Visiting websites with your smartphone on mobile data can reveal your full name, phone number, address, and even location
With just your mobile IP address, a website can find out all of your billing information, and even your precise location. This has been going on for years, largely behind the scenes – but recently the issue has been re-highlighted and the benefits of hiding your IP address are super clear.
Whenever you are using your smartphone’s data plan, you are assigned a mobile IP address by your cell tower. This IP address is provided by your telco, and will always be correlated with your billing information. American telcos like AT&T and Verizon sell your personal information: home address, phone number, and cell phone contract details, possibly even down to your current longitude and latitude, to anyone with your mobile IP address. This means that when you use your mobile to browse the internet, each of the sites you visit could easily have your full name, phone number, home address and email address, and even approximate location. AT&T has been actively providing this information to law enforcement for over a decade, also for a profit.
Leaking your mobile IP address means leaking your billing information too
This news is making waves currently thanks to philipn from Shotwell Labs, who took to the internet medium to spread his message that this crazy invasion of privacy has been actively happening for years. philipn’s post showcased two demos from companies that had bought this access from mobile carriers that demonstrated the power of the mobile identity API. If they use one of the many services that use the information that American telcos are selling access to, any website you visit (or advertiser on said website) can easily get your home and email address, phone number, cell phone contract or location details when you visit on your smartphone. The two demo links (which have since been taken down), run by Danal and Payfone, relied on paid-for enterprise APIs from American telecommunication companies. AT&T first announced their Mobile Identity API program in 2013 – and Verizon launched their competing product soon after. The targeted personal information is increasingly valuable to advertisers as the percentage of mobile website visits starts to outweigh desktop visits.
Multiple users with subscriptions to Verizon, T-Mobile, and AT&T on Hacker News reported that their information shows up – “full name, phone number, mailing address, and e-mail address” – even if they’ve opted out of all privacy invading options possible. This is clearly default behavior and, even though the publicly accessible demo of this personal information being readily available are currently offline, we are reminded that we don’t have any control over whether or not this information is sold for monetary gain by the telcos – which they are actively doing. The only solution is to never expose your mobile IP address is to make sure the websites you visit only see your VPN IP address.