Project: | Trisquel |
Version: | 7.0 |
Component: | Programs |
Category: | bug report |
Priority: | critical |
Assigned: | Unassigned |
Status: | closed |
Firefox uses Google Location Services to determine user location, while visiting websites that use Location-Aware Browsing, by sending:
[1] User's computer IP address,
[2] Information about the nearby wireless access points.
[3] A random client identifier, which is assigned by Google, that expires every 2 weeks.
IceCat, which is the free software re-branded version of the Mozilla Firefox web browser, inherits this privacy / security vulnerability. This can be easily verified as follows:-
[1] Open the URL https://www.mozilla.org/en-US/firefox/geolocation/ from IceCat.
[2] Click on the link 'Give it a try!'.
[3] Click 'Where am I' and give permission to share your location. This should open up an Open Street Map giving your current location.
To turn off Location-Aware Browsing permanently from IceCat,
[1] In the URL bar, type about:config.
[2] Type geo.enabled.
[3] Double click on the geo.enabled preference. This should disable Location-Aware Browsing.
(Source: https://www.mozilla.org/en-US/firefox/geolocation/)
This issue also applies to Abrowser. Yes, it was on by default.
Is this fixed?
When I follow OP's method to disable it, the geo.enabled preference has "false" value, and after I double-click it has "true".
Does true mean that it is disabled then? Or has this issue been fixed in the meantime without anyone removing the post? So that I in fact now have went and enabled the preference?
> So that I in fact now have went and enabled the preference?
Correct. If you want geolocation disabled, geo.enabled should be set to "false". In Abrowser you can also adjust this setting from the privacy settings that you see when you open a new tab.
Fixed in a scratch install of GNU Icecat 52.3.0
Automatically closed -- issue fixed for 2 weeks with no activity.