Michael Horowitz
Home => Location Tester
[Formatted for Printing] From the personal web site of  Michael Horowitz

Location Tester

a website asks permission to access the location of your computer

We have all seen this message at times, a website wants to know our location. If you allow it ... what then? That's what this page shows. Using JavaScript, it displays what the browser/website is told when you give it permission to access your location.

So what? Lots of websites, such as where-am-i.net, whatmylocation.com and gps-coordinates.org can display your location on a map. The last two even convert the Latitude and Longitude into a street address.

Interestingly, the browser also includes information about how accurate the location is. But, is the accuracy information accurate? And, is it consistent across browsers on the same operating system? If not, then which browsers aid our privacy by fudging the location information? Click the button below to test your browser.


Click the button to see what your web browser is told about your location.

DATA SOURCES

What is happening here is the web browser is asking for location information from the Operating System. But, how does the Operating System learn where it is?

In the old days, the only option was the public IP address. This can be hit or miss. Most of the time, it will locate the country you are in. Sometimes the city too. Sometimes your neighborhood. A public IP address can be spoofed using a VPN, Tor or a proxy. Recently I was connected to a VPN server in Massachusetts while looking to buy a copy of Office at Microsoft.com. When it came time to quote prices, they were in Canadian dollars. For whatever reason, the Microsoft website thought the VPN server was in Canada. The weather website accuweather.com always seems to use the public IP address to determine your location.

Now, Wi-Fi is often used and it can be amazingly accurate. Of course, there is also GPS but not all devices support and it does not work well indoors. Cellphones can locate themselves via nearby cell towers. Even Bluetooth can be used to learn where a device is. I think the find-my-device feature in iOS 14 uses Bluetooth to talk to nearby iOS devices for location purposes (not sure).

All the web browsers I have tested, default to asking permission before providing location information to a website. If you deny the Best Buy website access to location information, then it uses the public IP address to determine the store nearest to you.

HOW WIFI LOCATING WORKS ON A CHROMEBOOK

In addition to a name, every Wi-Fi network has a hidden unique number called a MAC address. While you can opt not to broadcast the name of a Wi-Fi network, the MAC address is always publicly visible. You should be able to see it using any Wi-Fi scanning program. You might think that there is a big database in the cloud keyed off the MAC address that returns its physical location. But, no, at least according to the tests that I ran.

To see how accurately Wi-Fi can locate the device its running on, I used a Chromebook in Guest Mode running Chrome OS version 86. Chromebooks do not support GPS. Guest Mode was used to insure the browser had no saved data of any type.

The first request was reported to be accurate to within 364 feet. Shortly thereafter, the accuracy was 276 feet. The next test had a reported accuracy of 118 feet. This tells us that the Wi-Fi networks of your neighbors play an important part in learning your location.

The signal strength from Wi-Fi networks comes and goes. Anyone who has used a Wi-Fi scanning app is used to seeing the detected signal strengths vary. Its like watching waves on the ocean. The longer the computer is evaluating nearby Wi-Fi networks, the more accurate a reading it will get. At least in a crowded Wi-Fi area; and the test was done in very crowded Wi-Fi neighborhood. As for the reported accuracy of 118 feet, it was indeed accurate. Frighteningly so.

Lesson learned: Guest Mode on a Chromebook is not quite the cloak of anonymity that it seems. If, by mistake, you allow a website to learn your location, it will learn it quite well.

Further proof of the importance of nearby Wi-Fi networks came from my next test. I created a new SSID and logged in to that network. I verified that this new network had a new MAC address. Yet, the Chromebook was not fooled. It said that the returned location was accurate to within 279 feet. In reality, it was accurate to within 279 inches.

LOCATION ACCURACY

I have just started to experiment with this and it is interesting to note that the results can be drastically different using different web browsers on the same computer. The location information can also be quite wrong. For example, I have seen the browser/website be told that the computer was the middle of the United States (Wichita Kansas 37.751,-97.822) even though it was on the East coast of the US connected to a VPN server that was also on the East coast. Much more testing is needed ...

FYI: Disable geolocation sharing on Chrome, Firefox, Internet Explorer, Edge, Safari, Opera by Express VPN. The section on Safari in iOS is broken. November 3, 2020

TESTING BROWSERS IN IOS VERSION 13.6 WITH WIFI

Tested on a Wi-Fi only iPad, so cell towers can not be used for location. All browsers were set to ask for Location permission and I always granted it. Tests were done with a VPN connection to a server a thousand miles away. Clearly, the public IP address from the VPN was ignored by iOS. Tests were done in November 2020. These are the relevant System Settings:

The results:

  1. Brave version 1.20 returned a location with an accuracy of 213 feet. In reality, it was 213 inches.
  2. Firefox version 29.1 also returned a location with an accuracy of 213 feet. Enhanced tracking protection was ON. I tested both with Tracking Protection levels of Standard and Strict, it made no difference.
  3. The Duck Duck Go browser version 7.54 returned the same brutally accurate location with a reported accuracy of 213 feet.
  4. The black sheep of this family was Safari, for which I could not find a version number. It returned no location at all, instead it got an error code 1, "User denied Geolocation". This was true not just for this web page but also for where-am-i.net. This is clearly a Safari thing, as it was granted Location Access in the system settings. A brief search turned up nothing about this quirk in Safari. Specifically, there is nothing about this here: Location Services & Privacy (from Apple as of Sept 2020) or here About privacy and Location Services in iOS and iPadOS (from Apple as of May 2020).

I also tested with Location Services OFF and, no surprise, it did block location information, not only for this website but to the other mapping sites listed above. Safari, Brave and Firefox all encountered an error code 1, "User denied Geolocation". The Duck Duck Go browser failed quietly, it did not raise an error condition.

But ... how much location data came from Wi-Fi vs. GPS?

Since there is no GPS on/off button on an iPad, this needs to be tested somewhere with Wi-Fi but without GPS. I had just the spot. I live in apartment building where the staircase is in the middle of the building. So, I tested this in the staircase outside my apartment. I used both an Android 10 and an Android 11 device to verify that no GPS satellites were visible from the staircase. Specifically, I used the GPS Test app from Chartcross. For good luck, I re-booted the iPad while in the staircase.

With no GPS, the iPad nonetheless perfectly located itself. All the browsers reported the same accuracy of 213 feet. The gps-coordinates.org site nailed the building address perfectly. As before, Safari failed to return any location information.

But, you may be wondering, how much location information came from a cloud-resident database that links previously seen SSIDs and their MAC addresses to their location vs. the nearby detected Wi-Fi networks? Me too. So, just as I did before (see above) with a Chromebook, I connected the iPad to a brand new SSID. Heck, I even connected it to a different router (in the same location). And, after connecting to the new SSID, I re-booted the iPad to insure that it wasn't using any saved location information and verified that it re-connected to the new SSID after it started up. And ...

... Your neighbors rat you out. Their Wi-Fi networks give away your location. Creating a new SSID did nothing. My exact location was detected by the iPad.

CONCLUSION: in a crowded Wi-Fi environment, location can be very accurate. If you don't want websites to learn your location, on iOS 13.6, use Safari.

TESTING BROWSERS IN IOS 14 WITH 4G

Coming....

TESTING BROWSERS IN IOS 14 WITH WIFI

Coming....

TESTING BROWSERS IN WINDOWS 10

Coming....

TESTING BROWSERS IN ANDROID 10

Coming....

TESTING BROWSERS IN A CHROMEBOOK

Coming....

TESTING LOCATION BY PUBLIC IP ADDRESS

I tested location using a public IP address on a Chromebook in Guest Mode with Wi-Fi disabled. Guest Mode insures the browser has no saved information. To make sure the Chromebook could not cheat with Wi-Fi, I turned the computer off, turned it back on, disabled Wi-Fi, turned the Chromebook off again, turned it back on and verified that Wi-Fi was still disabled. Then, I connected it to the Internet via a USB/Ethernet adapter and went into Guest Mode. The only way the Chromebook could locate itself was by its public IP address.

In my first test, it got pretty close. The reported accuracy was 1 mile (actually 5,400 feet). The returned location was actually off by 7 city blocks, a distance that Google maps measured as 0.4 miles.

Unlike with Wi-Fi, repeated requests for the location always returned the same result (no surprise). While logged in to the Chromebook (not in Guest Mode), the Chrome browser returned the same result (no surprise again). However, Firefox returned nothing. Just like Chrome, Firefox asked for Location permission, but when granted it, the actual request failed. Lesson learned. On a Chromebook, Firefox hides your location from websites, Chrome does not.

I did a second test of self-locating via the public IP address at a different location, using Firefox version 82 on a Windows 7 desktop PC connected to the Internet via Ethernet (and with Wi-Fi disabled). The browser was told that the accuracy was 4,100 feet (0.8 miles). In reality, the location was off by 1.8 miles (according to Google Maps).

 


JAVASCRIPT CODING REFERENCES

This page was initially based on the HTML Geolocation API page from W3 Schools.

From Mozilla: Using the Geolocation API

From Mobiforge: HTML5 for the Mobile Web – a guide to the Geolocation API back in 2013

Official spec: Geolocation API Specification 2nd Edition W3C Recommendation November 2016

 

 

 @defensivecomput TOP Home => Location Tester   
 michael--at--michaelhorowitz.com   Last Updated: November 19, 2020 5PM UTC  
  License Plate
Copyright 2001-2020
Copyright 2001-2020  
Printed at:   December 5, 2020 12:04am   ET
Viewed 612 times since November 7, 2020 (22/day over 27 days)