Skip to Content

Privacy & Data

LocationFox

/ Alissa Cooper

A couple of weeks ago I wrote about one of the upgrades in the iPhone 3.0 software update that allows the Safari browser on iPhone to be location-enabled. Firefox had previously implented something similar in a beta version of the browser, and now that functionality has been released to the world. Firefox 3.5, released on Wednesday, is fully "location-enabled." What this means is that Web sites can now ask Firefox for your location, and the browser can now deliver it. Initially, Google has signed on as the default "location provider" for Firefox. As a Firefox user, suppose you pull up a Web site that wants to use your location. Firefox will gather some information about WiFi access points near you and send that information to Google. Because Google maintains a database that maps WiFi access points to actual physical locations, it can use this information to calculate your location. That location gets sent back to your Firefox browser, and the browser forwards it on to the Web site that originally requested it. The accuracy of the location depends on a number of factors, but can be within a handful of meters in densely populated areas. Firefox and Google have taken a couple of excellent steps to protect the privacy of Firefox users throughout this process. The location information gets transmitted over an encrypted connection so it can’t be sniffed en route between the browser and Google or vice versa. Firefox doesn’t provide Google with any information about the site that made the location request, so Google doesn’t learn anything extra about your browsing habits. Google also de-identifies the information it receives from Firefox two weeks after it’s collected. This seems like a pretty solid set of standards that all location-enabled browsers and location providers should be able to meet. While it’s nice to see Google and Firefox take these steps, we’re hopeful that Firefox will be able to expand its pool of location providers, and that new location providers will be able to meet these same standards. There are actually a diversity of ways in which Web users can or will soon be able to obtain their own locations, and as new location providers crop up, users should have the ability to choose their preferred provider. On the user experience side, the story is somewhat mixed. While Firefox will prompt you for your permission before passing your location on to a Web site, there’s no easy way to see a list of sites you’ve given your location to. If you lose trust in a particular site, you have to go back to the site itself to revoke its permission, which is probably precisely what you won’t want to do. And the mechanism for disabling location-awareness altogether is somewhat complex. We expect to see some more intuitive user controls for these kinds of features as more and more Web sites become location-enabled.

Related Reading

The CDT logo. A white "cdt" alongside "Center for Democracy & Technology" on a light blue background.

CDT Launches Partnership with U.S. Access Board and AAPD to Support Disability Community Engagement on AI
The CDT logo. A white "cdt" alongside "Center for Democracy & Technology" on a light blue background.

The European Data Protection Board’s Opinion on “Pay or Okay” Models – Surveillance-based Advertising is on Borrowed Time
The CDT logo. A light and dark grey "cdt" alongside "Center for Democracy & Technology" on a white background.

Supporting Internet Privacy from the Ground Up