To clarify vpn: this machine does not even have a non-vpn ip. The router that established the vpn is multiple nat & bridge hops away....
-
-
-
...and is cryptographically prevented from seeing the local ip the vpn is going out through.
-
dumb question, have you ever googled "weather" on this machine before, without vpn? Maybe it remembers from a previous search?
-
Not client side anyway. Query string is just https://www.google.com/search?q=weather&ie=utf-8&oe=utf-8 …
-
And it works even in a porn mode window.
End of conversation
New conversation -
-
-
Did you allow Google to access your location via the browser?
-
AFAIK I have browser location access fully off. But even if not, how would browser know location? No gps or anything.
-
Nearby mapped WiFi access points, IP address from previous non-VPN connections, etc.
-
But these are things the client would have to conspire to actively send. It's Linux Firefox with location-sending not enabled.
-
Confirmed that it happens even with wget from the router.
-
Only plausible explanation I see: Google learned/stored geo info for the ip address from a NAT'd device behind it with GPS (e.g. Maps)
-
This seems like it would be exploitable to get Google to give you a third party's location by NAT'ing them behind IP you control.
-
And such an attack would not require MITM'ing crypto at all; rather you're just tricking Google into handing over the info.
End of conversation
New conversation -
-
-
were you logged in (or ever logged in) to Google on that machine? They tie your phones location to your account ...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
google knows where you live though
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.