Hacker News new | past | comments | ask | show | jobs | submit login

Can you explain how Firefox (or Chrome) knows my location within 20m even if I use a VPN? Brave puts me where I think the VPN exit point is.

For example:

https://wikishootme.toolforge.org/




Many (most?) VPN mechanisms don't entirely remove access to the other routes from apps that manually request them, so even if an app isn't able to use something akin to "location services" on your device it might still easily be able to get access to your other IP addresses by sending requests with sockets manually bound to specific interfaces, and even might choose to lower the priority of information learned using interfaces that are clearly tunnel devices instead of network cards.


Also known as split tunnel, this can be used by corporate VPN solutions to lower the amount of network traffic entering a data center (so you don’t overload your undersized pipes)


No, I don't mean that. That's when you purposefully set your routing table to split some traffic to different paths. The premise here is that even if all of your traffic is supposedly going over a VPN, an app can often opt out of that and do whatever it wants.


> by sending requests with sockets manually bound to specific interfaces

I don’t believe this is possible in client JavaScript within a web browser. Very open to be proved wrong.


I thought the complaint was that the browser was figuring it out directly and then exposing it, such as via the browser's location API, not that the website was figuring it out using non-location network mechanisms provided by the browser.

(FWIW, a website that is given media recording privileges can definitely do that, though, using WebRTC. If you don't have that privilege then you can still use the WebRTC API but it doesn't return alternative candidates. But I also don't think that is what they meant.)


This could also happen if you have a misconfigured VPN with a DNS leak. Check out this website for clues: https://ipleak.net/


I checked and my DNS is not leaked through the VPN. Even if it was, how could that result in such an accurate localisation?


You clicked "Allow" on the location request dialog, click deny and it won't do that.


Of course, but how does it know? Where is the information from?


I'm assuming you mean on devices without a GPS.

There are services that wardrive around mapping locations of WiFi access points. Your laptop periodically will phone home with your nearby Wi-Fi MAC addresses (BSSIDs) to ask where they were detected.

Here's one such service: https://www.skyhook.com/wifi-location-solutions


By the way, if you've ever noticed a brief packet drop or latency spike (usually a few 100s of ms) while pinging a server from your Mac, it might be because your device is doing this.

When Location Services is on (which it is by default), macOS will periodically switch your wireless card to monitor mode to find those nearby SSIDs. That briefly interrupts normal network traffic.

IIRC, it does this more often when Find My.app is turned on.

You can disable Location Services in: System Preferences > Security & Privacy > Location Services


firefox has something called the mozilla location provider, which maps wifi access points to locations, which is similar to what google maps uses when you have gps disabled on mobile


Is there a way to turn that off? I never want my browser location services to work.


Go to about:config () and set geo.enabled to false.

: if you're on Android, you'll need either an unstable version (Beta, Nightly) or a fork (Fennec from F-Droid) of Firefox to get access to that page because Mozilla decided users of the standard distribution can't be trusted with these settings.


This would make sense, thank you. Apparently Chrome has something similar?


When you are on the VPN test for these:

https://www.expressvpn.com/webrtc-leak-test

https://www.dnsleaktest.com/

http://ipv6leak.com/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: