How Firefox Sync Gets Device location?
Under Firefox Accounts, Devices and Apps shows the various PCs and phones etc that are or have used sync. These devices often have a location shown.
How has mozilla obtained the location of the devices?
To be clear, the device is a Desktop PC, no WiFi, no GPS. That device has never had either. Further, IP geolocation shows a very different location, even checking various free sites and even Google, they agree on the same location which is very different to Firefox/Sync.
This has not come from my ISP. I use an ISP that dosn't give out such data (whois shows their city), and the IP is static from a range I control.
This is in Europe. This is looking like a breach of GDPR as I have never authorised and never given this data to Mozilla.
Wšě wotmołwy (5)
Firefox gets location information by using your IP address. This information is stored for security purposes, to attempt to detect attempts to access your account. Depending on the website that you use to lookup this information on your own, the result will vary.
For more information on the Firefox Accounts privacy policies, please click here.
Wot Wesley Branton
the documentation at https://github.com/mozilla/fxa/blob/master/features/FxA-99-improved-login-notification/README.md also contains some information on why and how.
Wesley Branton said
Firefox gets location information by using your IP address. This information is stored for security purposes, to attempt to detect attempts to access your account. Depending on the website that you use to lookup this information on your own, the result will vary. For more information on the Firefox Accounts privacy policies, please click here.
I appreciate the reply but IP geolocation gives very different results, and I know what location is published for the IP, I even had this confirmed by the ISP exactly what was set. Most places agree with what the ISP publishes.
My point here is that Firefox should be using the published location for the IP, not this other location which it has got via some other means. To use any method other than the published data for my IP is a breach of privacy. Its like asking for someone's address, then ignoring it and getting it from elsewhere. If I consent to someone knowing my name, they don't get the right to secretly take my DNA and check it against national ID. The location data published for my IP address is the location data I consent to being used, not someone else's idea of where they may think I am.
philipp said
the documentation at https://github.com/mozilla/fxa/blob/master/features/FxA-99-improved-login-notification/README.md also contains some information on why and how.
Thanks for the reply, very interesting info. And this suggests that for IP geolocation "The primary source of the location data will be Maxmind" and indeed dosn't give anything else.
Given both yourself and Wesley have said its IP geo, maybe the issue is actually Maxmind's data then, if FF is not doing this on its own and just using that?
How your information is collected and used is explained in full detail in the privacy policy I linked above. Users are required to agree to the privacy policy and terms of service when creating a Firefox Account.
The privacy policy states:
"For security purposes, we store the IP addresses you use to access your Firefox Account in order to approximate your city and country. We use this data to send you email alerts if we detect suspicious activity, such as account logins from other locations."
Your location is gathered from your IP address, which can be used to calculate your location. If you Google your IP address online, the results are often very different. For example, one website lookup service can pinpoint my location in a neighboring town, another places my location in a city about an hour away and another is able to detect my direct city.
There is nothing wrong about getting a location from an IP address and it's in fact common practice for virtually every website online. Mozilla is fully compliant with the GDPR regulations.
If you are no longer in agreement with the privacy policy, then close your Firefox Account. See the How do I delete my Firefox Account? documentation for further instructions.
Here are some more useful links for you to view for more information about Mozilla's GDPR compliance:
Wot Wesley Branton