Mon 7 Feb 2011
Dhiraagu GPRS, TouchNet or Mobile Broadband Privacy Leak
Posted by ahmedazhad under Computers , Internet[8] Comments
I stumbled upon a potential privacy issue for those using Dhiraagu GPRS, TouchNet or Dhiraagu Mobile Broadband.
But before I go further, lets do some magic. Those using the above networks may be surprised at what I can tell about your connection (opens in a new window). If you found an empty space or blank there, that’s real good.
If you found your mobile phone number or your data sim number, don’t panic. This is a bit of information that is offered (to websites) when your browse the internet. You should already know that websites and police can track you with your IP address. But this is too revealing in my opinion.
I do not know about other GPRS/EDGE/3G/3G+ services like Wataniya. Please comment in my blog if you have info.
If someone is using Vidalia bundle/Tor, could you please check whether it works in that too and comment in my blog.
Comments link is just below the title of the post.
Disclaimer: Any info was obtained from the information offered through your ISP when you browse. No hacking involved. As you browse, your ISP is setup such that the above information is provided to the website(s). That is how I got the information. If you feel this violates your privacy, please complain to your ISP – not about me – about the fact that this information is leaked when you browse. This script does not store any information about you in my website.
Technical aspects:
- It is added by a transparent proxy – you don’t have the power to change it. Atleast you shouldn’t be able to do that. The transparent proxy is the reason why you get a wierd error message like the following: “Error: Requested content ‘www.ductape.net/~azhad/’ cannot be accessed. Error while connecting to server.
- Unfortunately, I am unable to discuss the technical aspects further as they may compromise Dhiraagu. I hope I have given just enough information.
- If anyone at Dhiraagu wants this to be removed, please comment on my blog post. If you do, please write why the above information is being transmitted to every website we visit.
Updates:
- Dhiraagu GPRS/EDGE also affected. Can show a persons real mobile number!
- 8/2/2011 The issue has been fixed. The script no longer works as Dhiraagu is no longer leaking your number to the websites you visit.
February 7th, 2011 at 9:41 pm
I use Wataniya modem and the mobile number does not get displayed. Good eh?
February 7th, 2011 at 11:33 pm
if we uses something like opera mini it doesnt show the number . .
February 8th, 2011 at 10:52 am
it bloody well works on my mobile (nokia n73 native browser). totally unacceptable
on a bright side it doesn’t if you use opera mini browser.
February 8th, 2011 at 5:24 pm
In Opera Mini, do you see any text at all? Or does the spot have a blank?
February 8th, 2011 at 7:40 pm
According to Wikipedia, Opera Mini uses the Opera servers (as an intermediary to render and) to display webpages.
E.g. Opera Mini (browser) -> Opera Server -> azhad.net
Opera server would see your number [if they bothered to look] but does not forward it to my website. Hence I do not see the number when Opera Mini is used.
Note: This is ofcourse assuming that my website is able to display atleast something on the browser. I used broken HTML that is not standards compliant, but most browsers can manage to display the text. (Too much work – just done enough to get the job done in most cases!)
February 8th, 2011 at 9:50 pm
Your script does not work!! Fix it pls!!
February 8th, 2011 at 11:09 pm
Yeah. It doesn’t anymore. They have stopped doing it! – Dhiraagu has fixed the problem.
If a Dhiraagu staff read my blog, please comment.
The purpose of posting this blog entry has been fulfilled.
February 8th, 2011 at 11:21 pm
@dhonkalo Thanks for pointing out that it doesn’t work anymore.