Wow, ok, this is freaky.
New computer. Fedora Silverblue 36. Not signed into anything. Location services is on (using Mozilla location services). I’ve been living in Ireland now for 3+ years.
I open GNOME Maps app. I grant it location access. I press the “Go to current location” button.
It goes to the exact location of the home we had in Malmö, Sweden.
What. The. Fuck?
OK, so I have no idea how that’s possible. Mozilla must have somehow cached that location but how do they know it’s me?
Fucking hell, as some of you have pointed out in the comments, also, it’s tied to my router. I have the same router I had in Malmö. If this is not a GDPR violation, I have no idea what is.
So Mozilla – Defender of Privacy™ – is storing my location history, tied to my router, without ever having gotten consent from me to do so.
This is a fucking scandal.
@jwildeboer Same router. Unbelievable violation of privacy. So Mozilla is keeping location history tied to your router. I never consented to that. If this doesn’t violate GDPR at its core, we might as well throw GDPR in the bin.
And to think Mozilla Location Services is presented during the installation process of nearly every Linux distribution.
This is a scandal.
@aral It just needs someone who picks up the WLAN beacon signal (not even having to connect) on an (android) phone with consent to share location and it'll add your router/WLAN with its GPS coordinates to the database. So it's not even possible to really opt-out.
Why is it never an opt-in? 🤒
"How do I prevent my wireless access point from being collected?
Mozilla's client applications do not collect information about WiFi access points whose SSID is hidden or ends with the string "_nomap". If you would like to prevent your WiFi access point from being reported to this service, you can rename your SSID to append "_nomap" to the name (eg, SSID "MyWirelessNetwork" becomes "MyWirelessNetwork_nomap") or configure your SSID to be hidden"
@aral so from a legal perspective everything is "fine". Your WLAN was added to the database with the consent of whatever person who happened to be close to it at some point in time. It's a weird world out there :(
@aral good luck with trying to convince the useless Irish data protection agency to take swift action :(
Don't forget that Google, Apple Microsoft and others are also collecting this data, so if your in the Mozilla database, you are probably in theirs too.
Things to do about it:
- File a complaint with the Irish DPC
- File a complaint with the Swedish DPC
- Request your data from Mozilla, Google, Apple and Microsoft.
- Demand to delete your data by those companies based upon your right to be forgotten by GDPR
- Quit your job and spend the coming few decades fighting this fight. Fulltime.
But above all, ask @noybeu to get involved.
Sometime there are job openings in https://european-pirateparty.eu and keep an eye open for other privacy organisations.
@aral @jwildeboer But is it uniquely identifiable to YOU and to YOUR home? What is in the database? SSID and geolocation, of which neither should be personally identifiable information, unless you name your SSID after yourself, obviously.
I don't think even the MAC address of your router is personally identifiable either, as that information doesn't travel through different subnets, and it's neither globally unique.
Don't get me wrong, I'm no expert on GDPR, but I think there are worse offende
@jwildeboer @aral Oh yeah, this is how Skyhook etc. work. They drive through towns, and triangulate each Wifi signal a few times. The SSID gets correlated with that GPS coordinate. It's how "fast Wifi lookup" without GPS works. Most cell phones these days perform this triangulation as well, feeding Apple/Google's Skyhook-obsoleting databases.
@aral that's stuff like that that gets me mad at Firefox and thinking : where my Duck Duck Go browser at ?!
@aral interesting. I've seen this with my SSID in the past, similar country wandering as yourself.
As your SSID is broadcast publically, any drive-by devices (Google Map cars, or indeed any random mobile device that slurps location data) could pick this up and stash it in a public database, correlating it with the BSSID of the actual device that is sending it.
So why do you blame Mozilla for this, and not GNOME maps? Or indeed whatever company is hoovering up that data in the first place?
I know there's a lot to get angry in the world today. Mozilla is less worse than many others.
both have IRC and matrix chats to find out more info about how this happens.
I wonder if you disable geoclue in Fedora, and then re-try this with a fresh profile, does firefox etc find the correct physical location then?
Reading up on
https://en.wikipedia.org/wiki/Wi-Fi_positioning_system#Public_Wi-Fi_location_databases this is an absolute privacy rathole.
It looks like geoclue etc also support correlation of "nearby" devices, including cell towers. So, any other cellphone devices could be updating location data (Google Drive and Apple CarPlay for example, or TomTom apps) and filling the coffers of the geodata pirates.
It's kind of impossible to not have a location related to your wifi router, it doesn't even need your consent. I frequently gather and share nearby WiFi networks and radio cells with my GPS on during my walking, to improve libre/free databases like the Mozilla one. So it's not necessary to have your explicit consent to know where your router is, but anyone can gather and share that information. It's not related to your identity in any way, tho, it's just a Mac address geolocated somewhere
@aral hmmm... would love to check that but I dont use Gnome ... but the app is installed.
But launching it I got :
(org.gnome.Maps:2917014): folks-WARNING **: 16:46:51.336: Failed to find primary PersonaStore with type ID 'eds' and ID 'system-address-book'.
Individuals will not be linked properly and creating new links between Personas will not work.
The configured primary PersonaStore's backend may not be installed. If you are unsure, check with your distribution.
I guess I'm alright 😅
@aral To better understand your position here: if you don't like the way Mozilla's geolocation works, what would you say about https://github.com/n76/DejaVu, that's basically the same approach, but the data about your WiFi AP collected by users are stored at their phones and serve to only those users?
This is my personal Mastodon.