O2 and its telephone number leak update

Written by Ian Nock on January 25, 2012 Leave a Comment

O2 has now posted on its blog, its own description of the problem that occurred today. It describes it pretty much as a misconfiguration that allowed a provision for ‘selected partners’ to receive the client’s phone number in the headers of the HTTP request to spread to be applicable to all sites.

Although seemingly a reasonable explanation, it is the first time that I have heard that O2 would be using this with ANYONE. Almost certainly I will find the clause buried down in my terms of use somewhere (still looking), but this is a shoddy and appalling lack of privacy and control around something that a few people (not me but I still don’t want to share it with web sites unless I choose to) keep VERY private. To not be expressly clear to the user or to provide a mechanism for blocking it is bad. I am reminded of an old Internet Explorer feature that had to be disabled very quickly in the 1990s whereby the browser would present the username of the logged in PC user to every website. The feature was useful in authenticating in a corporate environment but unfortunately they allowed presentation to every site – a horrible privacy AND security issue. The disabling came in to the user control through Security Zones but it was by default turned OFF. This is something that should be the case here.

We shall have to see how this issue progresses. Certainly I am thinking twice about having O2 as a service provider. I will also be more careful about my use of SIM cards from providers I am new to in the future, after all they could similarly do this.

Also posted in Blog, Security | Tagged , , , ,

O2 and its Telephone number leak

Written by Ian Nock on January 25, 2012 1 Comment

This morning a twitter comment alerted me to an issue with the O2 mobile phone broadband data service. In common with all broadband internet services, O2 passes its traffic from customers via a transparent proxy which can additionally do things like reduce the file size of pictures through compression. This is normally specified in the APN configuration of your phone. The ‘new information’ though was that it was making use of a feature of the Openwave WAP proxies to additionally tag a HTTP request header on to each transaction that gave away the subscriber’s mobile phone number. The HTTP request header is the very clear x-u-calling-line-id. You also need to know that this happens regardless of the client device you are using as it is built in to the Openwave proxy.

This is a serious breach of privacy for any mobile phone owner as EVERY SINGLE WEBSITE that the subscriber visits via the broadband connection will then have a copy of the subscribers mobile phone number. No opt-in or opt-out. Also it is quite likely that this has been happening for many years, in fact it could be as old as 3G Broadband from O2. To confirm if you are affected, I suggest you visit a site that displays all of your headers and look for your phone number or other personally identifiable information such as http://www.cylog.org/headers/.

Right now O2 is scrambling to deal with this PR and possible legal issue. I am personally offended that they do this as well. However you need to think wider than this. O2 is not necessarily the only company doing this, nor does it have to be via the same HTTP request header. After all, that header is something that Openwave provides which can be being used by any mobile operator in the world. Additionally other mobile operator WAP gateways manufacturers can and do use different methods of doing the same thing. The result is that privacy can be being breached worldwide, whenever you use your 3G Broadband connectivity.

This means that not only can someone personally identify you very easily, they can pair the informaton directly with the IP address that you are operating on which will also allow the identification of where you are.

If you are interested in background as to what you can be sharing when using your Mobile Broadband connectivity, please look at these two sites http://mobiforge.com/developing/blog/useful-x-headers and http://www.mulliner.org/collin/academic/publications/mobile_web_privacy_icin10_mulliner.pdf.

Also posted in Blog, Security | Tagged , , , , , , ,

Apple and Android–what is a Post PC device

Written by Ian Nock on January 11, 2012 Leave a Comment

appleIILast March, when the iPad 2 was released, Steve Jobs described it as a Post PC device. Rather scathingly I could not agree to that as under iOS4 you still needed to activate it using iTunes and a PC of Windows or OSX flavours. The promise was that once iOS5 was available, this would be solved and the iPad would be standalone and be truly a Post PC device.

Well iOS5 came along and it is true that you can activate the device without a PC and make use of iCloud to backup your content and do most things without a PC, but if you do not have a PC then you have lost much functionality for managing your content. Primarily the iPad (or iPhone for that matter) needs to connect to a PC over WiFi to sync content, particularly Podcast audio or video content, where you have to go and get it rather than have it delivered. Since last March, I have moved on Android devices to get that standalone device, and I can say I have pretty much achieved it as I have phone and tablet devices which auto subscribe to audio and video feeds, and give me direct access to home content via DLNA and access to files via online file stores such as Dropbox or Box. So Android of any sort above 2.3 gives you that PC-less experience that was so pushed last March by Apple and they have not yet succeeded in delivering.

I also have to say, I don’t think this sort of device is Post PC in the truest sense of the term – PC stands for Personal Computer. It has become a way of describing a device with a keyboard, a screen and a central processing box. I think the term has to be taken back to its original meaning -  a personal computer. In that context, my Smartphone is a PC device… my Tablet is a PC device… my Laptop is a PC device. Post PC devices are actually PC devices where PC stands for a personal computer device and they are all PCs.

samsung_galaxy_sII

ipadAsusUL30

Also posted in Blog, Notebook Computing, Office Computing | Tagged , , , , , , , ,

Battery Life is a Feature

Written by Ian Nock on December 30, 2011 Leave a Comment

I do not always follow every iDevice rumour but the one I do hope would come true (and not just for iDevices) is extending battery life further.

High End Version of New iPads Get Extra Battery Life

Reports are coming in that Apple will be unveiling two versions of iPad3 this early 2012, one for the high-end segment and one for the mid-range segment. One rumored improvement of these new devices over their predecessor is longer battery span, which will be increased to 14,000mAH.

This rumour is probably absolute nonsense but I hope device designers out there really start to focus on battery life as a primary feature of a mobile device, and not as a secondary one. Devices need to be able to run through a heavy working day with some spare capacity without the need for me to carry my trusty recharger.

 

Also posted in Blog, Notebook Computing | Tagged , , , ,

SMS and Old Tech

Written by Ian Nock on December 5, 2011 Leave a Comment

19 years ago last Saturday, a momentous event occurred…

The first SMS message[21] was sent over the Vodafone GSM network in the United Kingdom on 3 December 1992, from Neil Papworth ofSema Group (now Mavenir Systems) using a personal computer to Richard Jarvis of Vodafone using an Orbitel 901 handset. The text of the message was “Merry Christmas”.[22]

I wouldn’t have mentioned it but it took me back to my first GSM mobile phone – the Orbitel 902.

The reason it took me back was because this mobile phone had a very interesting setup for SMS… it only received messages. This was because back then the messages were never seen as that important for consumers, and it was pretty much to be used for sending messages of a network nature.

That phone was a great phone considering the technology limitations:- a battery life that amounted to about half a day or about 50 minutes talk time – not much has changed on the battery life :-) . It also had the unfortunate problem that the battery had exposed connections that were too easy to short, as I found out when my metal staff pass loop managed to cause a little warming in my inside pocket one day.

Despite those limitations, it did work and worked well enough to allow my synchronisation of my arrival at a station to being picked up by my wife, and it really saved me time (interestingly the mobile coverage along the North Kent Railway line has not improved over the last 15 years). Of course, very few other people had one but that soon changed over the next five years, through to now when pretty much everyone has one.

Also posted in Blog | Tagged , , , , ,

Travel Tablets

Written by Ian Nock on November 14, 2011 Leave a Comment

image

Like many of you I acquired an iPad just after it launched last year and added it to my arsenal of lightweight information processing equipment. However I struggled to make it work in my setup primarily because I make use of an ultralight laptop. It ended up being yet another similar sized device that was used but was annoyingly bulky compared to my main machine. That identifies the problem, it never replaced the laptop despite being useful for reading watching video podcasts, documents and magazines. 10 inches is simply too big.

So I acquired an Android 7inch device in the guise of the HTC Flyer (although I also looked at the now out of manufacture Dell Streak but I dropped that one as the resolution of the screen was lower at 800×480). It is not ideal as it still runs Android 2.3 but the 3.2 Honeycomb upgrade is imminent.

After the last few weeks using it, it has proven much more versatile as I can have it with me much more often and does not feel bulky compared to my ultralight. The battery life is good (as I can get through a business day) and it serves the functionality I need in terms of video podcast watching, light web browsing, document and magazine reading as well as being a much more effective email processor than a smartphone when you are not running around.

Now all it needs to do is make that upgrade to Honeycomb (hurry up HTC!) to remove some of the rough edges and make it equal to the iPad but exceed its usefulness in being the right size for my jacket pocket.

Steve Jobs… You are so wrong about the 7 inch tablet.

Also posted in Blog, Notebook Computing | Tagged , , , , , ,

Voice Communication with your Device

Written by Ian Nock on October 17, 2011 Leave a Comment

The recent iPhone 4S launch was a very evolutionary device launch, with key performance improvements being a major delivery point, but along with that has come Siri. Siri is a full on voice controlled assistant making use of cloud processing to give the small device the ability to rapidly process your voice commands. There is a degree of excitement about part of the Apple delivery, but I believe that this is of academic use and in many ways just like 3D technology for TVs – nice, clever but overall not a major feature or use case.

Think of it this way, you are walking around an airport and suddenly you need to send a text message to say your flight is going to be delayed. Do you:

a) Get your phone out and say ‘Siri, send message to Joe Bloggs, my plane is delayed by at least 60 minutes, send.’

b) Use finger and touch SMS icon, and quickly type ‘My plane is delayed by at least 60 minutes, send.’

Which of these two approaches is going to make you look like an absolute madman? Which is the least private? Which is the least error prone with all the noise going on around you?

Think of this another way, you are sat in your open plan office with the low level murmur that all open plan offices have from people on telephones or having short corridor discussions, and all of a sudden you need to search your address book for a contact and make a call to them. Do you:

a) Get your phone up and say ‘Siri, Call Joe Bloggs, Mobile’

b) Get your phone up and type a search for Joe into the Contacts app and select the correct number and press call’

Which of these two approaches is going to annoy the hell out of the person next to you? Which is the least private? Which is the least error prone with the general office noise of the standard open plan office?

You might notice that I am not a believer in voice control of devices in the business. I think that the entire interaction with a device through voice is just incompatible with group working as well as too error prone for the working environments we are in. As for full interaction through voice with a desktop device, I also believe that the speed of interaction of voice is simply too slow compared to the very highly optimised keyboard and pointer/mouse interaction (and even QWERTY is optimised compared to voice). I do see the introduction of touch to the interactions with devices, but not the wholesale interaction pushed by many touch PCs – touch is something that is added to the peripherals in front of you and augmented (but not replaced) by the use of touch on displays, particularly the larger whiteboard level displays that are common in schools but not in offices.

01141_hal9000_1280x800

Voice though, is definitely not something that is a fit to people and the environments in which they work. Or to put it another way, “I am sorry Dave, you need to go back to the keyboard.”

Also posted in Office Computing | Tagged , , , , ,

Steve Jobs – So long and thanks for all the fish

Written by Ian Nock on October 6, 2011 Leave a Comment

There is going to be a lot said about Steve Jobs in the coming days, but I would just say two things.

1. Jobsian – an approach to product development that was singularly successful and others aspire to.

2. Watch his 2005 Stanford commencement address and be inspired.

Also posted in Blog, Notebook Computing, Software/Apps | Tagged , , , , ,

Living in the future… but do you want it

Written by Ian Nock on September 30, 2011 Leave a Comment

Video calls from a metal tube travelling at 600mph at 35000 feet… something that the military could do, but how about an ordinary joe?

Ever received or made a Skype video call to hwho was on an airplane? I can’t say I have, but the folks over at MSNBC have, in a news segment shot yesterday. Time magazine’s senior political analyst, Mark Halperin, called up the studio via Skype while in the middle of a red eye flight, and gave his opinion on Chris Christie’s speech through a video call. Not to mention, he was in the plane’s lavatory as well.

via Skype in-flight video call made on MSNBC TV | Ubergizmo.

I am impressed that something so amazing is available to us but I am personally not impressed as my time on planes should not be bothered by someone doing the “I’m on the phone Dom Joly from right next to me”. However I can see the creation of ‘phone booths’ next to to the toilets…

Also posted in Blog | Tagged , , , ,

Personal WiFi for the Traveller

Written by Ian Nock on August 31, 2011 Leave a Comment

I have always found it useful to have a way of getting online when overseas. Sometimes it is painful (like my recent trip to France) and sometimes it is painless (like on my trips to the less sunny Dublin). Whichever location you go to though you can be sure that you can get a local Prepay/PAYG data SIM card that just needs to be put into the right device to give you a data connection. I have been favouring an unlocked MiFi device but in my recent troubles I needed to do more debugging that what was possible on the MiFi. I made use of an unlocked Android phone and it provided the best service it could considering the lousy service I was on (Orange FR was appalling).

The key is getting one that is unlocked or is easy to unlock, and I made use of the very unlockable Orange San Francisco (ZTE Blade). At least I could once I also put Android 2.2 on the device. It was a very effective Personal WiFi device over there and I am now definitely looking to replace my older MiFi device with the Android, most obviously because it also offers access to the voice services necessary in many locations to update the credit as well as the use of a local voice number if I so required (my current tariff with O2 makes that very optional).

For those of you who are not into unlocking (and a bit of rooting!) then I do suggest digging through the phones on display to find an Android 2.2 or above device and getting it unlocked. I do recommend checking out Carphone Warehouse for Prepay deals as their phones do tend to be unlocked to allow them to sell on any network but make sure that the phone is an Android 2.2 or above to get the built-in WiFi Tethering. The latest deals for the Sony Experia X10 Mini look interesting but you will have to look at some of the third party mechanisms for WiFi Tethering if you do purchase that one as it is 2.1 or even earlier by default.

Also posted in Blog, Notebook Computing | Tagged , , , , , , , , , , ,