A little more information - they're sending an X- HTTP header containing the originating mobile phone number. No obfuscation, anything, just a mobile number. I'm on O2 and just verified this from my own mobile.
This is an appalling privacy hole, one which O2 have not publicised at all and from the contents of the tweet discussing, seem to see no issue with.
EDIT: a direct link to a checker by Lewis Peckover which shows this in action if you're on O2 - more verification wouldn't hurt of course. http://lew.io/headers.php
2 comments
[ 2.8 ms ] story [ 19.9 ms ] threadThis is an appalling privacy hole, one which O2 have not publicised at all and from the contents of the tweet discussing, seem to see no issue with.
EDIT: a direct link to a checker by Lewis Peckover which shows this in action if you're on O2 - more verification wouldn't hurt of course. http://lew.io/headers.php