great phone considering the technology limitations:- a battery life that amounted to about half a day or about 50 minutes talk time – not much has changed on the battery life . It also had the unfortunate problem that the battery had exposed connections that were too easy to short, as I found out when my metal staff pass loop managed to cause a little warming in my inside pocket one day.

Despite those limitations, it did work and worked well enough to allow my synchronisation of my arrival at a station to being picked up by my wife, and it really saved me time (interestingly the mobile coverage along the North Kent Railway line has not improved over the last 15 years). Of course, very few other people had one but that soon changed over the next five years, through to now when pretty much everyone has one.

Tags

Archives