I stumbled over it already a few times: the use of geoip.
I deleted the packages on my PureOS notebook and I’m missing nothing.
I have the suspicion that the majority of use cases for this service break privacy.
Any suggestions, opinions?
I stumbled over it already a few times: the use of geoip.
I deleted the packages on my PureOS notebook and I’m missing nothing.
I have the suspicion that the majority of use cases for this service break privacy.
Any suggestions, opinions?
geoip on end-user laptop is harmless. Surveilancers (sic!) use their own copy to determine your location based on your IP. By removing it, you just get rid of your ability to map some IP address to location.
off-topic: chosing default language based on location is the most anoying and malicious thing there ever was. That’s what http accept-language header is for.
For example, a browser extension like CountryFlag might use that kind of mapping functionality.
It is especially annoying, on every single Linux distro I’ve tried. Although I set my language to English, because my location is in Germany, my day and month are always in German. Seems like a stupid assumption. Nothing wrong with German, of course, but if my system language is English, why would I want other elements of it in a different language?
Hrmpf, I mixed up the names. I was thinking about geoclue:
The goal of the Geoclue project is to make creating location-aware applications as simple as possible.
The aim of project is to utilize all possible sources of geolocation to best find user’s location:
WiFi-based geolocation (accuracy: in meters) GPS(A) receivers (accuracy: in centimeters) GPS of other devices on the local network, e.g smartphones (accuracy: in centimeters) 3G modems (accuracy: in kilometers, unless modem has GPS) GeoIP (accuracy: city-level)
Difference is that the location is further narrowed down by using additional information from my system that someone seeing my IP wouldn’t have.
Adjusted topic from “geoip” to “geoclue” - sorry
Wasn’t there an html command where the host could put their Latitude and Longitude as a comment? (Fell into disuse I imagine.)
To correct myself again: I disabled the service.
Deinstallation leads to deinstalling gnome-maps. I wanted to keep it for some tests and for reference.
Geoclue uses a database maintained at mozilla to map various information found inside the system to a geographic location: cell tower id (mobile data), wifi ssid, ip address.
This means that geoclue requests information about these data points from a REST api at a mozilla server.
Say you’re connected via VPN to hide your traffic and possibly location. geoclue will happily ask mozilla about ssids seen by your computer hereby exposing your location at least inside this request to mozilla and making it possible to relate it to your IP address given to you by your VPN provider.
If I’m not mistaken the service leaks information about me (and possibly you) and we’ve never been informed about the fact it is requesting this information or asked about our consent to do so.
Furthermore per default the gathered information is available to some applications in your system including epiphany and firefox. If you do not trust these browsers to ask you properly for permission to use your location you’ll just know find out that they know it already.
It is possible though to configure geoclue to not request (and thereby send) any information to mozilla. It then still can be useful to just feed software like gnome-maps by using a local gps receiver.
If I do not misunderstand the situation I’d suggest that PureOS informs about the way geoclue works and offers a default configuration without transmitting any information to mozilla.
Ooo, thanks for pointing this one out!
It looks like in PureOS Amber, geoclue is not started by default (in gnome maps, the button “go to current location” is grayed-out and non-functional, and geoclue agent process is nowhere to be found.
Nevertheless, I’ve changed all “true” setting to “false” in /etc/geoclue/geoclue.conf and all urls to point to https://localhost:9/ (port 9 being traditional discard service, and not run anymore nowadays).
I couldn’t find any documentation on geoclue, no user guide, no explanation what various entries in geoclue.conf mean, and how do they work. Maybe geoclue is started on demand and lives shortly. maybe user config can override the system config. I don’t know and I can’t find out reasonably quickly - reading the source is slow. Therefore I’m thinking of crafting geoclue-dummy package, that will provide geoclue-2.0 and conflict with it. That way, geoclue will be uninstalled, but any packages that depend on it, like gnome maps, will be left alone. But this has to wait till tomorrow.
Maybe you are thinking of the DNS resource record of type “LOC”, whereby a host can tell the internet its latitude, longitude, altitude and size.
I guess any web server is in theory free to include any information that it likes as a comment in the HTML, including location information.
However I haven’t noticed web servers doing that - but then I suspect not many DNS servers have LOC records either.
Just deactivated the use of external databases in geoclue on my librem5.
I have noticed there is a modem-gps entry in geoclue.conf that is set to ‘false’.
Why is this? What does it result in? And should that not be set to ‘true’?
Guess: A typical mobile modem has a built-in GNSS function. On the Librem 5 this is “disabled” for privacy reasons (and the Librem 5 has a separate dedicated GNSS chip that it can control). So I doubt that true
and false
will differ in any resultant useful behaviour, and false
probably makes more sense (don’t want to try to use something that is intended not to work).
Ah, thank you. That is good to know.
There might even be something more to it: if the modems gps is enabled in geoclue and geoclue would be able to enable it through e.g. modemmanager, the firmware of the modem would do what is necessary to provide coordinates. That might result in the firmware trying to download data for agps which in itself is an information leakage.
I didn’t follow that path to the end by trying to find out what really happens with the modems gps and the firmware in the modem. Theoretically the modem itself without the OS being able to find out about it, could download data from the internet and thereby leak your IP and possibly other data like IMEI.
This is the reason why an open firmware for a modem would be such a good idea.
To observe whether something like this happens or not my only idea so far has been to build an own LTE cell to log in to. Then I’d be in the position as the provider to observe the traffic the modems firmware might generate in direction of the network without the OS being aware of it.
Well no, it was something the web designer wold hard code into an html page.
But I remember now, it was the ICBM meta tag. Kind of Dr. Strangelove-ish, it is supposed to show the latitude and longitude of the web page (and presumably the server). Of course the coder can always lie to it.
(looks like you necrod that specific post but that’s OK)
I was curious as to whether this is a real thing and apparently it is: https://en.wikipedia.org/wiki/ICBM_address
In this day and age of rampant privacy fail, I don’t know that it’s a good idea to provide this information in your HTML pages.
It could easily become out of date or, due to content distribution networks and the like, never be at all accurate in the first place.
I suppose that meta tag is really only applicable to a fixed ground station anway. Privacy is really moot within the ICBM blast radius, no?
(Now I remember a bit where the tarp around a ladies shower stall gets pulled down or blown away. Was that a MASH episode?)
I received an opensnitch alert for geoclue after logging in today. It does not seem to be consistent however. I was going to uninstall the geoclue-2.0 package but that will also remove gnome-clocks and gnome-maps.
Did you ever get around to crafting that geoclue-dummy package?
I recently got into a situation where I had a PureOS machine with a different (non-gnome) desktop window manager that I thought I had cleaned up and hardened – because it did not list geoclue as a dependency and thus allowed me to uninstall it – but then the system wanted to automatically install geoclue when I tried to install the Qt libraries for compiling a user space application. [Technically, as I recall maybe libgeoclue is the one that uninstalls gnome
when you try to remove it, but it’s been a little while since I tried.]
To fix this, even when it did install geoclue, I am in the habit of running sudo systemctl mask geoclue.service
on all my PureOS devices to then block this service from running. I forget where I even found that idea.
Do we believe that masking geoclue
with the systemctl
will stop it from running and invading privacy, or does that mean I’m not doing enough?
As far as I remember geoclue is needed for the gps to work as supported by many apps.
Disabling all aspects of geoclue that need an external service seems the way to go.
geoclue is open source - if you doubt that it does what you’re thinking I’d say you’ll need to look into it (in the end if you do not trust open source and learn to evaluate your doubts about it you’ll be lost using open source).
Look at your opensnitch alert and try to find out what really happened. Maybe post it here so others might help you understand how it happened.