RE: location tracking - bcnaz - 09-22-2020
....maybe I am being overly cautious, but reading Mozilla's disclosures and disclaimers they use third parties and share
information with them including Google and others, But they tell you they are not responsible for what the third
parties do with that shared information.
RE: location tracking - wi_badger - 09-22-2020
(09-22-2020, 06:09 AM)bcnaz Wrote: ....maybe I am being overly cautious, but reading Mozilla's disclosures and disclaimers they use third parties and share
information with them including Google and others, But they tell you they are not responsible for what the third
parties do with that shared information.
I'm not sure that it's possible to be "overly" cautious about these issues ... but not surprised that they share information.
The key question is how much information is passed in addition to location.
IP address, almost certainly, MAC address maybe. Phone number ? Don't know.
Name ? Lots of us out there named mobian, right ? But how about the name on an email account ? Again, don't know.
RE: location tracking - bcnaz - 09-22-2020
(09-22-2020, 08:58 AM)wi_badger Wrote: (09-22-2020, 06:09 AM)bcnaz Wrote: ....maybe I am being overly cautious, but reading Mozilla's disclosures and disclaimers they use third parties and share
information with them including Google and others, But they tell you they are not responsible for what the third
parties do with that shared information.
I'm not sure that it's possible to be "overly" cautious about these issues ... but not surprised that they share information.
The key question is how much information is passed in addition to location.
IP address, almost certainly, MAC address maybe. Phone number ? Don't know.
Name ? Lots of us out there named mobian, right ? But how about the name on an email account ? Again, don't know. *************
You can purchase a sim card for $1 USD and a smart phone card for $25 a month from the Dollar store and activate your phone anonymously if you want, that helps buy some privacy.
RE: location tracking - KC9UDX - 09-22-2020
In any case, this is not the PinePhone's fault. It's the software. And this is open source software. So you are free to modify it for your own devices.
You could conceivably even use real location data for your own purposes, but send fake location data to other targets.
RE: location tracking - bcnaz - 09-22-2020
Maybe if the app included the maps within the app,
Like the hand held GPS devices ?
Those work completely stand alone with no outside data needed.?
The current app on my phone shows my house in detail, but from a few years back.
Different vehicles parked in the driveway is a clue to that.
RE: location tracking - Cree - 09-22-2020
(09-22-2020, 09:13 AM)bcnaz Wrote: (09-22-2020, 08:58 AM)wi_badger Wrote: (09-22-2020, 06:09 AM)bcnaz Wrote: ....maybe I am being overly cautious, but reading Mozilla's disclosures and disclaimers they use third parties and share
information with them including Google and others, But they tell you they are not responsible for what the third
parties do with that shared information.
I'm not sure that it's possible to be "overly" cautious about these issues ... but not surprised that they share information.
The key question is how much information is passed in addition to location.
IP address, almost certainly, MAC address maybe. Phone number ? Don't know.
Name ? Lots of us out there named mobian, right ? But how about the name on an email account ? Again, don't know. *************
You can purchase a sim card for $1 USD and a smart phone card for $25 a month from the Dollar store and activate your phone anonymously if you want, that helps buy some privacy.
True! At least for as long as the dollar stores accept cash and dont have face id cameras. Im guessing these days are numbered too... Still privacy is attainable, but it will continue to require innovative thought. Anyway, i think getting a secure browser similar to epic or brave should be a priority for pinephone devs. Past that maybe "Tails for pinephone"??? And carry 2 simcards, one live drive with mac spoofing, and another with your important info. Live drive when you're out and about, regular when you're at home. I don't think we need to worry about big brother discerning our address, they already know that. But our personal habits, discussions, and other aspects of life in society i think we ought to protect. That social credit concept is coming and its freaky... Doing some research? Pop in that live drive...
If you're somewhere where stop and frisk is a thing, epic or brave on your device probably wont land you as manu questions as tor or i2p
Quick follow up, not to downplay the significance of mozilla sharing info with google, but something with epic could shed some light on this. Take it with a grain of salt though. At the start of the year epic posted that their own epic search engine was moving from google search backbone to yahoo. The reason that google had let them use their backbone with no strings for a while, but changed to require reporting of personal data for the use of their search results. Epic didnt like this and looked for alternatives. Yahoo also required something similar, but much less info than google, so epic partnered with Yahoo instead. They posted a warning about this early in the year. It does not affect the browser, only their search engine. I'd hazard a guess that mozilla is similar. They have google built in as a search engine, but also duckduckgo. Perhaps they only report when stuff is searched on google due to the same thing google pulled with epic. And, perhaps this doesn't apply when you use duckduckgo or an alternative search engine?
Pure speculation....
RE: location tracking - ergo owl - 09-22-2020
(09-20-2020, 03:40 PM)devrtz Wrote: Relevant wiki article
Thanks alot, that was very informative! Instant level up of my location tracking knowledge.
I am having a blast right now modifying the /etc/geoclue/geoclue.conf file both on the pinephone and on my computer.
Code: GNU nano 4.8 geoclue.conf Modified
# Configuration file for Geoclue
#
# NOTE: All configurations settings below are mandatory and the defaults are
# what you see before you edit them. If you want to keep the default
# values around, copy and comment out the appropriate line(s) before
# changing them.
# Agent configuration options
[agent]
# Whitelist of desktop IDs (without .desktop part) of all agents we recognise,
# separated by a ';'.
whitelist=geoclue-demo-agent;gnome-shell;io.elementary.desktop.agent-geoclue2
# Network NMEA source configuration options
[network-nmea]
# Fetch location from NMEA sources on local network?
enable=true
# 3G source configuration options
[3g]
# Enable 3G source
enable=true
# CDMA source configuration options
[cdma]
# Enable CDMA source
enable=true
# Modem GPS source configuration options
[modem-gps]
# Enable Modem-GPS source
enable=true
# WiFi source configuration options
[wifi]
# Enable WiFi source
enable=true
# URL to the wifi geolocation service. The key can currenty be anything, just
# needs to be present but that is likely going to change in future.
url=https://location.services.mozilla.com/v1/geolocate?key=geoclue
# To use the Google geolocation service instead of mozilla's, simply uncomment
# this url while changing API_KEY to your Google API key and comment out or
# remove the url above.
#
# WARNING: Please make sure that you are complying with the Google's ToS and
# policies if you uncomment this:
#
# https://developers.google.com/maps/documentation/geolocation/policies
#
#url=https://www.googleapis.com/geolocation/v1/geolocate?key=YOUR_KEY
# Submit data to Mozilla Location Service
# If set to true, geoclue will automatically submit network data to Mozilla
# each time it gets a GPS lock.
#
submit-data=false
# URL to submission API of Mozilla Location Service
submission-url=https://location.services.mozilla.com/v1/submit?key=geoclue
# A nickname to submit network data with. A nickname must be 2-32 characters long.
submission-nick=geoclue
# Application configuration options
#
# NOTE: Having an entry here for an application with allowed=true means that
# geoclue will not ask agent to authorize the application. This is to
# ensure that applications with built-in authorization mechanism (e.g web
# browsers) do not have to be bound to agents.
#
# If your application is denied access to location information and your
# operating system doesn't provide any mechanism to change that, it is
# likely a bug in your operation system (or geoclue). The solution is to
# report the issue with all details, rather than adding your application
# to this list.
#
# Format:
#
# # Desktop ID of application without .desktop part
# [random-app]
#
# # Allowed access to location information?
# allowed=true|false
#
# # Is application a system component?
# system=true|false
#
# # List of UIDs of all users for which this application is allowed location
# # info access, separate by ';'. Keep it empty for allowing it for all users.
# users=
[gnome-datetime-panel]
allowed=true
system=true
users=
[gnome-color-panel]
allowed=true
system=true
users=
[org.gnome.Shell]
allowed=true
system=true
users=
[io.elementary.desktop.agent-geoclue2]
allowed=true
system=true
users=
[epiphany]
allowed=true
system=false
users=
[firefox]
allowed=true
system=false
users
The file above is from my computer but without making a super close inspection it looks to be very similiar if not, exactly the same on the pinephone.
Regarding the pinephone now, I turned off mobile network to isolate the wifi as a single parameter and changed all the non system application to allowed=false. That did not do anything noticable in regards to Maps. I have no idea what "ephipany" is but it doesnt seem related.
Then I changed
Code: # Enable WiFi source
enable=false
and now my Maps location shows as another city 20 minutes away from where I actually am instead of previously within 100 meter! This is at least for me, amazing because now I once again feel like I am in control of my personal data.
Maybe Maps as an open source application is not comparable to "Evil Google", maybe the mozilla location services does not gather any user identifiable data even if they share it to third parties. I dont know enough to know for certain. But, at least now im once again back on track to having my own say in the matter and for that im super thankful for the discussion going on here.
(09-22-2020, 08:58 AM)wi_badger Wrote: (09-22-2020, 06:09 AM)bcnaz Wrote: ....maybe I am being overly cautious, but reading Mozilla's disclosures and disclaimers they use third parties and share
information with them including Google and others, But they tell you they are not responsible for what the third
parties do with that shared information.
I'm not sure that it's possible to be "overly" cautious about these issues ... but not surprised that they share information.
The key question is how much information is passed in addition to location.
IP address, almost certainly, MAC address maybe. Phone number ? Don't know.
Name ? Lots of us out there named mobian, right ? But how about the name on an email account ? Again, don't know.
If you check the /etc/geoclue/geoclue.conf file it suggests that at least the name is submitted not as mobian but as:
Code: # A nickname to submit network data with. A nickname must be 2-32 characters long.
submission-nick=geoclue
Also, my default setting on the pinephone for sharing data with mozilla was:
Code: # Submit data to Mozilla Location Service
# If set to true, geoclue will automatically submit network data to Mozilla
# each time it gets a GPS lock.
#
submit-data=false
I really respect that it was indeed set to false by default.
EDIT: Im stupid, I took that info from what I posted in my previous post which was terminal data from my linux computer. I dont know anymore if the default setting for submitting network data to Mozilla on the pinephone is set to false. So better check that on your own and dont take my word for it. Would also be nice if someone could confirm what the default setting is or I will have to reinstall everyting again to check.
RE: location tracking - wi_badger - 09-23-2020
(09-22-2020, 02:37 PM)ergo owl Wrote: (09-20-2020, 03:40 PM)devrtz Wrote: Relevant wiki article
Thanks alot, that was very informative! Instant level up of my location tracking knowledge.
I am having a blast right now modifying the /etc/geoclue/geoclue.conf file both on the pinephone and on my computer.
Code: GNU nano 4.8 geoclue.conf Modified
# Configuration file for Geoclue
#
# NOTE: All configurations settings below are mandatory and the defaults are
# what you see before you edit them. If you want to keep the default
# values around, copy and comment out the appropriate line(s) before
# changing them.
# Agent configuration options
[agent]
# Whitelist of desktop IDs (without .desktop part) of all agents we recognise,
# separated by a ';'.
whitelist=geoclue-demo-agent;gnome-shell;io.elementary.desktop.agent-geoclue2
# Network NMEA source configuration options
[network-nmea]
# Fetch location from NMEA sources on local network?
enable=true
# 3G source configuration options
[3g]
# Enable 3G source
enable=true
# CDMA source configuration options
[cdma]
# Enable CDMA source
enable=true
# Modem GPS source configuration options
[modem-gps]
# Enable Modem-GPS source
enable=true
# WiFi source configuration options
[wifi]
# Enable WiFi source
enable=true
# URL to the wifi geolocation service. The key can currenty be anything, just
# needs to be present but that is likely going to change in future.
url=https://location.services.mozilla.com/v1/geolocate?key=geoclue
# To use the Google geolocation service instead of mozilla's, simply uncomment
# this url while changing API_KEY to your Google API key and comment out or
# remove the url above.
#
# WARNING: Please make sure that you are complying with the Google's ToS and
# policies if you uncomment this:
#
# https://developers.google.com/maps/documentation/geolocation/policies
#
#url=https://www.googleapis.com/geolocation/v1/geolocate?key=YOUR_KEY
# Submit data to Mozilla Location Service
# If set to true, geoclue will automatically submit network data to Mozilla
# each time it gets a GPS lock.
#
submit-data=false
# URL to submission API of Mozilla Location Service
submission-url=https://location.services.mozilla.com/v1/submit?key=geoclue
# A nickname to submit network data with. A nickname must be 2-32 characters long.
submission-nick=geoclue
# Application configuration options
#
# NOTE: Having an entry here for an application with allowed=true means that
# geoclue will not ask agent to authorize the application. This is to
# ensure that applications with built-in authorization mechanism (e.g web
# browsers) do not have to be bound to agents.
#
# If your application is denied access to location information and your
# operating system doesn't provide any mechanism to change that, it is
# likely a bug in your operation system (or geoclue). The solution is to
# report the issue with all details, rather than adding your application
# to this list.
#
# Format:
#
# # Desktop ID of application without .desktop part
# [random-app]
#
# # Allowed access to location information?
# allowed=true|false
#
# # Is application a system component?
# system=true|false
#
# # List of UIDs of all users for which this application is allowed location
# # info access, separate by ';'. Keep it empty for allowing it for all users.
# users=
[gnome-datetime-panel]
allowed=true
system=true
users=
[gnome-color-panel]
allowed=true
system=true
users=
[org.gnome.Shell]
allowed=true
system=true
users=
[io.elementary.desktop.agent-geoclue2]
allowed=true
system=true
users=
[epiphany]
allowed=true
system=false
users=
[firefox]
allowed=true
system=false
users
The file above is from my computer but without making a super close inspection it looks to be very similiar if not, exactly the same on the pinephone.
Regarding the pinephone now, I turned off mobile network to isolate the wifi as a single parameter and changed all the non system application to allowed=false. That did not do anything noticable in regards to Maps. I have no idea what "ephipany" is but it doesnt seem related.
Then I changed
Code: # Enable WiFi source
enable=false
and now my Maps location shows as another city 20 minutes away from where I actually am instead of previously within 100 meter! This is at least for me, amazing because now I once again feel like I am in control of my personal data.
Maybe Maps as an open source application is not comparable to "Evil Google", maybe the mozilla location services does not gather any user identifiable data even if they share it to third parties. I dont know enough to know for certain. But, at least now im once again back on track to having my own say in the matter and for that im super thankful for the discussion going on here.
(09-22-2020, 08:58 AM)wi_badger Wrote: (09-22-2020, 06:09 AM)bcnaz Wrote: ....maybe I am being overly cautious, but reading Mozilla's disclosures and disclaimers they use third parties and share
information with them including Google and others, But they tell you they are not responsible for what the third
parties do with that shared information.
I'm not sure that it's possible to be "overly" cautious about these issues ... but not surprised that they share information.
The key question is how much information is passed in addition to location.
IP address, almost certainly, MAC address maybe. Phone number ? Don't know.
Name ? Lots of us out there named mobian, right ? But how about the name on an email account ? Again, don't know.
If you check the /etc/geoclue/geoclue.conf file it suggests that at least the name is submitted not as mobian but as:
Code: # A nickname to submit network data with. A nickname must be 2-32 characters long.
submission-nick=geoclue
Also, my default setting on the pinephone for sharing data with mozilla was:
Code: # Submit data to Mozilla Location Service
# If set to true, geoclue will automatically submit network data to Mozilla
# each time it gets a GPS lock.
#
submit-data=false
I really respect that it was indeed set to false by default.
EDIT: Im stupid, I took that info from what I posted in my previous post which was terminal data from my linux computer. I dont know anymore if the default setting for submitting network data to Mozilla on the pinephone is set to false. So better check that on your own and dont take my word for it. Would also be nice if someone could confirm what the default setting is or I will have to reinstall everyting again to check.
The geoclue.conf file on my braveheart seems substantially the same ... and submit-data is set to false.
Lots of interesting stuff in there !
RE: location tracking - ergo owl - 09-25-2020
I thought I would make another post here since now there is the new Weather app that also uses location services taken from geoclue, perhaps via gnome-shell. I am not fully aware of exactly how the communication between these apps take place, anyways:
Changing the geoclue.conf file in /etc/geoclue/ to the following disables the location "tracking" while connected to WLAN.
Code: # Fetch location from NMEA sources on local network?
enable=false
Code: # Enable WiFi source
enable=false
This also works to disable location pin pointing in the Maps app and I assume all other apps aswell that use geoclue for one reason or another.
It would be nice to have some better overview of apps that work together with the information that geoclue provides. Maps and Weather are two obvious one but how to know if Geary or the new Camera app makes use of geoclue as well? I might be breaking some other features as well by disabling NMEA sources but to my knowledge there is no other way since there is no individual app location settings control in the current mobian release. Please correct me if im wrong Im happy to be enligthened.
RE: location tracking - bcnaz - 09-25-2020
Thank you for sharing your 'insights' on this !
Wonder about discussing this with @a-wai ?
|