Geolocation test without router and VPN connected

Discussion in 'privacy technology' started by caspian, Apr 6, 2010.

Thread Status:
Not open for further replies.
  1. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    This is a test I did with my HP laptop (Windows 7) connected diectly from the modem, with the router unplugged, and with Xerobank connected:

    My modem is a Motorola SBV5220 SURFboard Cable Modem.

    With the VPN connected, and *without* NoScript enabled, it shows my location about a block away from where I live.

    With NoScript enabled it shows nothing.

    With google.com temporarily allowed, it shows Dallas TX (College ave). Huho_O

    With google.com temporarily allowed but with gstatic.com blocked, it shows nothing.

    I also tried this with Iphantom. With Iphantom connected and NoScript disabled, it shows my location as about 4 miles away.

    Again, by blocking gstatic.com it was unable to show a location.

    Something very interesting:

    When I tried geoloation inside of Sandboxie, in the absense of NoScript (VPN connected), it was unable to provide a location. This was the same with both Xerobank and Iphantom connected. But this did not work on my HP desktop. And although I did not perform all of these tests on my desktop, it was able to show my general location while connected to Xerobank without the wireless router. And unlike my laptop, Sandboxie was unable to block geolocation on my desktop ( HP Pavilion Elite Vista 64 bit).
     
  2. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Caspian, That's troubling in several aspects. I'm going to do some testing myself and give this some thought before I say anything else. The one thing you didn't mention: what site were you using that nailed your location?
     
  3. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Did you connect the laptop via Ethernet or USB?

    I wonder whether cable systems provide additional geolocation information.

    I suspect that your laptop's wireless card is picking up one or more neighboring wireless routers. Have you tried the tests with the card turned off?

    I presume that Noscript blocks the script that queries the wireless card.

    I'm confused by this one. I presume that you allowed both google.com and gstatic.com for this test. Yes? I also presume that you were using XeroBank's Dallas exit node, yes? If that's so, you were providing conflicting information -- Dallas via IP, and nearby via router MACs. It appears that the system (foolishly, perhaps) trusts IPs more than MACs if there's conflict.

    That makes sense.

    I wonder why you got four miles away here vs a block away using XeroBank. Perhaps your nearest neighbor's wireless router was down during this test.

    That makes sense too.

    I don't know Sandboxie. It appears that it prevents the browser from getting info re available wireless routers. Is that expected?

    Does your desktop have a wireless card? I can't imagine how Google knows your area unless it has one.

    I have no clue why Sandboxie would behave differently on laptops vs desktops. Perhaps there are differences in wireless hardware.
     
  4. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Ethernet.

    No. I don't know how to turn it off, but I will find out and try again. However, when I connect to a network, there are only 2 connections available and the one that belongs to someone else is a secured one. I cannot log into it.


    Yes.

    I was connected to the USA/Canada mode. My exit node was Canada. Is the US entry node in Dallas?

    Yes. It is built in.

    I don't know. They are both HP but the laptop has Windows 7 and the desktop has Vista 64 bit. I will try this at my parent's house soon when I go to visit.
     
  5. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    The other one must be a block away.

    No, it's The Planet in Houston. Perhaps it's getting Dallas from some database as the address for XeroBank USA. In any case, it's not your exit node.
     
  6. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    What's being missed here in the discussion, if I have read Caspian right, is that what is happening - should not be. Period. Where's the leak? Where's the hole? The assumption that it's another nearby wireless card is assuming too much. (And even if it is, that's NOT good.) My guess is there's more here than that.

    Caspian, I asked earlier, (maybe you missed my question), what particular websites were returning the geolocation information to you?

    Also, here's the big deal: I talked to somebody about this and did a little testing of my own and now I'm really curious about something as you said you were using Windows 7. Do you have access to a computer with Windows XP to use your XeroBank software? If so, try to do the exact same tests as before and check your results. Not in a VM, but using XP as the primary OS.
     
  7. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Basically, the hole is the geolocation system. Given what I've read about geolocation, most of caspian's findings don't surprise me -- as long as his machines are seeing neighboring wireless routers. What does concern me is where gstatic is getting Dallas.

    There are ways to check that. One is to turn off his computers' wireless cards. On my notebook, there's a function key. One could just disable the driver. If, after doing that, geolocation points to the exit IP of the VPN that he's using, QED. Alternatively, he could take the laptop across town, and see whether that changes the reported location. He could also get the MACs of the wireless routers that he can see, look up their locations, and see how they compare with reported geolocation.

    I agree. In particular, what's up re Dallas and Sandboxie?

    It does appear that Sandboxie doesn't work as well in his desktop running Vista x64 as in his laptop running Windows 7. However, as long as neighboring wireless routers are the major leak, this is really a separate issue.

    Caspian, what do you get on your desktop connected to XeroBank with NoScript enabled (blocking scripts, I mean) without Sandboxie? I'm guessing that no geolocation will be reported.

    Regarding Sandboxie, is your desktop running Windows 7 x86 or x64? If it's x86, the issue re Sandboxie in Vista x64 may be PatchGuard related. See http://www.sandboxie.com/index.php?NotesAbout64BitEdition.
     
  8. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    When you have a moment, can you please provide links to the most informative articles on this subject? (Thank you.)

    * * * * * * * * * * * * * * *​

    To the best of my knowledge, Internet Explorer 8 (unlike Firefox) does not support location aware browsing. Therefore, are the concerns raised by Caspian mitigated to any extent when using IE8?
     
  9. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I am traveling, a long way from home right now so I can't really spend anytime here right now. But I will be back sometime tomorrow and I will respond to this thread. And I will do the experiments that have been recommended. Thanks
     
  10. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Sorry. Although I don't recall, I believe that most everything that I've read re geolocation was linked from Wilders threads. And Wikipedia, of course.
     
  11. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I had some luck today. When I turned my computer on today, the only router that my computer saw was my own. So I did not have to worry about turning off my wireless card....or whatever it is called.

    With my router turned off and the Ethernet connected directly into the computer with no VPN, geolocation did not work at all.

    I also checked with my router on with no other router visible, and with the VPN connected.

    With the VPN connected, in Sandboxie, geolocation showed Dallas (But outside of Sandboxie, it showed a block away from my house.". Here are two screenshots. The second one is enlarged.

    1.jpg

    2.jpg
     
  12. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Cool.

    Huh? With no VPN, and no WiFi router MACs to rely on, I would have expected a geolocation result based on your true IP address. Yes?

    It must be getting Dallas somehow from XeroBank. If you have time, it'd be helpful to repeat this test using various XeroBank paths, and see how the reported location relates to the entry and/or exit node IP address.

    That must be the location listed for the MAC address of your WiFi router. It might have been logged by a wardriver using GPS.
     
  13. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Evil browsers. Our new xB Browser VM of course defeats this. ;)
     
  14. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Here's one.....pretty good introduction:
    http://www.pcworld.com/article/192803/geolocation_101_how_it_works_the_apps_and_your_privacy.html
     
  15. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
  16. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    This one does opt work for me but I have absolutely no doubt that people are coming up with all kinds of clever ways to trick people out of their GPS.
     
  17. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I am glad to hear you say this. I suspected that it would defeat geolocation. I tried to get it up and running a while back but could not. And I really did not have the time to keep trying, but I do now and it is definitely on my list of things to do list. I am really excited about it. The idea of being able to connect to a VPN by running a specialized browser running off of a virtual machine on a USB stick just sounds like about the coolest thing I have ever heard of.
     
  18. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    It didn't when I tried. And I refreshed it a couple of times. But I will try again.
    I will give that a try and see if it makes a difference.
     
  19. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    LockBox, thank you.
    * * * * * * * * * * * * * * *​

    Caspian, are the results of your tests any different when using Internet Explorer 8 versus Firedox?
     
Loading...
Thread Status:
Not open for further replies.