4

What does enabling/disabling geolocation access to a website on a browser actually mean?

  1. If I disable access to a website, what information will be shared with that particular website server?
  2. If I enable access to a website, what information will be shared with that particular website server?
  3. How accurately can the website geolocate the user in both the above scenarios?
schroeder
  • 123,438
  • 55
  • 284
  • 319
Kane
  • 61
  • 5
  • Before the smartphone era, it is just plain IP tracking base on ASN and narrow down by user who volunteering submit the area ZIP code when using some services. – mootmoot May 17 '19 at 13:08
  • Thanks, could you please elaborate? – Kane May 17 '19 at 13:22
  • 1
    initially, all user device IP address is tied to particular ASN, and the ASN info will contains the ASN owner Geo-location. The next level is using geoip services like Maxmind. – mootmoot May 17 '19 at 13:27
  • the setting enables a site to access the device's GPS location. Now some phones go beyond GPS, using SSIDs and other info to compute a position, but GPS access was the original "perm" that the notification/setting enables. Just because a site pulls your location doesn't mean it goes to the server either, just be be specific. I have a speedometer app that uses location, but it never leaves the client... – dandavis May 17 '19 at 18:09
  • thanks @dandavis - Is there anyway to know the exact data that the browser will share to a website on the stated scenarios? – Kane May 20 '19 at 09:15
  • you can view all server interaction with the developer tool's network tab. in a more complex way, you can intercept the actual location provider api, and log all the info it ever returns. – dandavis May 20 '19 at 20:10
  • Here is the paper that talk about privacy issue and guideline for Geolocation API. (BTW, camera /mobile phone that snap photo and tag the GPS to the image file data will also leak your activities profile if you upload it to a website.) – mootmoot May 21 '19 at 11:49
  • @mootmoot - Did you miss to add a link to that paper? – Kane May 22 '19 at 08:37
  • 1
    @Kane : https://www.w3.org/2010/api-privacy-ws/papers/privacy-ws-4.pdf – mootmoot May 22 '19 at 08:54

1 Answers1

1

Location requesting involves using the geolocation API in JavaScript, and allows a website to obtain high-precision location information, usually by using the device's GPS and a combination of other sensors such as nearby Wi-Fi hotspots and cell towers. This allows websites to give you more relevant results based on your location. A hotel website might use that to automatically detect where you are and list nearby hotels. If you set your browser to deny location requests, it will simply not give your location to the website. The precision of the geolocation API can be very high, although accuracy varies.

Without location requesting, a website can still determine your approximate location based on your IP address. This is called GeoIP and cannot be avoided short of using a proxy to "change" the IP address you use. IP location info is generally very rough. Sometimes it can pinpoint the city block you live in, and other times it doesn't even get the city right. IP geolocation cannot be relied on for accuracy.

See also How does Google Maps know where I am, when I'm using a VPN?

Glorfindel
  • 2,235
  • 6
  • 18
  • 30
forest
  • 64,616
  • 20
  • 206
  • 257