Firefox 3.5 and the brave new world

I downloaded Firefox 3.5 for my Mac this morning – after carefully checking that it would work with my plugins, especially the beloved Zotero. The new features list is a variable set, but one of the more remarkable is its ability to send information about your whereabouts to Google, who then can plot your position on Google Maps. I had a go – it was rather scarey: I was located exactly at the right spot of my road. So how do they do it? The Mozilla (ie. Firefox) website is a bit circumspect:

When you visit a location-aware website, Firefox will ask you if you want to share your location.

If you consent, Firefox gathers information about nearby wireless access points and your computer’s IP address. Then Firefox sends this information to the default geolocation service provider, Google Location Services, to get an estimate of your location. That location estimate is then shared with the requesting website.

If you say that you do not consent, Firefox will not do anything.

Now I guess it’s no surprise to the more geeky readers of this site that it is possible to work out the country you live in from the IP range of your computer – which is how many company sites automatically relocate you to the local/national version of their website. What was more intriguing, to me anyway, was how Google could locate me by nearby wireless access points. What’s going on here? My guess is that Google, in using those photographing vans, has squirrelled away in its database somewhere the names of all local wireless access points it has picked up during its various stops to take photographs, and hence knows where your local wireless access-point/router is (or was) located. The Firefox privacy page gives some more details:

If you choose to allow it, the Firefox Location-Aware Feature first collects one or more of the following relevant location markers: (i) location provided by a GPS device built into or attached to your computer or device and/or geolocation services provided by the operating system; (ii) the wifi routers closest to you; (iii) cell ids of the cell towers closest to you; (iv) the signal strength of nearby wireless access points and/or cellular phone towers; and/or (v) your computer or device’s IP address. Next, it attempts to determine your location using these location markers. Any information Firefox uses, receives or sends as part of this Location-aware Feature is not received by any Mozilla servers or by Mozilla. Firefox does not track or remember your location. Firefox does remember a random client identifier, the temporary ID assigned by our third party provider to process your request, for two weeks.

In my case, the computer was not connected to a GPS device or a cellphone, so all it had to go on was the IP address and the SSIDs of the local wireless network and relative signal strength. Yet it got me to the correct end of the street and the correct side of the road. I cannot believe it could have done that by IP alone.

Now Firefox are falling over themselves to say that your browser will only send this information to Google if you give it permission (and in my case, that permission is asked every time it wishes to do so) and then the info is sent across an encrypted link to Google. And, since its Firefox, I’m inclined to believe them, since the Firefox browser is open source and therefore open to the scrutiny of anyone who wishes to (and who can understand the code). However, were Microsoft or Apple to supply me with a browser which could send this kind of information to heaven-knows-who, I would have to take their word for it that they were going to use this information for the purposes they say their were.

A few conclusions from this little foray into computer-enabled-geolocation:

1. Firefox may have opened a pandora’s box here (and I guess users of iPhones must be long used to this sort of thing). We are moving from a time when surfing the internet was a relatively hidden activity to one where, now, the technology allows just about anyone with sufficient wherewithall to  find out where you are, almost to within a house or two. A good or bad thing?
2. Firefox have just provided me with the final (as if I wasn’t pursuaded already) reason why I will, henceforth, only use an open-source browser,  and also a good reason only to use open-source software generally. Any operating system could build in this facility of its own without recourse to using a particular browser, sending the information as to your whereabouts to any company, government agency or commercial marketing firm that it sees fit.
3. Firefox, or more fairly, this technology, permits large-scale surveillance of the population by any government who wishes to do so. They would need the capacity of a Google to aggregate the local information indicators such as WiFi SSIDs, mobile phone masts, GPS locator and IP range, but, once they’ve got it, the police can immediately find out where you (or, at least, your computer) is at any particular time. Given the propensity for governments such as those in China and Iran to censor the internet, how long before they will insist on access technology which harvests and reports on users’ locations as a matter of course? In other words, it’s the ultimate snoop tool if used in a certain way.

That said, I can’t help saying that, used voluntarily and under due supervision (of the software firms, rather than the users) it is a potentially useful tool. I just don’t think these big software concerns will simply continue to offer it just for free. The future trajectory of Google in the use it makes of this kind of information should be watched closely.