Firefox Add-On To Track Your Location Via Wi-Fi 181
Barence writes "Mozilla Labs has unveiled a new Add-on that allows Firefox to pinpoint your location based on Wi-Fi signals. The feature, called Geode, is a prototype for the location-tracking technology that will be built into the forthcoming Firefox 3.1. Geode is designed to work with websites that rely on knowing your location, such as mapping and geotagging services. The prospect of Firefox having the ability to track your location raises obvious privacy fears. Mozilla insists users will remain in complete control. 'With Geode, when a website requests your location a notification bar will ask how much information you want to give that site: your exact location, your neighbourhood, your city, or nothing at all,' the Mozilla Labs blog claims."
Big Brother is like a fox on fire (Score:5, Funny)
And twice as annoying.
Excuse me while I install this on my son's laptop ... without him knowing.
Re: (Score:1)
And twice as annoying.
Excuse me while I install this on my son's laptop ... without him knowing.
Yeah. That's going to work.
You have very compliant children. (Score:2)
You gotta sleep sometime you know. You are lucky.
Re: (Score:2, Funny)
Dad, stop messing with my laptop.
They'll never track me (Score:5, Funny)
I'm wearing my tinfoil underwear.
Oh crap, this means I need to wear underwear at the computer.
Re:They'll never track me (Score:5, Funny)
Let's see, based on nearby access points, I'd say you're on Linksys Avenue, Linksysburgh, Linksys County, LI.
Why Not... (Score:5, Insightful)
Why not let it give the user the option of telling the web site some arbitrary location?
Re: (Score:2)
You can get the source and make it do just that. My personal hope is that the default this to off and make you activate it manually. Also, what are the chances that this gets abused by law enforcement?
Re:Why Not... (Score:5, Informative)
If you'd bother reading to the second sentence: " The feature, called Geode, is a prototype for the location-tracking technology that will be built into the forthcoming Firefox 3.1."
You can't not install it, it's already installed.
Other than that, you seem to be traveling.... you get the point
Re: (Score:2, Informative)
If you'd bother RTFyouknowwhat...
Geode is an extension, and it will not be in Firefox unless you add it to Firefox. Firefox 3.1 will not have any "location-tracking technology", it will just expose the W3C geolocation API [w3.org] so extensions such as Geode can answer to document.geolocation calls from a script. A naked Firefox doesn't know zilch about its location.
The article is misworded but understandable with a little good will.
Re: (Score:2)
I don't think you quite understand what this "open source" thing is.
Re: (Score:3, Informative)
Re:Why Not...because... (Score:2)
Because the Dept of Homeland Spying would get misleading info on your whereabouts.
Re: (Score:2)
Re: (Score:1)
uhm, as it's open source, anyone that is a programmer has that option. i'm going to have some fun with this i think.
posting from the white house, cuba, yemen, etc.
Re: (Score:2)
No kidding. I'd love to be able to do this just to get around those damn you're-not-from-America-so-can't-watch-this-video-clip messages. I particularly hate it when (Adobe Flash Player, I'm looking at you) they let me install the program, WATCH THE AD, then give me the message.
Grey [wellingtongrey.net]
Re: (Score:2)
Going back to hard-wired connection (Score:5, Funny)
I sure hope Best Buy still sells that 2-mile long ethernet cable...
Re: (Score:2, Funny)
I'd tap that! Wait...
Re: (Score:2, Informative)
Re: (Score:2)
Just use a repeater. Or Chrome, Safari, Konqueror, or Internet Exp- well, maybe not that last one.
... It's an addon, not a cookie. (Score:5, Insightful)
The addon has to be manually installed.
It's not a piece of malware, it's not surreptitiously installed by remote servers. It's strictly voluntary.
The only privacy concerns which arise from this are if people are not careful enough with the addon to disable it.
Re:... It's an addon, not a cookie. (Score:5, Insightful)
Except the summary states "the location-tracking technology... will be built into the forthcoming Firefox 3.1."
I'd much rather this remain a separately downloadable add-on.
Re: (Score:2)
Except the summary states "the location-tracking technology... will be built into the forthcoming Firefox 3.1."
I'd much rather this remain a separately downloadable add-on.
and it also says you can make sure sites get "nothing at all"
Additionally, being open source, you can grab the SRC and make builds of it minus that code.
Re:... It's an addon, not a cookie. (Score:5, Interesting)
Just being included would make it open to security problems. Someday a vulnerability might let a sight activate it using JavaScript, for example.
I'm a minimalist. If I'm not going to ever use it, I'd rather it not be on the computer at all, especially if it's a potential privacy issue.
And we all know that your average Firefox user will always be going to mozilla for their builds. I doubt a fork that removes this component would gain much traction.
Re: (Score:2)
It wouldn't need much traction though.
If the only difference between the fork and the original is a few comment indicators, one person could easily do it and post major builds.
Firefox Light, anybody? (Score:2)
It would be great if Mozilla, or somebody else, would make a light version of Firefox, which only had web browsing. It could be extendable, so that user's could have just what they want, and not a lot of feature creep. Perhaps they could call it Phoenix, or Firebird.
Re: (Score:2)
It would be great if Mozilla, or somebody else, would make a light version of Firefox, which only had web browsing. It could be extendable, so that user's could have just what they want, and not a lot of feature creep. Perhaps they could call it Phoenix, or Firebird.
Wasn't that the whole idea behind having extensions in the first place?
Re: (Score:2)
Yep. That's what I was pointing out, that Firefox has lost it's way. It is no longer a small, lightweight browser.
Phoenix was the original name for Firefox. Then Firebird. It's purpose was to be small and light-weight, without all of the extra features of the Mozilla web browser (now Seamonkey). So Mozilla stripped out the extra features, and now they are adding them again. I am suggesting that they strip them out again. Everything old is new again.
Re: (Score:2)
this feature is a deal breaker for me. i'm switching back to firefox 2.
chrome doesn't have noscript, Ie is not an option. hopefully chrome will get popular enough to get noscript by the time firefox 2 gets too obsolete.
Re: (Score:2)
Javascript can't set the value of the file element. So it can only send files that you explicitly pick with the filepicker back to the server.
Re: (Score:2)
Yep, exactly.
Re: (Score:3, Informative)
I'd much rather this remain a separately downloadable add-on.
It is designed so that every application has to get the agreement from the user first. He/She may choose to permit access to the accurate or approximate coordinates (or to deny access).
Source: heise.de (german) [heise.de]
Re: (Score:2)
Websites already have some idea where I'm coming from, regardless of my browser and JavaScript settings. All keyed off the known locations of IPs.
Breaking news, being on reality TV (Score:2)
Re: (Score:2)
The only privacy concerns which arise from this are if people are not careful enough with the addon to disable it.
When there are negative consequences to forgetting to disable a piece of software, it's malware in my book. I don't trust Mozilla any more. The final straw was awfulbar. I do not wish to broadcast unvisited bookmarks to anyone looking over my shoulder no matter how innocuous they are!
Re: (Score:2)
This has already been done [loki.com]
Unfortunately, it just tells you where you are. I'd like to see it give turn-by-turn directions.
Gee (Score:2)
Solution to a non-problem? (Score:2, Insightful)
They can already pinpoint your location pretty well using your IP address (and without your permission). So what's the point of this?
Re:Solution to a non-problem? (Score:4, Interesting)
IP geolocation usually only gets you down to the city level usually and even then the city you get isn't always accurate. Using wifi signals (I assume they keep a keep a database of SSIDs and AP MAC addresses to compare against) should be able to get your location down to at least the city block level which is much more useful.
Re: (Score:2)
Like on a 3G iPhone? Their pseudo-GPS using wireless access points gets pretty darn close. It usually pinpoints me within a building or two.
I think it would be useful to at least have this option on my UMPC, even through Firefox. Business trips can often take me to places I have no interest in going; once there, at least I wouldn't be totally lost.
Re: (Score:2)
No, it has GPS [apple.com].
The iPod touch and the old iPhone triangulate WiFi hotspots and cell tower, though.
Re: (Score:2)
Think mobile computing.
Consider a search for the nearest coffee shop, video store, etc. within walking distance. You can look for a street address on the nearby buildings (good luck with that in some areas) and type it in, or you can allow you mapping app of choice to figure out where you are and look it up automatically.
Re: (Score:2, Insightful)
Thanks anyway.
Re: (Score:2)
Because you get lousy resolution with Geo-pos-IP, and even the bad services available today are pretty expensive.
Re: (Score:2)
Because you get lousy resolution with Geo-pos-IP, and even the bad services available today are pretty expensive.
An none work with IPv6.
Re: (Score:2)
"Location-based" services need good data on where someone is. If I'm trying to find coffee shops nearby, for example, it doesn't help if the only ones I can find are several towns over.
Stupid (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
Lawsuits? The loss of goodwill would be a lot more important. Even more important would be the fact that a default of anything other than "nothing at all" is fundamentally the wrong thing to do.
I don't think you need to worry much on this score. The people working on this are neither stupid nor malicious.
Just one implementation of W3C Geolocation (Score:2, Informative)
http://dev.w3.org/geo/api/spec-source.html [w3.org]
http://labs.mozilla.com/2008/10/introducing-geode/ [mozilla.com]
Forgot a function (Score:5, Insightful)
Geode is designed to work with websites that rely on knowing your location, such as mapping, geotagging services, and location-based advertising.
Hey, they've got to be making money off of it somehow.
Control is not enough (Score:4, Insightful)
Just like providing DRM systems, there is the danger, when providing this capacity, for websites to begin to demand it, something they can't easily do now because there's no infrastructure to demand it.
Of course, this is a constant danger/possibility - some days I regret that Javascript was invented because a number of sites don't work at all unless I tell NoScript to allow JS on them. Cost of progress, I guess...
Re: (Score:3, Interesting)
there is the danger, when providing this capacity, for websites to begin to demand it
There is also the source code, freely available and modifiable, which means you could easily tell such websites that your current location is Fuckoff, in the fine state of NoneOfYourDamnedBusiness.
a number of sites don't work at all unless I tell NoScript to allow JS on them.
Hey, it could always be worse. You could always stumble on a site that doesn't work unless you allow Flash on it.
Re: (Score:2)
It would be the height of stupidity for a website to require this since it would require all their users to not only be using wifi, but be using wifi on a registered WAN. I imagine this would take a huge chunk out of their potential user base.
Then again, for DRM stupidity was no obstacle. So, who knows.
Questions (Score:2, Interesting)
Is this IP address driven? Is this mostly for public hotspots? Will one be able to register their home Wifi signal?
Will one be able to register their neighbors unsecured wifi signal?
Will there be reverse look uo p for public hotspots? How about "Public" hotspots?
Wow.. good for once it doesn't run on linux! (Score:1, Informative)
just tried to install it to see what it's like, but won't install on i386/Ubuntu
How does wifi "pinpoint your location"? (Score:5, Insightful)
Does this require each hotspot owner to register the location of his/her hotspot, so that a database can be queried to find the location?
e.g. "I can see access points with MAC addresses 00:60:08:57:3C:D2 and 00:E0:18:77:D6:40 so I know I'm at 37 23.516 -122 02.625.."
How many hotspot owners can be bothered to register their correct location? And re-register it if their IP address changes? How many even change their password?
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
It could be updated by the users of firefox, assuming the world didnt move to the west 20meters you should be able to figure out a few routers moving at a time. Sounds like a really fun/interesting code challenge.
Re: (Score:2, Informative)
Re: (Score:2)
e.g. "I can see access points with MAC addresses 00:60:08:57:3C:D2 and 00:E0:18:77:D6:40 so I know I'm at 37 23.516 -122 02.625.."
Is a web browser even allowed to have access to information like MAC addresses? I figure it ping's a few known servers and calculates its location from the time. In which case, it could easily be fooled by a VPN or Tor.
Privacy depends on the nature of services (Score:2, Interesting)
If a service can offer a better experience if it knows my location without having to login and identify myself, it is useful in many scenarios. For example, advertising a deal or a offering a coupon for an item in a nearby store. But like any technology, it can definitely be abused.
There are a few problems with WiFi based location estimation. For example, the SSID may change or vanish. Secondly, it can easily be abused by reporting false location. On the contrary, it can work indoors unlike most commercial
Tracking an IP (Score:4, Funny)
Then I'll create a GUI interface in Visual Basic and see if I can track an IP address
Compatible with what iPhone websites use? (Score:4, Insightful)
Is there even such a thing anyway?
I hope the Firefox team, Apple, Opera and Google will soon sit down and establish a standard for such things (new metas, new javascript, whatever). Tell Microsoft about it, but don't wait for them.
Also, won't AMD sue for using the Geode [wikipedia.org] name?
Re: (Score:2)
Trademarks are product type specific, that is aslong as there is no risk of someone mixing up geode the processor with geode the program then the trademark does not apply.
Undefined license for proprietary component! (Score:5, Interesting)
From the included LICENSE.TXT:
"The XPCom component contained within the contents of this extension is licensed by
Skyhook Wireless, Inc. ("Skyhook") and are subject to the Skyhook license and
terms of use (the "Skyhook License"); you may not use this component except
in compliance with the Skyhook License.
You may obtain a copy of the Skyhook License at [need URL]"
I didn't look long, but I could not find any "Skyhook License" on Skyhook's website (which is I guess why they chose not to fill in the URL!). I certainly would not use a product for which the license was in question like this, especially considering the proprietary, binary-only DLLs they provide. Not that I would be able to try it out, since it only includes 32-bit Windows and Mac libraries, no Linux at all.
Buyer beware, as they say...
How close can you get with just your IP? (Score:2)
If they have this kind of geolocation information about where Wifi access points are, they probably have the ability to track you down to at least a neighborhood just knowing your IP address for an awful lot of WAPs in their database.
So even without this plugin, if you use public Wifi you're giving a fair amount of information about your location to the sites you visit.
What, am I worried about this? No. Should I be?
Re: (Score:2)
I think you're spot-on. As MySpace/Facebook have proven, not using the service doesn't mean that a whole lot of personal information about you can't be revealed by your "friends" who are members.
Imagine that Google (or some other nefarious agency) starts infecting, err, "adding logging" to WiFi access points. I'm sure it'll be innocuous - protects the children, necessity for the war on terror, etc. But, just like your device can collect all the WiFi access point info and report it, getting back a locatio
Re: (Score:2)
Imagine that Google (or some other nefarious agency)
Would that be the Department of Google? Or the Federal Google Administration?
Other location services (Score:3, Informative)
There are other ways to approximate your location when you aren't using wi-fi. As an example, http://www.geobytes.com/ipLocator.htm [geobytes.com] will give you a location derived from your ISP's. Also, a way to set a location in your Firefox profile would be useful for desktop PCs that rarely move. And I should note that Ubiquity is currently using the MaxMind geo-api (http://www.maxmind.com/app/api [maxmind.com]) for very similar purposes.
How about... (Score:2, Interesting)
Firefox 3.1? (Score:4, Interesting)
And thus marks the end my my upgrade path with Firefox. It's been nice, so long and thanks for all the fish!
Re: (Score:2)
Enough with the built in "features". The awesome bar was bad enough, this is a step too far. By all means offer it as an add-on. Surely the whole point of add-ons is that people can start with a basic browser and choose which features are useful to them?
It's time for a fork.
Re: (Score:2, Informative)
Re: (Score:2)
Indeed. I will NOT be installing 3.1 if this tracker is installed with it. If anyone from mozilla reads slashdot pay attention. Do NOT include this software in the core browser or you will lose not only my support but the support of everyone I know. (And I happen to be the tech guy for all of my friends and family, and there are LOTS of them) I will actively make sure they do not upgrade to 3.1. Either make it an add-on or scrap it entirely. If you pride your browser on its security features this is a spit
Re: (Score:2)
I'm curious: what is the exact problem you have with the geolocation stuff? No data is given to the server unless you explicitly allow it for that particular site. If you _do_ allow it, it enables a class of very interesting web applications, especially on mobile devices.
Could you explain what your objections are, past an instinctive reaction to the word "track"?
Re: (Score:2)
I can't speak for the parent, but my problem with it is the possibility of abuse. You're installing an app that can pinpoint the location of your computer, at least to some degree. If someone wants to exploit this "feature", you've already done most of the work for them. All they have to do is find a way to tap into the data that app gathers.
But regardless of that, my other objection is having such an app included in the browser. If it's an extension, I can choose whether or not I want to install it, bu
Re: (Score:2)
> And why should it be in there by default?
That's a really good question. For now, the W3C is publishing a spec that will require it, but there've been rumblings to the effect that not all W3C specs are worth implementing...
Realistically, this feature is no more dangerous than many other things (like file inputs, etc) if properly secured. You're right that it increases attack area, but so does SVG. See, for example, http://lists.w3.org/Archives/Public/www-svg/2008Sep/0112.html [w3.org]
So the only real question
Re: (Score:2)
I completely agree with you.
I'm just quite puzzled that Mozilla sees the need to build this into the browser. Even if this means nothing here in North America and Europe, can you imagine what this will do to Firefox adoption in a place like China? Would you want to be a dissident with something like this installed on your laptop? I wouldn't. I'd be nervous enough as it is, so I sure as hell wouldn't want this "feature" potentially telling the Chinese government where I was while I was blogging about hum
Re: (Score:2)
> I'm just quite puzzled that Mozilla sees the need to build this into the browser.
I though you just agreed that this was important on mobile devices...
> If a tool can be abused, it will be abused.
That's an argument for having no tools at all, which isn't a good idea. The goal should be to strike a balance.
Re: (Score:2)
I think it can be useful on mobile devices, but that doesn't mean it has to be built into the browser. An extension will do just fine. If you want to meet half-way, then have the extension preinstalled on the upcoming Firefox for mobile platforms, but, since it would still be an extension, users could remove it if they want to do so.
Re: (Score:2)
Some people like the awesome bar for example, some don't mind it, some -- perhaps many -- dislike it intensely. There is absolutely no need for that, or this tracker, to be built into the browser by default. The add-on functionality is perfect and very useful. Let people choose what they need in a browser and keep the basic browser fast and
Re: (Score:2)
> It seems like Mozilla is now intent on adding features rather than having a great stable
> product.
That's a false dichotomy, really.
But there's one more issue here. All the browsers are in a position where they'll become totally irrelevant in a few years if they don't have feature parity with Flash and Silverlight... so they're working on said feature parity (except maybe IE, which doesn't mind being irrelevant if Silverlight wins).
implementation? (Score:2)
I know somewhere on the web there's a nationwide wi-fi map, with every point listing their name. I checked my house, and there was my AP. So yeah, pretty slick making software from that data.
Double edged sword here: yes, privacy concerns, but if your laptop gets stolen & the thief is at a documented area, go in for the retrieval!
Wow! guys @ RIAA HQ are really into child porn!!! (Score:2)
Wrong fears ? (Score:2, Interesting)
What I fear more is Firefox becoming everything but what people need it to be. You know, a web browser.
Please wake me up when someone decides to fork FF and remove all the useless crap that's being added lately. We're far from what made many of us tech-savvy people switch to what used to be a lightweight, efficient and secure web browser.
Re: (Score:2)
So what, exactly, is a web browser? Heck, what's "web"? The problem is that the definition keeps changing. Used to be, no image support was fine in a web browser. And no script support. And no CSS support. And no DOM support.
Note that the W3C is standardizing a geolocation API; this is just an implementation of that W3C spec.
I should also point out that Firefox 3 is faster and more memory-efficient than Firefox 2 or Firefox 1.5 or Firefox 1.0 (though when comparing to 1.0 you probably need to make sur
What features like this need... (Score:2)
'With Geode, when a website requests your location a notification bar will ask how much information you want to give that site: your exact location, your neighbourhood, your city, or nothing at all,' the Mozilla Labs blog claims."
I would like to later ask Geode for the lists of web sites I've set to my exact location, neighbourhood, city, or nothing at all.
I create these settings and forget them. The cloud should not only remember what I set for the Web sites, but for me whenever I want to check,
Re: (Score:2)
iphone 3g ish.. (Score:2)
Microsoft even abandoned this... (Score:2)
Microsoft had a WiFi geo locator utility and web application several years ago, and abandoned it because people that cared where they were would just use the GPS in their phones, as it was consumer utility to find local information.
I don't think a utility that reports back where you are will be any more successful, and a bit scary.
Does this imply easy location "spoofing"? (Score:2)
Alright! (Score:2, Funny)
Now I know exactly where Kareem Abdul-Jabbar is!
Re: (Score:2)
Re: (Score:2)
Thanks to wireless hotspots, you don't even need that anyway. 99% of hotspots send your personal data in the clear.
Re: (Score:2)
> Why not enter it manually?
More effort on the user's part.
> In fact, if it is at the websites discretion, why even have this at all?
The website can ask for the information. Whether the browser tells it is at the user's discretion.
> that is the only rational reason to include I can think of; ...
> Further, I don't understand what is going through the heads
See http://www.w3.org/2008/geolocation/ [w3.org] and especially http://www.w3.org/2008/geolocation/charter/ [w3.org]
That second link gives some examples of the
Re: (Score:2)
The website can ask for the information. Whether the browser tells it is at the user's discretion.
Would you be happy with a plugin that stored, and filled in your bank account login details when your bank's site asked for them? Sure, it wouldn't be used as often as this plugin - but the principle remains.
I sure as hell wouldn't. There is too long a history of browser functionality being subverted, despite the best intentions of the initial programmers. It wouldn't be more than a few days until there was an exploit that could access that information without asking you. And a plugin that can query your W
Re: (Score:2)
> Would you be happy with a plugin that stored, and filled in your bank account login
> details when your bank's site asked for them?
If it had the option to never fill them in, and otherwise asked me every time? I might not mind, though I'd prefer those not be stored on my hard drive because my computer might be stolen. That part of the analogy doesn't apply here, since no additional data is being stored on your computer, though.
> It wouldn't be more than a few days until there was an exploit that
Re: (Score:2)
In fact, if it is at the websites discretion, why even have this at all? It seems like there is not just the potential for abuse, that is the only rational reason to include I can think of; that it is designed for abuse
That was my thought exactly. Even if this feature was designed so that websites are forced to ask for my permission, what are the chances that advertisements start asking every time they load? Any advertisement that I have seen that attempts to post my location in the text to get my attention is usually sleazy enough to make me uncomfortable willfully giving them the information in the first place.