Escaping from Geolocation awareness in Linux

Discussion in 'all things UNIX' started by Amanda, Jan 10, 2016.

  1. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
    Yes, for the non-paranoid people I think just spoofing it is a much better alternative. As explained in this thread I linked above, adding the following to the IP blacklist is enough for stopping Ubuntu from making connections to geoip thingies:

    • ntp.ubuntu.com (only once at boot time)
    • daisy.ubuntu.com (sporadically called during user session)
    • geoip.ubuntu.com (sporadically called during user session)
    • videasearch.ubuntu.com (Sporadically called during user session, don't know why it's even used let alone by which process. If someone can enlighten me, I'd be happy to learn.)
    NOTE: NTP is used for Clock sync as far I as know, so the user might want to keep that enabled.
    NOTE(2): The thread I'm using as reference is from 2012. I did some research on Ubuntu packages and it seems that the package "indicator-datetime" is only present at Ubuntu 12.04. So in that particular version on Ubuntu, indicator-datetime depends on geoclue. Users from 14.04 and onwards probably don't have to worry about geoclue anymore.

    From the C example also linked above, it appears that EACH PROGRAM has to respect user choice, and this call is made at program level (not at geoclue level). Personally, I won't look at the source code of every program I use just to see if they respect my privacy. That's why I think removing geoclue is a better option than just blocking stuff from making connections.
    But I'm too paranoid with this. Maybe someone is willing to test Linux with Wireshark to see if the system is making connections aside from what Ubuntu already does (and can be prevented, for the most part).

    For what I can see, Zeitgeist is worse then geoclue, because it logs everything. From Wikipedia:

    It seems Zeitgeist is a service which logs the user's activities and events (files opened, websites visited, conversations hold with other people, etc.) and makes the information available to other applications.

    But there's a problem: removing zeitgeist will make Unity to malfunction. Personally I'd rather remove Unity, a DE which I actually enjoy, than to have zeitgeist installed. Or rebuild Unity and unmark zeitgeist/geoclue as dependencies.
     
    Last edited: Jan 15, 2016
  2. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
    Could you guys check what depends on zeitgeist?
     
  3. roark37

    roark37 Registered Member

    Joined:
    May 23, 2006
    Posts:
    193
    For those that have mentioned using vpn's with vm's are the vpn's you use paid versions? And don't you still then have to trust the vpn provider?
     
  4. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
    I use autistici VPN, but I also have riseup's VPN if I need it. I don't trust any commercial provider, let alone free ones. IMO money can't be the first motivation when it comes to privacy.
     
  5. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,244
    Location:
    Southern Rocky Mountains USA
    I currently have two paid subscriptions, one is primarily smart dns but also includes a pretty good VPN which is only accessible with generic OpenVPN software which is perfect for me. I haven't found a VPN provider that has a custom client I really like. A lot of the the VPN providers are also doing smart dns these days. It is primarily sold as a way to spoof streaming media providers and get around geoblocking but, by its nature, it does a lot of location spoofing in general. If you are fooling Netflix or the BBC, you are fooling everyone else you connect to.

    Which VPN provider is the most trustworthy is a convoluted subject with lots of debate. I generally feel that you get what you pay for and running a good VPN service is a business with a fairly high overhead cost so any free services are going to be limited, especially when it comes to bandwidth. Most commercial VPN services by themselves are not going to protect you from the likes of the NSA because they are marketed to those who are trying to avoid the RIAA and MPAA which are much less formidable adversaries.
     
  6. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    sudo apt-get remove --auto-remove geoclue
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Also
    Code:
    $ apt-cache policy geoclue*
     
    Last edited: Jan 15, 2016
  8. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,994
    Escaping from what?
    Mrk
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Some of us go to considerable lengths to avoid revealing geolocation. So this feature of apps being location-aware, which is a great thing for those seeking a hot date or a quick espresso (or vice versa), shows up for us as rather a bug.
     
  11. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
    Thank you. I couldn't have said it any better.
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,994
    You're missing the point. I don't like or use geolocation either. EVER.
    But if you flip a switch, it's gone. Problem solved. So what exactly is the big deal?
    Mrk
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Which switch?
     
  14. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,994
    Whichever distro you're using.
    Mrk
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    It would be very helpful if you would explain what you mean. And how to do it.

    In Debian wheezy with GNOME 3.4.2, I get:
    Code:
    # aptitude why geoclue
    i   task-desktop       Recommends task-gnome-desktop | task-kde-desktop | task-lxde-desktop | task-xfce-desktop
    pi  task-gnome-desktop Depends    gnome-core
    pi  gnome-core         Depends    empathy (>=3.4)
    pi  empathy            Depends    geoclue
    It appears that removing geoclue, or even empathy, would seriously mess up gnome-core.

    What desktop could I use that doesn't depend on geoclue etc?

    Or is turning geoclue off and/or blocking it the best option? Exactly how does one do that?
     
  16. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,282
    Location:
    Canada
    I thought it was installed only with Gnome, KDE or Mate?? Not sure. I'm using Arch XFCE desktop and running the command the OP provides in first post, I get:

    Code:
    $ sudo pacman -Rs geoclue geoclue2 webkitgtk webkitgtk2 webkit2gtk yelp zeitgeist qt5-location
    error: target not found: geoclue
    error: target not found: webkitgtk
    error: target not found: webkit2gtk
    error: target not found: yelp
    error: target not found: zeitgeist
    error: target not found: qt5-location
    So maybe XFCE desktop is a good bet? I'm guessing from your post that you're aware it's a Gnome, KDE or Mate issue. This is all new to me so please forgive any lack of or wrong info from me.
     
  17. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,244
    Location:
    Southern Rocky Mountains USA
    Geolocation is one of the more intrusive technologies for those interested in personal privacy. The smartphone era has made it pervasive and omnipresent. I find it a bit shocking that the location of my humble Linksys WRT54G is in the Google maps database and that both Windows and Linux can be used in conjunction with the Google Maps api to locate any device within its RF reception range whether connected to it or not. The trouble with just removing one OS feature like geoclue is that a script in a browser can easily use several other means to determine location and bypass an OS location switch with a simple call to OS functions that have nothing to do directly with location but can be used to determine it.
     
  18. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
    You could let it install with the DE you use, and then remove it, though I assume you're also on the paranoid side ;) If that's the case, try XFCE with SLIM as a login manager. No geoclue here. Oh, and Netscape doesn't use webkitgtk and Co.
    Yes. GNOME, KDE, MATE, all have geoclue as a non-direct dependency. Interesting enough, Unity (14.04) seems to have dropped geoclue as a dependency for the Clock. However, they probably still have zeitgeist tangled deep into Unity's core.
    So, for Ubuntu users: Lubuntu 14.04 and Xubuntu 14.04 won't have geoclue as a must-have package. But look for zeitgeist, it could be considered worse than geoclue.

    Exactly. I got hit hard when I noticed that even in Linux we had this kind of problem.
     
  19. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Qubes has a lot of promise. I have been using it as primary/secondary system on and off for a while now. R3.1 seems to be a good jump above R3.0 which was an even bigger jump from R2.0. I am buying a new computer and will probably switch to it as my primary. Compartmentalization and the use of gateway VMs is really the key to blocking geolocation tracking.
     
  20. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
    Do any of you use Steam on Arch? I could write a short tutorial on how to build the Steam .tar.xz package without Zenity (which requires Webkitgtk2, which requires geoclue2).
     
  21. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
    UPDATE:

    There are two new methods of not using geoclue and geoclue2 that enable the user to use MATE, for example. The first, which is the easiest, is to create a dummy package to trick Arch into thinking it has geoclue installed. The second method is to compile webkitgtk, webkit2gtk, and webkitgtk2 without geoclue as a dependency.

    I'm not sure if I should create a new thread or to just post on this one. Anyway, I'll update this thread today.
     
    Last edited: Jan 24, 2016
  22. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
    Here's how to do it in Debian/Ubuntu/Mint:
    Code:
    apt remove --purge geoclue* zeitgeist* libqzeitgeist* qml-module-qtlocation qtlocation* qtpositioning* libqtlocation* libplasma-geoclocation-*
    Then, create a file '/etc/apt/preferences':
    Code:
    Package: geoclue* zeitgeist* libqzeitgeist* qml-module-qtlocation qtlocation* qtpositioning* libqtlocation* libplasma-geoclocation-*
    Pin: origin *
    Pin-Priority: -32768
    Then:
    Code:
    apt update
    And you're done.

    If you're on the paranoid side, just create the file while installing the OS (Expert Install). Before selecting the menu "Select and Install software", create the file. Go to "Execute a Shell", then:

    Code:
    chroot /target/ /bin/bash
    Code:
    nano /etc/apt/preferences
    Code:
    Package: geoclue* zeitgeist* libqzeitgeist* qml-module-qtlocation qtlocation* qtpositioning* libqtlocation* libplasma-geoclocation-*
    Pin: origin *
    Pin-Priority: -32768
    Here's my file: http://pastebin.com/raw/MjwUPVVf
    Once you're chrooted,you can simply "wget http://pastebin.com/raw/MjwUPVVf" and then "cp MjwUPVVf /etc/apt/preferences". This saves a LOT of time and you won't need to create the file.
     
    Last edited: Jan 26, 2016
  23. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,380
    Location:
    West Yorkshire, UK
    Has anyone managed to find any evidence of being tracked without permission or is this whole thread still FUD ?
     
  24. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,244
    Location:
    Southern Rocky Mountains USA
    It's not a question of being tracked without permission, it is question of not being tracked at all. Some of us would not have the devices we use give any location information at all, regardless of permissions. It is just part of any reasonable privacy discussion. Those who are concerned about privacy don't want either who or where they are being tracked.
     
    Last edited: Jan 27, 2016
  25. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,373
    When I look at Zenity's depends on Lubuntu 14.04 LTS, fully updated, I see:
    Code:
    Depends: libc6 (>= 2.4), libgdk-pixbuf2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.24.0), libgtk-3-0 (>= 3.0.0), libnotify4 (>= 0.7.0), libpango-1.0-0 (>= 1.14.0), libwebkitgtk-3.0-0 (>= 1.3.10), libx11-6, zenity-common (= 3.8.0-1ubuntu1)
    Note the absence of "Webkitgtk2" and the references to "gtk-3-0" which are expected because Zenity is a gtk3 app and not a gtk2 app in *buntu 14.04.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.