Question for XB Steve - Geo Location defeats Xerobank

Done!

Thank you very much

 

That makes the most sense...can one assume that any other software that tries to access this service would give us the same option to decline?

Check...thanks man.

Understood. sorry for the common misconception, edited my post above..

 

Not withinin Firefox. I'm sure someone could make software that does the same thing without letting you know. Not much you can do about that except to try and avoid disreputable software.

 

Just to be clear. You don't have to `use` a wireless access point To be gelocated you just have to be connected to a wifi router by a lan cable. It matters not if you're actually using the wifi, if it's turned on then it's a threat. An App will access the wifi router and detect the known wifi macs in your area.

But ofcourse if the wifi is turned on, then you would obviously be using it, even if just for the casual net connection to a phone or a laptop or similar.
I would guess if the government was trying to find you behind a secure VPN via wifi gelocation they probably still could, wouldn't matter what you turned off (other than the wifi it'self). Infect or inject you with something that's going to work the same as google gears geolocation etc.

It's still would be nice to beleive you could be completely untracable from the government but in reality for most the FBI aren't going to be tracking you down. Places like China and Iran would be different situations where they have a lot less freedom of speech, but I doubt a google street mapping car ever collected WIFI macs/gps data from those countries. And there may not be enough signals for wifi gelocation to work accurately.

 

That's not correct. The geolocation API in Firefox checks for a wifi interface, it it finds one it polls it for 5 seconds and captures SSIDs and MAC addresses (and signal strength) of all the access points it sees. If it doesn't detect an active wifi interface it falls back to basing geolocation on IP address. A typical home wireless access point cannot gather information about other nearby access points.

 

p.s.

Here's a proof-of-concept for xss exploit against the local wireless router to snag MAC address info and use Google Location Services to find the location:
http://samy.pl/mapxss/

 

Mvario,

Thanks for linking to the Firefox plug-in to spoof your location to these websites.

Works wonders..

To anyone else, if you disable the geo.enabled in firefox it DOES render these websites useless as far as I can tell.

If you choose to keep the geo.enabled in the about:config, but use the spoofer, it allows you to pick your destination anywhere, as Firefox asks you if you want to share your location.

 

No problem. I love it. With geolocation on Twitter I get to post tweets from all over the place. Twitter still doesn't recognize geolocation data from outside of the US and some of Europe so I can't quite travel the world. Yet.

 

I can't get it to work but I do have the Geo location in Firefox disabled. Is this suppose to work regardless?

Anyway, I strongly suspect that there are various ways to do this. As I mentioned above, I posted an article a while back where an ISP installed special software and a separate entity was able to take over from there....without any further help from the ISP. They were able to get a location and then they drove up to houses pointing a device until they found the router. I am thinking of connecting directly from the cable but I have read that using a router is more secure. I don't know what to think.

 

Oh, and don't give me any of that "if you're not doing anything illegal then you have nothing to worry about" nonsense. We know all to well that this type of thinking is for the ignorant and the gullible. It may not be widely used now but it most assuredly will be. So what does this mean for bloggers and whistle blowers etc...?

 

It should, as long as you have a Verizon FiOS router and are logged into it. (It's proof-of-concept, something more nefarious would probably attempt to log in using the default router password). I don't use Verizon FIOS so I can't test it.

I'd like to know specifics, sounds like a lot of smoke & mirrors to wow the layman. Networks all work withing physical characteristics and constraints. If they were pointing something it would be a directional antenna. In which case they were looking for a specific SSID/MAC or intercepting wifi communications. If something was installed then in all likelihood it was remote monitoring software.

 

In the original article, they refused to give specific details. But they were able to do a sweep and catch a huge number of people in a short period of time. But they were all using some kind of peer to peer sharing.

 

Google Street View logs WiFi networks, Mac addresses
http://www.theregister.co.uk/2010/04/22/google_streetview_logs_wlans/

 

But I thought person's MAC address was not visible from the internet??

What a pig. He is obviously American on paper only.

 

It's not. That's a bit of incorrect information in that article. Whomever wrote it may be confusing MAC addresses with IP addresses. MAC addresses are at the data link layer and don't route.

 

That's true. And FWIW, this is just a article re Google's wardriving efforts, harvesting MACs and GPS coordinates (with photos!) for geolocation.

 

Absolutely. Some ignorance on the part of the Germans combined with Google being the whipping boy de jour are blowing things out of proportion. Wardriving and WiFi MAC/SSID/location databases aren't anything new. Google isn't the first and they won't be the last. It has been going on about as long as there has been WiFi. Google is just using there StreetView cars to build up their geolocation database. They aren't the only geolocation providers, they aren't the only ones with a database, and they aren't the only one's wardriving. But they are high profile.

 

True. Still, it's especially creepy with the photos, IMHO. Global stalkers.

... and bikes, backpacks and (coming soon, borgs).

 

Question for XB Steve - Geo Location defeats Xerobank

so why hasn't Steve posted in this thread?

 

Streetview doesn't bother me at all, in fact I think it's fun and handy. I'm much more creeped out, for example, by the proliferation of surveillance cameras everywhere.

Well there is the Street View trike...
http://googleblog.blogspot.com/2009/10/street-view-we-can-trike-wherever-you.html

and the Streetview snowmobile...
http://googleblog.blogspot.com/2010/02/vancouver-forecast-light-winds.html

On the other hand, warwalking is as old as wardriving (http://www.yourdictionary.com/computer/wardriving-and-warwalking), though that 360° camera rig is kind of bulky for someone to carry around. They should warboat though, canal views of Venice and Amsterdam would be sweet.

[EDIT]
Google posted this today:
The importance of geolocation services
http://google-latlong.blogspot.com/2010/04/importance-of-geolocation-services.html

 

Quote arran

Good question that i've been wondering about too, maybe he's missed it

 

Lol. If you read the thread you know why. Because Geo Location in your browser isn't related to XeroBank. Your geographically aware browser, not xerobank's, is announcing location data.

This is like you going around announcing your identity, and expecting to nobody to know who you are. Turn off your homing beacon and don't use anti-privacy software.

 

@Steve

Could XeroBank's VPN firewall(s) be configured to block geolocation traffic?