Where you are located on Earth can be pretty sensitive information. How does it work in your browser and what are the privacy implications?

Read this article in Español.

Geolocation is a useful thing when you want a website to provide you with a local map, route, or suggest a nearby restaurant or hotel.

However, if you stick with the “always-on” geolocation setting (on by default in most desktop browsers), you are exposing yourself to privacy risks. Geolocation data just gives away too much sensitive information and even intimate details about your life.

There’s even more at stake when it comes to geolocation on your mobile phone. You are probably giving a myriad of mobile apps access to your geolocation data without realizing you are compromising your privacy. This is because many mobile apps collect geolocation data without asking specific permission.

As The New York Times Privacy Project recently found out, logging the precise movements of tens of millions of people is not the prerogative of telecoms and giant tech companies. Many small companies – also largely unregulated and little scrutinized – store gigantic data files with location information.

As with all private data, geolocation data is sold to data brokers who build user profiles of consumers with information such as medical conditions, religious beliefs, and more.

Geolocation tracking can be misused at scale in even more ways. Recently, a German artist illustrated how it is possible to create a virtual traffic jam in Google Maps by walking around the streets of Berlin with 99 mobile phones.

On mobile, you may also be unknowingly revealing your location if your phone is “geo-tagging” your photos.

How geolocation works on a PC

Given that most PCs don’t have GPS functionality, have you ever wondered how your browser can locate you so precisely?

Typically, when you pull up a site like Google Maps, you give it access to Geolocation information.

In most cases, your location is worked out based on a scan of nearby Wi-Fi access points. All it takes is a scan of what is available and how strong the signal strength is. You do not need login credentials to any network to get your geolocation determined.

As a side note, the scan will most likely also detect your own private Wi-Fi access point – the one you use at home.

The list of Wi-Fi access points is then passed back to a location services provider who have built up lists of Wi-Fi access points and their physical location in the real world. Triangulation against these known locations is performed in combination with their relative signal strength to position you with – in most cases – a pretty good degree of accuracy.

Among the best-known location service providers are Google Location Services, Microsoft Location Services, Skyhook, and Mozilla Location Services.

Occasionally, at Vivaldi, we get reports that people show up in a different location relative to another desktop browser they have installed. Usually, this is because the majority of browsers use Google Location Services, while we use Mozilla Location Services.

Geolocation privacy settings

So what should you make of all this?

For starters, you can proactively think about the geolocation settings on your devices.

Check out the location service provider your browser uses. At Vivaldi, we choose to work with Mozilla Location Services for our desktop browser. It’s the provider we have the most faith in when it comes to handling correctly this particularly sensitive information.

Mozilla Location Services collect only information that is strictly needed to provide the service. For example, the service does not collect the SSID name from Wi-Fi networks but collects the BSSID which is often the MAC address of the Wi-Fi device.

With your permission, we pass the location data to Mozilla Location Services. Vivaldi won’t save any location data.

And what about the GPS-based location? Do Mozilla get to see this?

The Mozilla Location Services “Geolocate” API determines the current location based on data provided about nearby Bluetooth, cell or Wi-Fi networks and based on the IP address used to access the service. If you have a device with GPS, there is no need for a location services provider because what the provider returns is longitude and latitude – something you already have directly from GPS.

If you are concerned about geolocation and privacy, make sure that the “Geolocation” setting in your browser is not set to universally allow geolocation tracking. We recommend that you keep that setting in a mode that requires websites to ask your permission when they need to collect this kind of information.

In Vivaldi, the default setting for geolocation is “Ask”. You can also set it to “Allow” and “Block”. The first time you go to a website that requests geolocation information, you’ll see Mozilla Location Services’ terms and conditions. If you agree to these, the service will be activated on a per-site basis.

To check or change your “Location” preference for each site that requires this, you can click on the padlock icon in the URL field and select “Location”.

* * *

Read more on privacy:

Privacy is not just a personal matter

VPNs, proxies, and privacy

Vivaldi’s powerful privacy settings