Pale Moon forum

http://ip-api.com/
this is being blocked by ublock origin by an adguard spyware filter i should add.

Question: Why isn't http://ip-api.com/ using HTTPS?

Because it's not needed. Everyone and their mom can do a geoip database lookip. Neither the requests nor the responses have any value beyond what is already in the open when looking up your own IP even if it -was- https...
If you want https you can use their paid service, though.

Moonraker wrote:http://ip-api.com/
this is being blocked by ublock origin by an adguard spyware filter i should add.

Then whomever is in charge of that filter list should be taken out back for some "re-education".

https://spyware.neocities.org/articles/http.html

The language used in the HTTP specification explicitly says that the protocol was designed with enabling the datamining of its users in mind

I'm definitely missing something here...

F22 Simpilot wrote: As to the home page. People use that?!

I do, though admittedly I should configure my content blocker to allow more requests from that page.
It does provide some revenue for the developers after all.

vannilla wrote:I'm definitely missing something here...

I'd like a reference to where the spec says this

Moonchild wrote:I'd like a reference to where the spec says this

From the link vannilla posted:https://spyware.neocities.org/articles/http.html

I think he meant from the actual HTTP specification.. Not the fake news on that website.

As a comment on an unrelated ghacks thread put it, privacy nuts being nuts. Of course HTTP wasn't designed with privacy in mind - it was designed to transfer information in an age where exploitation of data by dubious parties did not yet exist.

I have my privacy concerns about using the internet, as do many people I know, but folks who write half-truths and spread FUD like this accomplish nothing except making the rest of us look bad. It's ridiculous.

Moonraker wrote:http://ip-api.com/
this is being blocked by ublock origin by an adguard spyware filter i should add.

Moonchild wrote:Then whomever is in charge of that filter list should be taken out back for some "re-education".

I doupt.
http://ip-api.com/ is also blocked by easyprivacy too and MVPS HOSTS and
hpHosts’tracking servers.

Just because people are copying each other's list entries doesn't mean they are right in doing so.

ip-api.com is most certainly NOT a tracker, and isn't a privacy issue.
I think someone added it because some websites display a widget with publicly available geolocation data retrieved from that API, and for an uneducated user that might seem like an invasion of privacy (oh no! this website knows my location!) while, in fact, the website owners:

• Already have that data in their web server log because they know your IP. Blocking the geoip lookup in the web page will make no difference.
• Aren't involved at all in that data being presented to you (since it'll be your browser directly retrieving the geo data)

MVPS hosts, by the way, does not block it (it's listed but commented out). It only blocks the pro one which is likely to be used by commercial users, which is kind of silly in itself because those people won't be blocking their own tool

superA wrote: I doupt.
http://ip-api.com/ is also blocked by easyprivacy too and MVPS HOSTS and
hpHosts’tracking servers.

I doubt also.
The site works fine with uBlock and the EasyPrivacy filter list. Can't tell about the other filter lists since I don't use them.

I agree with MC, they are copying each other's list entries and the rule is in fact useless.

gepus
Before you start doupting check easyprivacy again.
It is blocked as a third party, the others block it as a first party just like adguard s everywear.

It shouldn't even be blocked as a 3rd party because it's not a tracker or ad server, at all. It's a geo lookup tool (translates IP addresses to geographical locations), and that's all.

It's actually a problem if it's in a hosts list you're using, because it will prevent Pale Moon from performing geolocation lookups even if you want to allow it on a specific website.

superA wrote: Before you start doupting check easyprivacy again.
It is blocked as a third party, the others block it as a first party just like adguard s everywear.

Sorry but I'm still doubting and for a good reason:
https://i.postimg.cc/Pxn3pNTP/2019-02-21-213957.png

gepus wrote:Sorry but I'm still doubting and for a good reason:
https://i.postimg.cc/Pxn3pNTP/2019-02-21-213957.png

So what exactly is the reason? your screenshot doesn't show me anything unwanted.

I'm not sure if this is offtopic or not, but why would anyone even need to use geolocation in the desktop browser?

JustOff wrote:I'm not sure if this is offtopic or not, but why would anyone even need to use geolocation in the desktop browser?

... You're kidding, right?

Websites will regularly request geolocation to be able to provide you with catered local services. That's not something exclusively reserved to mobile devices. E.g. a store chain may want to get your location to be able to select the relevant store in your area for contacting information or local offers. A train site might use it to provide travel planning from your home to where you want to go, etc.

Moonchild wrote:Websites will regularly request geolocation to be able to provide you with catered local services.

I'm serious, they already know my ip, so why would I care to provide any additional data? I've never allowed it and everything was fine.

Moonchild wrote:

gepus wrote:Sorry but I'm still doubting and for a good reason:
https://i.postimg.cc/Pxn3pNTP/2019-02-21-213957.png

So what exactly is the reason? your screenshot doesn't show me anything unwanted.

I doubt that superA is right by claiming that EasyPrivacy filter list is blocking http://ip-api.com/.
See here.
My screenshot shows that it doesn't. No wonder that you can't see anything unwanted.

JustOff wrote:

Moonchild wrote:Websites will regularly request geolocation to be able to provide you with catered local services.

I'm serious, they already know my ip, so why would I care to provide any additional data? I've never allowed it and everything was fine.

I'm serious too. Websites that do it properly will ASK you. The IP they see from the server end might, after all, not be the outbound IP of your actual connection, meaning there's a good chance of error.
Also, there is no "additional" data. Either they look up the IP address server-side and get latitude/longitude, or they ask the browser to provide latitude/longitude through a geo lookup.

Moonchild wrote:The IP they see from the server end might, after all, not be the outbound IP of your actual connection, meaning there's a good chance of error.

But in such situations, the data provided by IP-API.com will also be incorrect.

Also, there is no "additional" data. Either they look up the IP address server-side and get latitude/longitude, or they ask the browser to provide latitude/longitude through a geo lookup.

If I use a mobile device, it can potentially provide more accurate data, but on the desktop the only source for this is my ip, so I really don't understand why should I care.