That user's comment at Schneier's is "interesting". I wonder how many people can legitimately claim to have worked with 130 mobile operators, and would know what those operators are actually doing in terms of passing information to other parties. I'm somewhat suspicious, but don't rule out the possibility that it may be someone in a unique position. I think we'd want more information, including that which clarifies the contexts. I once read that in one or more Asia countries it is extremely common for people to purchase things with their smartphones and have those purchases charged to their mobile phone service account. That is a context where it might make more sense for mobile operators to communicate some information to those parties from which the user is purchasing something. Theoretically, it may even be possible for it to be done in a consumer friendly way that maintains some security/privacy. To know, I think we'd have to dig into various details including: Does the user know, in advance, precisely what information would be sent/disclosed to precisely whom? Does the user have the ability to review ALL such information and correct any errors? Is the information ONLY disclosed to a party when a user... in an entirely voluntary and explicit opt-in fashion... chooses to engage in a transaction with that specific party? Is the absolute bare-minimum information disclosed to that party, and ONLY that which is absolutely necessary to complete the specific transaction? Are there alternative solutions so that so-inclined individuals can refrain from conducting transactions through the mobile operators and exposing so much information to them? Is the communication and information very strongly protected (technically, contractually, legally) against all other parties, sharing, and usage? Are there extremely severe penalties for sending such information when not explicitly commanded by the user, for recipients sharing such information with third parties, for anyone using the information for secondary purposes (especially targeted advertising), etc? Perhaps it is just wishful thinking, but if there are other mobile operators that are passing data to websites I hope they are adhering/subject to much higher standards.
AT&T Stops Using Undeletable Phone Tracking IDs http://www.propublica.org/article/att-stops-using-undeletable-phone-tracking-ids AT&T Ditches Tracking Header Program; Verizon Still Refuses https://www.eff.org/deeplinks/2014/11/att-ditches-tracking-header-program-verizon-still-refuses Neither article sheds light on how much damage was done to users' privacy as a result of AT&T's testing.
