Yes, for the non-paranoid people I think just spoofing it is a much better alternative. As explained in this thread I linked above, adding the following to the IP blacklist is enough for stopping Ubuntu from making connections to geoip thingies: ntp.ubuntu.com (only once at boot time) daisy.ubuntu.com (sporadically called during user session) geoip.ubuntu.com (sporadically called during user session) videasearch.ubuntu.com (Sporadically called during user session, don't know why it's even used let alone by which process. If someone can enlighten me, I'd be happy to learn.) NOTE: NTP is used for Clock sync as far I as know, so the user might want to keep that enabled. NOTE(2): The thread I'm using as reference is from 2012. I did some research on Ubuntu packages and it seems that the package "indicator-datetime" is only present at Ubuntu 12.04. So in that particular version on Ubuntu, indicator-datetime depends on geoclue. Users from 14.04 and onwards probably don't have to worry about geoclue anymore. From the C example also linked above, it appears that EACH PROGRAM has to respect user choice, and this call is made at program level (not at geoclue level). Personally, I won't look at the source code of every program I use just to see if they respect my privacy. That's why I think removing geoclue is a better option than just blocking stuff from making connections. But I'm too paranoid with this. Maybe someone is willing to test Linux with Wireshark to see if the system is making connections aside from what Ubuntu already does (and can be prevented, for the most part). For what I can see, Zeitgeist is worse then geoclue, because it logs everything. From Wikipedia: It seems Zeitgeist is a service which logs the user's activities and events (files opened, websites visited, conversations hold with other people, etc.) and makes the information available to other applications. But there's a problem: removing zeitgeist will make Unity to malfunction. Personally I'd rather remove Unity, a DE which I actually enjoy, than to have zeitgeist installed. Or rebuild Unity and unmark zeitgeist/geoclue as dependencies.
For those that have mentioned using vpn's with vm's are the vpn's you use paid versions? And don't you still then have to trust the vpn provider?
I use autistici VPN, but I also have riseup's VPN if I need it. I don't trust any commercial provider, let alone free ones. IMO money can't be the first motivation when it comes to privacy.
I currently have two paid subscriptions, one is primarily smart dns but also includes a pretty good VPN which is only accessible with generic OpenVPN software which is perfect for me. I haven't found a VPN provider that has a custom client I really like. A lot of the the VPN providers are also doing smart dns these days. It is primarily sold as a way to spoof streaming media providers and get around geoblocking but, by its nature, it does a lot of location spoofing in general. If you are fooling Netflix or the BBC, you are fooling everyone else you connect to. Which VPN provider is the most trustworthy is a convoluted subject with lots of debate. I generally feel that you get what you pay for and running a good VPN service is a business with a fairly high overhead cost so any free services are going to be limited, especially when it comes to bandwidth. Most commercial VPN services by themselves are not going to protect you from the likes of the NSA because they are marketed to those who are trying to avoid the RIAA and MPAA which are much less formidable adversaries.
Looking at an older thread of mine at Debian's forums, there's this command to see why a package got installed. In fact, I got really mad that Steam installed geoclue Code: aptitude why geoclue http://forums.debian.net/viewtopic.php?f=10&t=121608&p=575085#p575091
Some of us go to considerable lengths to avoid revealing geolocation. So this feature of apps being location-aware, which is a great thing for those seeking a hot date or a quick espresso (or vice versa), shows up for us as rather a bug.
You're missing the point. I don't like or use geolocation either. EVER. But if you flip a switch, it's gone. Problem solved. So what exactly is the big deal? Mrk
It would be very helpful if you would explain what you mean. And how to do it. In Debian wheezy with GNOME 3.4.2, I get: Code: # aptitude why geoclue i task-desktop Recommends task-gnome-desktop | task-kde-desktop | task-lxde-desktop | task-xfce-desktop pi task-gnome-desktop Depends gnome-core pi gnome-core Depends empathy (>=3.4) pi empathy Depends geoclue It appears that removing geoclue, or even empathy, would seriously mess up gnome-core. What desktop could I use that doesn't depend on geoclue etc? Or is turning geoclue off and/or blocking it the best option? Exactly how does one do that?
I thought it was installed only with Gnome, KDE or Mate?? Not sure. I'm using Arch XFCE desktop and running the command the OP provides in first post, I get: Code: $ sudo pacman -Rs geoclue geoclue2 webkitgtk webkitgtk2 webkit2gtk yelp zeitgeist qt5-location error: target not found: geoclue error: target not found: webkitgtk error: target not found: webkit2gtk error: target not found: yelp error: target not found: zeitgeist error: target not found: qt5-location So maybe XFCE desktop is a good bet? I'm guessing from your post that you're aware it's a Gnome, KDE or Mate issue. This is all new to me so please forgive any lack of or wrong info from me.
Geolocation is one of the more intrusive technologies for those interested in personal privacy. The smartphone era has made it pervasive and omnipresent. I find it a bit shocking that the location of my humble Linksys WRT54G is in the Google maps database and that both Windows and Linux can be used in conjunction with the Google Maps api to locate any device within its RF reception range whether connected to it or not. The trouble with just removing one OS feature like geoclue is that a script in a browser can easily use several other means to determine location and bypass an OS location switch with a simple call to OS functions that have nothing to do directly with location but can be used to determine it.
You could let it install with the DE you use, and then remove it, though I assume you're also on the paranoid side If that's the case, try XFCE with SLIM as a login manager. No geoclue here. Oh, and Netscape doesn't use webkitgtk and Co. Yes. GNOME, KDE, MATE, all have geoclue as a non-direct dependency. Interesting enough, Unity (14.04) seems to have dropped geoclue as a dependency for the Clock. However, they probably still have zeitgeist tangled deep into Unity's core. So, for Ubuntu users: Lubuntu 14.04 and Xubuntu 14.04 won't have geoclue as a must-have package. But look for zeitgeist, it could be considered worse than geoclue. Exactly. I got hit hard when I noticed that even in Linux we had this kind of problem.
Qubes has a lot of promise. I have been using it as primary/secondary system on and off for a while now. R3.1 seems to be a good jump above R3.0 which was an even bigger jump from R2.0. I am buying a new computer and will probably switch to it as my primary. Compartmentalization and the use of gateway VMs is really the key to blocking geolocation tracking.
Do any of you use Steam on Arch? I could write a short tutorial on how to build the Steam .tar.xz package without Zenity (which requires Webkitgtk2, which requires geoclue2).
UPDATE: There are two new methods of not using geoclue and geoclue2 that enable the user to use MATE, for example. The first, which is the easiest, is to create a dummy package to trick Arch into thinking it has geoclue installed. The second method is to compile webkitgtk, webkit2gtk, and webkitgtk2 without geoclue as a dependency. I'm not sure if I should create a new thread or to just post on this one. Anyway, I'll update this thread today.
Here's how to do it in Debian/Ubuntu/Mint: Code: apt remove --purge geoclue* zeitgeist* libqzeitgeist* qml-module-qtlocation qtlocation* qtpositioning* libqtlocation* libplasma-geoclocation-* Then, create a file '/etc/apt/preferences': Code: Package: geoclue* zeitgeist* libqzeitgeist* qml-module-qtlocation qtlocation* qtpositioning* libqtlocation* libplasma-geoclocation-* Pin: origin * Pin-Priority: -32768 Then: Code: apt update And you're done. If you're on the paranoid side, just create the file while installing the OS (Expert Install). Before selecting the menu "Select and Install software", create the file. Go to "Execute a Shell", then: Code: chroot /target/ /bin/bash Code: nano /etc/apt/preferences Code: Package: geoclue* zeitgeist* libqzeitgeist* qml-module-qtlocation qtlocation* qtpositioning* libqtlocation* libplasma-geoclocation-* Pin: origin * Pin-Priority: -32768 Here's my file: http://pastebin.com/raw/MjwUPVVf Once you're chrooted,you can simply "wget http://pastebin.com/raw/MjwUPVVf" and then "cp MjwUPVVf /etc/apt/preferences". This saves a LOT of time and you won't need to create the file.
Has anyone managed to find any evidence of being tracked without permission or is this whole thread still FUD ?
It's not a question of being tracked without permission, it is question of not being tracked at all. Some of us would not have the devices we use give any location information at all, regardless of permissions. It is just part of any reasonable privacy discussion. Those who are concerned about privacy don't want either who or where they are being tracked.
When I look at Zenity's depends on Lubuntu 14.04 LTS, fully updated, I see: Code: Depends: libc6 (>= 2.4), libgdk-pixbuf2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.24.0), libgtk-3-0 (>= 3.0.0), libnotify4 (>= 0.7.0), libpango-1.0-0 (>= 1.14.0), libwebkitgtk-3.0-0 (>= 1.3.10), libx11-6, zenity-common (= 3.8.0-1ubuntu1) Note the absence of "Webkitgtk2" and the references to "gtk-3-0" which are expected because Zenity is a gtk3 app and not a gtk2 app in *buntu 14.04.