Deinstall geoclue?

I stumbled over it already a few times: the use of geoip.

I deleted the packages on my PureOS notebook and I’m missing nothing.

I have the suspicion that the majority of use cases for this service break privacy.

Any suggestions, opinions?

geoip on end-user laptop is harmless. Surveilancers (sic!) use their own copy to determine your location based on your IP. By removing it, you just get rid of your ability to map some IP address to location.

off-topic: chosing default language based on location is the most anoying and malicious thing there ever was. That’s what http accept-language header is for.

1 Like

For example, a browser extension like CountryFlag might use that kind of mapping functionality.

It is especially annoying, on every single Linux distro I’ve tried. Although I set my language to English, because my location is in Germany, my day and month are always in German. Seems like a stupid assumption. Nothing wrong with German, of course, but if my system language is English, why would I want other elements of it in a different language?

1 Like

Hrmpf, I mixed up the names. I was thinking about geoclue:

The goal of the Geoclue project is to make creating location-aware applications as simple as possible.

The aim of project is to utilize all possible sources of geolocation to best find user’s location:

WiFi-based geolocation (accuracy: in meters)
GPS(A) receivers (accuracy: in centimeters)
GPS of other devices on the local network, e.g smartphones (accuracy: in centimeters)
3G modems (accuracy: in kilometers, unless modem has GPS)
GeoIP (accuracy: city-level)

Difference is that the location is further narrowed down by using additional information from my system that someone seeing my IP wouldn’t have.

Adjusted topic from “geoip” to “geoclue” - sorry :blush:

Wasn’t there an html command where the host could put their Latitude and Longitude as a comment? (Fell into disuse I imagine.)

To correct myself again: I disabled the service.

Deinstallation leads to deinstalling gnome-maps. I wanted to keep it for some tests and for reference.

Geoclue uses a database maintained at mozilla to map various information found inside the system to a geographic location: cell tower id (mobile data), wifi ssid, ip address.

This means that geoclue requests information about these data points from a REST api at a mozilla server.

Say you’re connected via VPN to hide your traffic and possibly location. geoclue will happily ask mozilla about ssids seen by your computer hereby exposing your location at least inside this request to mozilla and making it possible to relate it to your IP address given to you by your VPN provider.

If I’m not mistaken the service leaks information about me (and possibly you) and we’ve never been informed about the fact it is requesting this information or asked about our consent to do so.

Furthermore per default the gathered information is available to some applications in your system including epiphany and firefox. If you do not trust these browsers to ask you properly for permission to use your location you’ll just know find out that they know it already.

It is possible though to configure geoclue to not request (and thereby send) any information to mozilla. It then still can be useful to just feed software like gnome-maps by using a local gps receiver.

If I do not misunderstand the situation I’d suggest that PureOS informs about the way geoclue works and offers a default configuration without transmitting any information to mozilla.

2 Likes

Ooo, thanks for pointing this one out!

It looks like in PureOS Amber, geoclue is not started by default (in gnome maps, the button “go to current location” is grayed-out and non-functional, and geoclue agent process is nowhere to be found.

Nevertheless, I’ve changed all “true” setting to “false” in /etc/geoclue/geoclue.conf and all urls to point to https://localhost:9/ (port 9 being traditional discard service, and not run anymore nowadays).

I couldn’t find any documentation on geoclue, no user guide, no explanation what various entries in geoclue.conf mean, and how do they work. Maybe geoclue is started on demand and lives shortly. maybe user config can override the system config. I don’t know and I can’t find out reasonably quickly - reading the source is slow. Therefore I’m thinking of crafting geoclue-dummy package, that will provide geoclue-2.0 and conflict with it. That way, geoclue will be uninstalled, but any packages that depend on it, like gnome maps, will be left alone. But this has to wait till tomorrow.

Maybe you are thinking of the DNS resource record of type “LOC”, whereby a host can tell the internet its latitude, longitude, altitude and size.

I guess any web server is in theory free to include any information that it likes as a comment in the HTML, including location information.

However I haven’t noticed web servers doing that - but then I suspect not many DNS servers have LOC records either.