Starting around eight years ago, browsers could be tapped by websites to provide an approximate to exact notion of where you are. Fortunately, from nearly the beginning, there was an understanding by those developing standards and implementations that such information should require affirmative permission—opt-in! From the advent, in nearly every case, you’ve been prompted whether or not you wanted to give a site your current location, often with some limitations.
It’s very handy to offer up your whereabouts to, say, a retail chain or bank site, where it can automatically show the nearest locations without you having to type in a zip code. We’re used to this convenience in mobile devices, and iOS has extremely granular app-based location controls. But in a mobile browser, as long as the browser can use location, any site you visit can request position; the permission granted is unique to each site.
However, once you’ve provided your location, it gets trickier. Do you want to opt in for all eternity? Every major browser has a different way of handling your initial and subsequent choices and how to change “forever” decisions you made in the past.
Google just improved one underlying security weakness, which prompted this column, but also makes me wonder whether other browser makers will step up.
Cloak and decloak
Desktop versions of Safari, Chrome, and Firefox each have a different approach in the permission you can initially grant to a site.
Safari first relies on system-wide location permissions, something that Firefox and Chrome bypass, even though you’d think that should be forbidden? You can disable all app-based location privacy at a go, or prevent Safari from even asking. In the Security & Privacy system preference pane, click Privacy, and then click the lock in the lower-left corner and enter your password. You can now uncheck Enable Location Services or scroll through the list and uncheck Safari.
You can also set a variety of limits within Safari. In Preferences > Privacy, you can disable all location prompts by choosing Deny Without Prompting. I have mine set to “Prompt for each website once each day.” Oddly, even with that choice, Safari’s prompt when a site requests your location leaves the checkbox “Remember my decision for one day” unselected. (The results of this interaction aren’t totally clear.)
If you choose “Prompt for each website one time only” in Safari’s preferences and leave “Remember my decision for one day” unchecked, Apple doesn’t provide a suggestion about deleting this choice except for selecting Safari > Clear History, which wipes cookies, location, cache, and history. (Hold down the Option key and it just deletes browsing history.)
However, I found an undocumented feature. In Preferences > Privacy, click Details below “Remove all website data” (it may take a moment for the Details button to appear), then search on a site for which you want to remove your location preference. Delete the entry by clicking Remove. In my testing, this resets the preference.
Chrome will prompt by default if a site requests your location, but you can only opt in or out—not for a period of time. Once you’ve made that choice, you can modify it. Visiting chrome://settings/content lets you scroll down to Location and click Manage Exceptions where you can see all the sites you allowed and denied to track.
Firefox has a bit of the worst of both Safari and Chrome. It lacks an option to share your location for a day or other period, asking only whether you want to allow or not, and doesn’t let you edit these permissions without visiting a site. It’s a bit problematic and paradoxical that you have to visit a site you no longer want to allow to track you in order to disable that site’s ability to track you. (On a given page, use Tools > Page Info, click the Permissions tab, and modify the settings for Access Your Location.)
In iOS, Safari will prompt you just as it does in the desktop version. However, while you can disable Safari location awareness entirely (Settings > Privacy > Location Services > Safari Websites), you can’t remove or change settings for an individual site. You can reset all site preferences via Settings > Safari > Clear History and Website Data, which is a nuclear option and, if you’re signed into the same iCloud account on multiple iOS devices and Macs, wipes all that information from every copy of Safari on those pieces of hardware.
Broadcasting from a secure location
Websites have always been able to place someone approximately using the Internet protocol (IP) address that’s part of the browser’s connection to a Web server. If you use anonymizing services (like Tor) or virtual private network (VPNs) tunnels, this can obscure where you are to a site. Outside of that, you can’t outright prevent sites from guessing about where you are.
Browser-based geolocation is a lot more private, though, and the long-imposed safeguards that require a browser asks permission are a nice exception in a digital world that doesn’t seem to value our privacy over the interests of advertisers and marketing.
There remains one outstanding security weakness, however, that Google just addressed after months of alerting website developers to the change. As of Chrome version 50, the browser only provides a location response
if the connection is secured.
As Google’s developer’s blog neatly explains, “If the user’s location is available from a non-secure context, attackers on the network will be able to know where that user is. This seriously compromises user privacy.” Because the information could be sent in the clear, an attacker could be at any position in the network, from a public Wi-Fi network through intervening network connections and backbones to a data center. That’s a big area of risk.
Safari and Firefox, however, worked just fine with a number of sites that request location using unencrypted “http” connections instead of “https.” It’s probably past time that all browsers enforce this same policy.