New report analyzes online location privacy

Discussion in 'privacy general' started by lotuseclat79, Mar 2, 2010.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    New report analyzes online location privacy.

    -- Tom
     
  2. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    As far as I know a VPN will prevent any type of GEO location tracking. Does anyone know of any installed programs that might bypass this?
     
  3. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    Firefox, Chrome, Opera.

    Do a search on "W3C Geolocation API" and "Google Location Services"

    IP address is just one method (and the least accurate, and least preferred) of determining geolocation. Firefox and Chrome 5 will take mac addresses of wireless access points that a computer can see and send them to Google Location Services and receive back a fairly accurate location. Phones use GPS or tower information.

    Twitter just enabled (opt-in) geolocation stuff.

    The upside is that, at least with Firefox, one can spoof the geolocation info sent to sites that request it and basically tell them you are where ever you want.
     
  4. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    If I am using Xerobank, I am pretty sure that the only thing that a website can see is Xerobank.

    Evidently firefox sees my geo location as being in whatever country the Xerobank exit node is in because it shows Google or Myspace etc... in that country's language.

    If you can show me a test or proof of concept otherwise I would love to see it.
     
  5. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    See my previous post.

    The way the geolocation api works is that lacking any other basis for location info it falls back to IP address. So you are likely using a wired ethernet connection, or any wireless mac addresses that are visible to your computer aren't yet in the Google Location Services database. In either case the geolocation api uses method-of-last-resort and does what it can using your IP address, which in your case is the VPN egress IP.

    On the other hand if you are using a wifi connection and there are access points visible to your computer whose mac addresses are in the Google Location Services database, which is likely unless you are in a rural area, if you are using recent builds of Firefox or Chrome (coming soon to Opera), then when you go to certain geolocation sites you'll get the pop-down asking to share your location. In that case Google's geolocation API won't be using your IP address, it will using wifi ap mac addresses.
     
  6. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    That's just plain evil. That'd also be an issue for WiMax, yes?
     
  7. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    I don't know. I haven't read anything about WiMax access point data being utilized by Google Location Svcs. They do use mobile phone tower data for geolocation for mobile phones though (if there's no GPS info)

    I wouldn't call it evil. Geolocation data isn't sent without your permission. And with Firefox it can be permanently disabled (about:config, geo.enabled set to false), or spoofed for lulz.
     
  8. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    What's evil is that it's enabled by default, and that momentary inattention could reveal your location. Also, if browsers are collecting geolocation data, I suspect that websites could collect it without asking.
     
  9. Zeena

    Zeena Registered Member

    Joined:
    Apr 25, 2008
    Posts:
    409
    Location:
    UK
  10. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    What about geo.wifi.uri?
    Or, NetworkGeolocationProvider.js?
     
    Last edited: Mar 23, 2010
  11. Katelyn

    Katelyn Registered Member

    Joined:
    Mar 22, 2010
    Posts:
    5
    What if your VPN is blocked from your favorite websites?
    Detecting and blocking proxy/VPN access seems not to be so difficult... Please read this thread!
     
  12. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    geo.wifi.uri is the setting in about:config that points to the geolocation provider, which is Google Location Services at https://www.google.com/loc/json

    You could change that to another provider or point it to a file.

    NetworkGeolocationProvider.js is the actual Firefox javascript that handles all the geolocation stuff, getting the request from the site, talking to the geolocation provider, trying wifi, then IP location resolution, etc.
     
  13. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
  14. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Mozillazine Forums
    Found this after posting.
     
  15. jesusjesus

    jesusjesus Registered Member

    Joined:
    Jul 21, 2009
    Posts:
    61
    It's interesting that youtube still knows where I am when I upload videos, but it's probably just looking up my IP. When I zoom right in on the map I can see that my position is actually a few miles from where I am.

    If my location was detected via wifi hotspots my position is correct to about 40-50 yards, which seems quite amazing.
     
  16. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Hi Jesus. I think it was you who suggested that a new technology that helped to apprehend child porn suspects was based on Geolocation. Do you remember the article? I can't find the original but this is another one. They say that the ISP has to install some software but that's all they have to do. The detectives have some way of using that software to pinpoint the suspect's location. They then drive there and point a device toward the house or apartment to verify the router.

    http://www.geek.com/articles/chips/...-child-predators-using-the-internet-20090615/

    I think they are probably working on ways to incorporate this technology on a much broader scale. And as the technology improves, it will become easier and easier to use. As it is now, they could probably use it legally for anything they like.
     
Loading...
Thread Status:
Not open for further replies.