Pale Moon, Geolocation and You
Posted: 2014-01-05, 12:28
To clarify a few things, I've decided to write up an explanatory post about Location-Aware Browsing, how this is handled in Firefox and Pale Moon, and how it will impact your browsing.
More than one method
The most confusion about Location-Aware Browsing is the fact that there are two distinct methods used out on the web, which both perform a similar function but are quite different in how they work:
Recently, Google, the default geolocation provider (point 1 above) used in Mozilla products since Firefox 3.5.*, changed the way they provide their geolocation services to web browsers, limiting access to the API by way of a secret key only used by official Mozilla Firefox builds. As a result, geolocation in Pale Moon broke because the Google servers refused to provide a response without the key. Individual developers would have to purchase a business key to continue using the geolocation services, and pay-per-volume.
As a result, Pale Moon (From version 24.3.0 onwards) will be using a different geolocation provider's API to request GPS coordinates. This makes for a difference in how geolocation is handled, and a difference in privacy of your browsing:
The Firefox method
More than one method
The most confusion about Location-Aware Browsing is the fact that there are two distinct methods used out on the web, which both perform a similar function but are quite different in how they work:
- Geolocation: This is a location lookup done by the browser, and what most of this post is about. A webpage can request (through JavaScript) that the browser finds its geographical location. If your hardware supports it and is configured correctly, the browser can get GPS coordinates from your computer and report this to the requesting page in your browser. If not, a request is made to a geolocation provider on the Internet, which determines your GPS coordinates based on data passed in the request. This is a client-side process that by default requires your permission. Pale Moon will pop up a request similar to this:
- GeoIP lookups: This is a location lookup done by the web server you connect to. These kinds of lookups are done server-side, do not ask you for permission, and are almost invariably based on IP lookup tables in the possession of the web server operator (known association tables of IP ranges and geographical location). As a web user, you will have no control whatsoever over these kinds of lookups, and the only way to circumvent this kind of lookup is by using an indirect connection (e.g. a proxy server or VPN) that will present a different IP address to the server.
Recently, Google, the default geolocation provider (point 1 above) used in Mozilla products since Firefox 3.5.*, changed the way they provide their geolocation services to web browsers, limiting access to the API by way of a secret key only used by official Mozilla Firefox builds. As a result, geolocation in Pale Moon broke because the Google servers refused to provide a response without the key. Individual developers would have to purchase a business key to continue using the geolocation services, and pay-per-volume.
As a result, Pale Moon (From version 24.3.0 onwards) will be using a different geolocation provider's API to request GPS coordinates. This makes for a difference in how geolocation is handled, and a difference in privacy of your browsing:
The Firefox method
- Gathers data about local wifi networks and access points from the browser.
- Sends this data, along with a secret key, to Google servers. This may include detailed information about your local network.
- Google uses this data and your connecting IP address to look up your GPS coordinates based on known information in tables.
- Receives GPS coordinates (longitude,latitude) and an indicator of the rough accuracy of these coordinates.
- Sends a simple http GET request to the API server. No data is being sent beyond a normal web request, and only the absolute minimum amount of data is requested (just latitude and longitude) to prevent snooping on details like country, isp, organization, etc. by intermediaries.
- The API server uses your connecting IP address to look up your GPS coordinates based on known information in tables.
- Receives GPS coordinates (latitude, longitude) but no indicator of the rough accuracy of these coordinates.