On 1 July 2014 11:31, Per Jessen
John Layt wrote:
Requestiing your geolocation is part of the HTML5 standard, where a website requests from your browser where you are so it can give you a better service (or more targeted and thus profitable advertising).
Sure, but I don't see why the website doesn't just do the geo-locate itself. The information from my browser (whatever information it is) will be no more accurate, I think.
As I said, geo-ip is highly inaccurate and often wrong, so few websites want to rely on that. It certainly can't tell maps.google.com what street you're standing on so it can give you directions. Most commonly, all you know is that a certain IP was allocated to a certain ISP, and if that ISP operates across the entire US or UK then you have no idea where the person it was dynamically allocated to actually is. You may hit it lucky and get an IP that was allocated to a small city specific ISP, but it's not something you can rely on. Furthermore, with the shortage of IP4 addresses, blocks are being freely traded outside their originally allocated geo region and the database may never be updated. Then you get the problem of proxy servers: I used to work for a large multinational in the UK who routed all their traffic through their head office in the US, so I always got US Google or Amazon instead of UK Google or Amazon.
For example, Google Maps wants to be able to display where you are accurate to within a few meters, other websites may just want your city or country to influence your search results. Well behaved browsers like Firefox will respect your privacy and will ask you first before providing this information to a random unknown website. It is true that a website can try guess your location from your IP address, but this is usually only accurate to country level or sometimes city level and is often wrong so is rarely accurate enough for most use cases. They get better results by asking the browser to use the local device facilities to give them the accuracy level they require.
This is the interesting bit then - what does my browser know about my location?
It knows whatever the OS knows and is willing to tell the browser about. If you install Firefox on Android you will be asked to give it permission to access your GPS location, your cell radio for cell tower info, your network stack for wifi ap's in the area, etc. On Linux we have no such system level access checks, so we currently rely on the apps playing nice and asking you first, as Firefox does. Gnome and KDE for example use GeoClue to do this in various apps and browsers. GeoClue doesn't yet have any policy checks built in, if an app asks it tells it where you are, but this is being worked on and in the future it will use something like PolKit to ask the user for permission first. [Which brings the thread back to being related to OpenSUSE :-) ). However, even once GeoClue gets this security feature, an app can still go ask NetworkManager or ModemManager or gpsd or even the hardware directly, and I'm not sure they have any security features as yet or in the planning.
When returning the location, the browser can make use of various device facilities
I guess we're primarily talking about devices other than plain Linux PCs?
Mostly, but most laptops and many desktops have wifi, and some have 3G/4G/GPS built-in or as dongles, so the browser has to assume that it can get highly detailed and possibly personally sensitive information that you may not want shared with any random website, so it has to ask you first to be safe. John. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org