Even running a private browser instance, cleared cookies, through a VPN, i'm still geting results based on my location in chrome,firefox and explorer, i change the VPN exit and my results are based around that locality.
No browser settings that are helping, no Google settings, advanced search no use.
Is there a way of telling G to ignore our IP ?
Hmm, dunno about that, but http://www.impersonal.me/ might do the trick?
Thanks, same results though. I'll just VPN to the client city for the moment.
You used to be able to do it via their UI but it seems they're a little less flexible with that now. To do for me: turn on wireshark and see what gets sent by the browser when you click 'share your location' offered by G/your browser.
Ye maybe part of the URL string, ta bot.
Yep, it used to be stored in a cookie value,something like gl= and you could submit a string to a URL and it'd update your location via a new cookie value.
Tried the 'share your location' thing. Kinda surprising, my browsed POSTed a list of wifi connections available (their mac address and signal strength)... hmm. I guess them collecting that info had a use after all :)
http://www.w3schools.com/html/html5_geolocation.asp
If the browser truly is locked down then it's likely the MAC address of the router which is mapping back to your location and you're leaking it at an OS level via some other app also sending the IP and that is sending the router's Mac address and hence the association.
Hey Jason, could you explain this to me? Are you saying that some apps will broadcast the MAC address of the router it is coming out of? Have you actually seen this happen?
Not directly, but indirectly, yes.
Most applications, both within the core OS and outside of it, ping home regularly for a myriad of reasons. The communications are generally http(s) based and generally run via system web browser frameworks or open source versions.
As part of the specs in web browsers they have access to the html5 APIs and specifically the geolocation aspects of it.
These generally work as follows:
If there is precise Geo location information from GPS then use it.
If not then take the SSID / MAC address of the router and ping Skyhook / Google / in theory someone else, but in practical terms... no one else but Google, and based on their mass slurping of WiFi information from the street car photo mapping, get a quite accurate, although not as precise as GPS information, location from the MAC address.
If that isn't available then fall back on the last ditch route of taking the IP address and the old fashioned routes we all know about.
However..... separately to all of the above, please also remember that if you are logged into ANY service on ANY app within the OS and also have an Android or iPhone then there will be association there too.
All the major phone OS's have you logged in, to use the standard services and as such, leak location for the account, which can then be associated with any other usage of that account, which can then associate to an IP and will likely be used to locate you if other better and more precise routes aren't available.
Remember that all mobile phones have GPS information (and I believe legally required to have in the EU and US for a number of years) but even if blocked, they also have cell tower information too.
If you're unsure this is so ask yourself one simple question.
If you went and purchased a new desktop machine, set everything up to paranoid levels of data security (and this is similar whether Windows, OSX or even Linux....) and it showed you the weather for your area, how did it know where you are?
Log into something Google somewhere.... Did it get more accurate when you did that?
It's the combinations above why I never suggest just having a separate browser or proxy setup but a systemically clean OS and everything within it, if you're trying to hide
That's all very interesting. I guess true internet anonymity would require a fresh Linux* install (or CD booted Linux OS) from a public access point.
*Linux because there are versions out there that are relatively common and do not require any type of logging in to work.
I don't think it's a MAC since that's easily spoofable.
The fact i do it through different VPN endpoints and get localised results shows that it's an IP thaaang ?
It's like being a mechanic, if you know how the engine works then you know how all the fancy addons work, and the SERPS are def IP-based, since i've done tests with all other locale info blocked.
Makes me wonder where people like serpbook.com get there info, do they aggregate datacentres ?
>The fact i do it through different VPN endpoints and get localised results shows that it's an IP thaaang ?
I guess we can split it up a bit and say there's 2 goals, complete anonymity or geolocal SERPs.
For geolocated SERPs, a local IP is good enough, or using the 'share your location' and spoofing some info (either lat/long or less easily, some mac addresses that you know correspond to a location).
What Jason elaborated on is that from an anonymity POV, having a phone with GPS can marry all that information together easily for the likes of G to figure out who you are / where you are. Certainly, when my wifi access points were posted, there were half a dozen and the one with signal strength of 100 is likel to be the closest. I spoke with Jason about all this and learned a bunch, never knew about it. Truly hiding isn't an easy task.
The 'share your location' and spoofing a lat long seems like the easiest route for getting local SERPs for anywhere.
>Spoofing MAC Address is easy
Although easy to do on a computer, it's not so easy for most people to spoof a router's MAC address as that normally requires SSH / Telnet access to the device and a working busybox or full Linux OS to do.
IE - Outside the remit of most people.
Having a look at this will help you out a lot
http://www.labnol.org/internet/geo-location/27878/
https://adwords.google.com/apt/anon/AdPreview
Moz has an indepth article on it, covering automation and the technical details: https://moz.com/ugc/geolocation-the-ultimate-tip-to-emulate-local-search
The same geo-related info can be used for scraping results via regular G results.
Thanks Aaron and Bot.