this post was submitted on 03 Feb 2025
378 points (98.5% liked)
Technology
62071 readers
5271 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
All HTTP requests include your ip address, you don't "consent" to giving it to anybody. You can geolocate somebody based on ip address but it won't be very accurate
True, it's storing the IP address that is the issue.
Storing it and associating it with all the other identifying information collected.
Use a VPN. Problem solved.
Using a VPN just moves the trust to another middleman.
So use a trustworthy middleman? Surely you can find someone more trustworthy than advertising companies?
Yeah, a middleman you get to choose. That's a huge improvement. There are plenty of trustworthy VPN providers.
You can set up wireguard vpn on a tiny instance in Amazon or Google, and bounce traffic through that one. Then you control what gets logged (Amazon may have logs over all outgoing connections from all instances somewhere though).
You can even make it change it's public ip every day if you want.
Multiple middlemen are better than just one. Also, you can test its effectiveness.
Tor over VPN
Is that tinfoil hat comfortable?
Using a VPN means that all your traffic is routed through a possibly malicious actor.
Like Kevin Spacey?
That's gold, Jerry!
This problem solved, but whenever you change your network or IP and then periodically, your phone will report to Firebase, so you can receive push notifications.
You can block those with software that simulates a local VPN with a filter, but you won't get any more push notifications. Now push notifications are not just the ones you see. Some apps use invisible ones to get infos they need to work.
But when Firebase gets that network/IP change report, what information does it get? Because if it only gets the public IP address, the reported IP will still be the VPN one, not the real one, right? So, if that were the only information reported to Firebase, wouldn't you still be protected? Does Firebase block requests when you're using a VPN (this could be detected, for example, if certain aspects of the network have changed but the IP hasn't)? Is that what you mean with not getting push notifications when simulating a local IP with filters?
PS: From my research, the WiFi's SSID can also be used to track someone's whereabouts, but depending on where you are and how many networks have used the same SSID, it may work work well or badly. You can see that by going to https://wigle.net/ (which is a database on WiFi networks with some publicly-available information), go to the map, type in the SSID field, and click "Filter". I'm not sure if Firebase gets that info in the network reports, but I find it likely that it does.
It gets your unique tracking ID, so it knows you're the same person now with different IP. If you use apps that store location data in firebase (eg. find my device, fitness trackers, emergency alert apps) it will upload your GPS location and maybe nearby wifi names, if you set it to be extra precise.
Make sure you disable or properly configure webrtc. Even with a VPN it will leak your true IP address.
Check here.
https://browserleaks.com/webrtc
Not the magic bullet people think they are. Oh, and you can't turn it off, so you'll have to take the loss in network speed on absolutely everything. And better know how to configure each device so it doesn't go ahead and check leak your IP anyways, which also restricts choice of devices you use. Cause remember, if any device on your network ever connects to the net without the VPN, then your anonymity just went out the window.
No one thinks VPNs are "magic bullets". I don't know why this gets repeated ad nauseum.
True but it's not that bad.
Just choose a good provider. You don't need to configure anything.
That's what kill switches are for.
I agree it's a powerful tool! I was specifically responding to "problem solved" in the previous comment. My reply was in no way meant as a general review of VPNs.
Ooh, I know why! It's because YouTubers hawk their preferred (sponsored) VPN as if it was silver bullet and that it's dangerous to use your mobile device out in public or worse – public WiFi – without it. You can't blame John or Jane Doe from parroting what their favourite YouTuber claimed.
Latitude and Longitude are in there. As is screen brightness. He does acknowledge that he is on Wi-Fi, but that’s still super suspicious
That VPN provider will then know ALL the connections you make. Almost worse than just using the Internet normally.
That's an uninformed statement.
You get to pick your provider. So pick one that you trust.
It's FAR better than without as your ISP is probably selling your traffic to third parties or at least monitoring it. Some VPNs don't.
Which they actually acknowledge in the blog post.
Kind of interesting that they're smart enough to understand how to sniff packets but not enough to understand that IP address = location.
Author noted:
And this was with location services off. How precise is a "postal index" in the author's country (presumably Spain) I wonder.