Doesn't seem to do it using the phone as a modem - which access point are you using? From your headers it looks like the wap gateway rather than the internet one.

It's probably jsut a misconfigured gateway - normal the operator portal/walled garden uses these fields for authentication and identity (which should be done with a unique id, rather than msisdn, to be honest). They should be stripped when going outside the operator's network, though. Monumentally bad.

--ChrisH, 27-Jun-2005

Yes, my guess is that it's the gateway as well... I agree, monumentally bad.

--JanneJalkanen, 28-Jun-2005

Just tested with Saunalahti, same thing here. The via header says it's a Nokia WAP Gateway 4.1 though, which kind of casts doubt on the assumption that it's just a misconfigured gateway. The phone number appears in the x-network-info and x-nokia-msisdn headers.

--Ilkka, 28-Jun-2005

I just realized that was the first time I'd used WAP in the last six months, thanks to Opera and Putty on S60 =)

--Ilkka, 28-Jun-2005

Saunalahti propably sends your number if you happen to use Elisa's network. Elisa, at least few years ago, was the only operator that sent the phone number.

--Tuomas, 28-Jun-2005

I noticed this a couple years ago and found it disturbing. The operator responded that even if the number would be "secret" the number will still be send. Finnish Communications Regulatory Authority found no reason why the operator couldn't do it. So we have to bear with this non-user friendly fact. And they mention the fact that the number is sent in some of their User Agreement sheet, I've seen it in my own eyes.

--mr X, 28-Jun-2005

Some years ago when working for a startup that created mobile applications (WAP anyone ;) I remember us thinking of how to use the msisdn data for personalization as it was often (if not always ?) available.

I don't remember the details too well because I didn't work on that product or project. But it doesn't surprise me at all.

--Ramin, 28-Jun-2005

mr X: I couldn't find such a statement on my own User Agreement (which, admittedly, is a bit old). Could you be more specific, please?

(I found something here (Finnish), and section 6.8 seems to say something to that effect, but... It's quite vague.)

--JanneJalkanen, 28-Jun-2005


According to the test page, dna wap gw does not broadcast your number.

--bronx, 28-Jun-2005

At least Sonera Internet Access Point does not broadcast the number, though I cannot confirm their wap gateway.

--som, 29-Jun-2005

Sonera WAP GW ( does not broadcast the number, either.

--era, 01-Jul-2005

I as not even able to graph the x-msdisn header. When I tried to read it tomcat crashed. (my crappy code I supposed)

The bottom line is, it would be useful to identify the user who is viewing the website and here is my reasoning:

Web navigation is extremely difficult on most phones (no mine I have a motorola Q) but even the fancy PDA phones are not as easily to surf as a Desktop PC. I would provide a streamlined experience for the user if we could identify and save settings based on your phone number.

I think the posters main point is more an issue of paranoia than any real threat. It is like someone who deletes their cookies everyday and wonder why they have to enter there password even though they click remember me.

If anyone knows of a way to read a phone number from a mobile web device when it is view a page please let me know.


--SkiOne, 10-Mar-2007

It seems Elisa WAP GPRS gateway is still providing msisdn headers. This does not happen if use Elisa Internet connection type.

--AnonymousCoward, 25-Jan-2008

More info...     Add comment   Back to entry
"Main_comments_270605_2" last changed on 25-Jan-2008 21:48:21 EET by AnonymousCoward.