About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Learning Curve

Fox Sleeps with the Devil?

Mozilla's new 'opt-in' system is actually 'opt-out'. Here's how you change that around.

Get It

Try It

The following holds for Firefox 3.5 on all platforms. It has to do with the new 'location-aware browsing' 'feature'.

Websites that use location-aware browsing will ask where you are in order to bring you more relevant information, or to save you time while searching. Let's say you're looking for a pizza restaurant in your area. A website will be able to ask you to share your location so that simply searching for 'pizza' will bring you the answers you need... no further information or extra typing required.

Or, if you're mapping out directions to get somewhere, the website will know where you're starting from so all you have to do is tell it where you want to go.

This service is totally optional - Firefox doesn't share your location without your permission - and is done with the utmost respect for your privacy. And, like all elements of Firefox, it's being created using open standards to ease adoption by Web developers.

There are of course a number of objections to the above.

  • It's websites asking for information. Once they have it you and Moz have no way of controlling what they do with it.
  • They'll be querying your shiny brand new FF 3.5 and FF 3.5 will offer it up to them just like that.
  • That 'utmost respect for your privacy' has been heard before. Not to say Moz have bad intentions - it's just that - to quote Maverick's commander: 'your body is writing cheques your body can't cash'. This service is connected with Google and Moz can't guarantee anything Google do.
  • It's never about good intentions - it's about potentially harmful data being out there in the first place.

Privacy advocates have only begun to look into this one. So they might later concur there's nothing to fear. But one thing must be pointed out already at this impasse: it's not an opt-in system as Moz claim - it's opt-out.

Now more from the Moz site. This is where it gets creepy for a lot of people.

When you visit a location-aware website, Firefox will ask you if you want to share your location.

If you consent, Firefox gathers information about nearby wireless access points and your computer's IP address. Then Firefox sends this information to the default geolocation service provider, Google Location Services, to get an estimate of your location. That location estimate is then shared with the requesting website.

So FF 3.5 is scanning your physical location - through your computer - for hotspots. Gives you a fuzzy warm feeling?

But what happens to your personal data - aside from telling you where the nearest pizzeria is?

Firefox never shares your location without your permission. When you visit a page that requests your information, you'll be asked before any information is shared with the requesting website and our third-party service provider.

What a relief - it's just that the site repeatedly claims this is 'opt-in'. It's not. And if you didn't find their web page - or find this or any other article about the new 'feature' you'd have it there working and not be much more clued in.

By default, Firefox uses Google Location Services to determine your location by sending:

  • your computer's IP address;
  • information about the nearby wireless access points; and
  • a random client identifier, which is assigned by Google, that expires every 2 weeks.

Another Google 'cookie'. Ahem.

Turning It Off

Moz have a number of instructions how you turn this 'feature' off. Note they again claim this is 'opt-in': if it's 'opt-in' then why do you have to turn it off? But here's how you do it (for starters).

  1. Type 'about:config' in your location bar.
  2. Wade through the 'are you sure' bit.
  3. Type 'geo.enabled' in the search field.
  4. The 'geo.enabled' pref will pop up. Note it's enabled by default.
  5. Double-click the preference - note it now says 'false'.

You're done. At least you are. Have anyone else using your computer? Read on.

Digging Deeper Still

Firefox 3.5's geo location service is not 'opt-in' - it's enabled by default. The setting you just changed in the above five-step procedure doesn't change your default setting - that setting is still enabled.

The setting you just changed can be found in the following file (after you set it - it's not there before you set it).

~/Library/Application Support/Firefox/Profiles/*/prefs.js

The setting in question is the following.

user_pref('geo.enabled', false);

Remove the above line and you'll see your Firefox 3.5 reverts to having the setting enabled again. This is because the real setting comes from a different file:


Look for the following two lines at the bottom.

// Enable/Disable the geolocation API for content
pref('geo.enabled', true);

You can disable this easily - just comment the pref out.

// Enable/Disable the geolocation API for content
// pref('geo.enabled', true);

You might also want to comment out the Fox's connection with Google.

// base url for the wifi geolocation network provider
// pref('geo.wifi.uri', 'https://www.google.com/loc/json');

The access to these settings is not through 'XUL' but seems to be through 'NetworkGeolocationProvider.js' found in 'Firefox.app/Contents/MacOS/components'.

Happy 4th.

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.