I’m excited to introduce a new feature in Firefox 3.5 Beta 4 that I’ve been working on called geolocation. Geolocation is an opt-in tool that lets users share their location information with web sites through Firefox and will enable a new range of services on the web. Geolocation can make web sites smarter and you more productive. Websites that use geolocation will ask where you are in order to bring you more relevant information, or to save you time while searching. Let’s say you’re looking for a pizza restaurant in your area. A website will be able to ask you to share your location so that simply searching for “pizza” will bring you the answers you need…no further information or extra typing required.
This idea isn’t new. We have been researching meshing geolocation data and the web for a few years. Last year, Mozilla Labs released an experimental addon, Geode, which implemented the draft W3C Geolocation Specification. We added support for the spec to Firefox 3.5 and “Fennec” (our mobile browser which is in development) as well as a user interface that put the user in control of which websites could use location. However, we left it to add-ons to implement the code that would actually figure out your location, using any technique (GPS, WiFi or cell tower triangulation, manual address entry) of their choosing. So, with Firefox 3.1, 3.5 or Fennec, plus a third-party add-on, users would be able to use location-enabled websites.
However, we were still left with a chicken-or-egg problem: unless lots and lots of users installed an add-on, websites wouldn’t have a significant audience for which to develop location-enabled services; and without lots of useful web content using the feature, users had no reason to install an add-on.
We decided to investigate bundling a technology that would provide an end-to-end solution, so that the feature would work out of the box for users, and would give websites a large enough potential user base to kick start the development of innovative apps and services. We had learned a lot from the discussions about the various add-ons that had been built, and in other forums over the last few years. Earlier this year, I hosted a talk on Location in Mozilla during which we reviewed many of the critical privacy issues. We boiled these down to some key principles:
* protecting user privacy.
User privacy is super important to us and we believe that we have the best privacy policies regarding your data. The use of the WiFi data, IP addresses, associated protocol bits, should never be used to spy on users, track individuals, or shared without your permission.
* enabling web developers to use the API in an unencumbered way that would work in all browsers that implement the spec
Web developers can use a standard way of accessing geolocation data and not have to worry about the underlying geolocation provider. We don’t share with third-party location provider(s) any information about websites the user’s visiting; this protects both the user’s privacy, and the website’s right to write to a web standard without fear of any third party gaining insight into how the site is being used.
* preserving user choice
This feature is completely opt-in! If you don’t do anything, geolocation is never used. When a web page wants ask you for your location, you get an dialog similar to the one below. If you do nothing, the feature stays off by default. Only if you press “Tell them”, will you send out your location information. Furthermore, users are free to use a different geolocation provider by installing addons.
* applicability to both Firefox and Fennec
To avoid fragmentation on the web, the geolocation feature should be consistent between the desktop and mobile. The truth really is that the line is getting blurred between mobile and desktop. Calling the geolocation feature “mobile only” discounts many use cases that are pretty important.
Given these principles and a strong desire to create an “out of the box” experience in Firefox and Fennec, and to kick start the location aware web, we are happy to announce that Firefox 3.5 and Fennec will be using Google Location Service. We found that we agreed on the many privacy concerns around location. Do check out Mozilla’s privacy policy and Google’s privacy policy. I am pretty excited about these policies I think they are going to be the industry standard when it comes to network based geolocation providers.
Just to provide a bit of technical detail on what exactly is going on, below I will walk through a simple geolocation request.
1) A user goes to a page that has some Javascript that asks for a Geolocation.
2) When the user loads that page, we put up a dialog.
3) If they don’t click anything, or click no, we do not do any geolocation stuff and simply return an error to the requestor.
4) If they click yes, we drop into this bit of code which packages up the WiFi Access Point data into JSON and sends it to Google Location Services over HTTPS. The URL is configurable by preferences (“geo.wifi.uri”). The data sent includes a version number, access token, and an array of public WiFi access points data. The access token basically acts like a two week cookie, and if you clear cookies in the browser, this value is deleted and a new one is used.
6) Lastly, the Google Location service returns a location. It’s another json object that is an actual location.
That’s it. For more information, check out the Frequently Asked Questions. Get ready for Firefox 3.5 and start thinking about how you can location aware your web apps! Here is the spec.
Got questions, feel free to ask. I am looking for feedback. Comments welcome.
58 Comments
Doug, congratulations to you and the team for getting this out – I think it’s going to be amazing and a harbinger for excellent mobile and desktop web apps. When a desktop is not using WiFi, will the Google LS use the IP address?
@basil, thanks. I can’t wait to see some of the great apps be built using this.
Right, if a user does not have WiFi, we will use a Geo IP address. So for me in Mountain View, if I use WiFi, I can get an address using WiFi with an accuracy of say 150m, but with Geo IP, the accuracy might be something like 2.5km. (of course results will vary).
This is brilliant. Is there another company or organization that you worked with that helped you come up with the idea?
Doug, I was wondering. Should the buttons be “tell them” without a EV cert? Sounds like we’re using identity on the other side without having one?
@axel maybe we should file a bug to get a better UI if the site is using a EV cert. however, there are plenty of places in the UI where we trust the orign without an https or ev cert. (like the URL bar itself! I am typing into a form and I am assuming it is dougt.wordpress.com, but have no real proof that it is. So, I do hope this comment finds you!
)
@frank the list is long – from mozilla which seeks to push innovation on the web, to Google for offering a great service and privacy policy, to skyhook who worked on the Mozilla Labs project, to the many people that helped on the specification, to the mozilla hackers that provided input on the privacy and implementation. if you are in this list, this feature is proof of your help and hard work!
Doug, thanks a lot. Seriously. That was absolutely needed for FF3.5. The thing I think this feature will need is a geolocation provider “manager” to be able to register multiple providers AND select one from the authorization toolbar: if one provider fails on your current location, you could then use another one, maybe more adapted to your country or with a larger database. Furthermore, online services that are challengers to google may not like using google to geoloc
Anyway, congrats again, I will definitely use that in my own app.
@glaz thanks! multiple geolocation providers (bug 454490). Going to work on it later this year along with looking into a way for content to supply their own network geolocation provider. there is a pretty cool use case for this (e.g. a school could do indoor positioning).
hmm it’s really interested. i just have put geo location such as longitude in my feedburner feed. ow, i can put it in firefox. what i lucky day, eventhough now i have to download the (not so) new firedox release. hhehe i’m somekind of late on new browser
Does this actually work on Linux? As I recall, “Skyhook” is a proprietary plugin that needs hooks down into the operating system (to demand the list of detected access points from the wireless network driver)…
Wouldn’t geoip have worked by itself, at least well enough for the initial roll-out?
(And on a different note, is anyone working on a gpsd location provider plugin for this?)
@epicanis works on linux, sure. Everyone before this required some binary code to look up the wifi data. I do not think anyone needed to write a driver.
geoip might have worked. maybe. but website can already do this and so it really doesn’t force api change in the marketplace, does it?
not sure about gpsd, but people were looking at geoclue. (bug 485472). There is some other work that I/we need to do (bug 454490) first.
As far as I can tell unique, cookie-like access token is not needed at all and thanks to it it is possible for “geolocation provider” (ie. Google) to track users (ie. they can connect subsequent requests with the same user). How can you still claim that “User privacy is super important to us” when at the same time you support this superflous unique identifier?
(BTW – what if I block cookies from google.com in cookie manager? I guess this unique identifier is still sent, right? What if I use “private browsing” mode? I guess I should make some tests and fill some bugs… probably many of them…)
Also, this solution doesn’t leave choice in the hands of users, but in the hands of Google: it should be possible for the user (out-of-the-box, without extensions) to specify longitude and latitude by hand. Google in many cases returns inaccurate data (which is, actually, very good, since it means they are unable to geolocate users, relying on IP address…).
Preference name (“geo.wifi.uri”) is misleading, since it also “works” with classic wire-based Internet access…
@bartzilla I would love to see addons which prototype the UI that your talking about — allowing the user to specify their location. Maybe you’d be interesting in helping? In any case, please file bugs under core / geolocation.
I’m a bit uncomfortable with the fact that Mozilla will make use of the private property of others (wireless networks, cell phone towers) to determine location. Why don’t the owners of this property have the chance to opt in or opt out?
I’ve put more about this here: http://www.robotfromthefuture.com/2009/05/i-have-a-problem-with-geolocation/
@quin The energy/data that your wireless network pushes out is collected in the public. If you walked on the sidewalk in front of my house, and had a WiFi monitor you’d be able to see my wireless router. You could opt out, i suppose, by reduce the energy output of your router ensuring that it does not reach the street.
geolocation is an invasion of my privacy and any code in any piece of software, not just web browsers, should be removed.
Nice feature, but no manual address entry available out of the box? Why hobble your feature?
@david i think i would also like to see this too. maybe we will see some addon that does this is a really cool way.
@Ray R, why do you think that?
Because I want my browsing to be as anonymous as possible. I also oppose the presence of latent programming code that could be used to remove the veil of anonymity.
This really comes down to choice, my choice to not have such code present in any software I choose to use on my computer. Since geolocation is being incorporated in the base code of Firefox, I do not have a choice regardless of the fact that if I do nothing, no information will be sent.
However, hackers can see this “no action” aspect as a challenge to overcome. They will seek ways to trigger the code from inactive to active. The presence of the code in the browser will make their task a bit easier. It is not right to make hacking easier. REMOVE THE CODE!
DougT,
You state in your post that you forced geolocation into the browser because you wanted more users at actually use it.
“However, we were still left with a chicken-or-egg problem: unless lots and lots of users installed an add-on, websites wouldn’t have a significant audience for which to develop location-enabled services; and without lots of useful web content using the feature, users had no reason to install an add-on.”
I, and I think, many users DO NOT WANT location-specific, user-specific provision of (web) services. We do not want the bombardment of targeted advertising as depicted in the movie Minority Report.
Such technology foretells a future where we no longer have any privacy and along with that loss of privacy we lose our personal freedom.
REMOVE THE GEOLOCATION CODE!
@ray I am trying to understand your frustration. The feature doesn’t do anything unless you expressly agree to share your location with the site requesting your location. Why think you are going to get bombarded with targeted advertising if you do not agree to share your location?
I think alot already can be done (similar to what you are talking about) with Geo IP (eg. your location based on your IP)? Geo IP works pretty good where I am; i can only imagine it will get better. This functionality is outside the browser, and there is no opt-in (eg. you can just add some javascript on your site, and you can discover where users are located).
Neat, I guess you dropped the “location fuzzing” idea. I have the same feedback as in October: You *must* provide a “My location is…” override! Some use cases: I’m on my way to somewhere else, I want pizza places *there*, not where my browser is; I want to fuzz my location, telling the shady social network I’m at the police station 5 blocks away; etc. The code to override location is much the same JavaScript that sites will need to implement a fallback “You don’t have Geolocation, please pick your location” for other browsers. If Mozilla doesn’t write it, few sites will bother implementing the feature. If Mozilla doesn’t implement this at least make the location bar extensible so a third-party can write the missing code.
The UI would be a second link “(My location is… Learn more…)”. If you click it, a pop-up window appears. If you have a Geolocation provider then it has a preselected radio button showing the location it’ll send, but it also has radio buttons for other “favorite locations” and a UI to enter a different location as another radio button.
I believe very strongly that both Firefox and web sites need a “My location is…” fallback/override.
@skierpage same here – i would love a “My location is…” fallback alternative. I am hopeful for firefox 3.6! In the mean time, maybe addons can help prototype what UI we should use here. Out of curiosity, have you taken a look at the iPhoto UI for selecting a location to geotag pictures? It would be really cool to have something similar to set where “you are”.
On the fuzzing location idea — I will most likely propose changes once we have “civic addresses” (eg. your mailing address). Turns out, that if you have a lat/long, it is possible to discover where a user really is when they are suppose to fuzzed! If we have mailing address (which is part of the v2 geolocation specification), we can more successful/safely implement fuzzing.
I remember that when this feature originally got prototyped some mockups suggested having buttons for exact location or just zip code. Whatever happened to that?
@Epicanis I’m currently writing a extension for firefox that talks to gpsd to provide geolocation information. The advantage to this, over say the wifi location, is that additional information such as speed, heading and altitude is all available.
The extension works now, but isn’t completely ready yet; I plan to release something in the next week.
@dougt Would gpsd integration be something you would like to see in firefox proper? In the plugin I’m using sockets to connect to the gpsd daemon, but there is a native C library which could be used. This is something I would like to help with, but my experience of hacking firefox is limited.
@martin would love to see gpsd integration in firefox proper. let me know what I can do to help you.
@dougt I’ll finish up my work on the extension, get it released and then look at writing a native implementation. Where is the best place to contact you for help?
@martin cool. just file a bug, and cc me on it. doug.turner@gmail.com We can go from there.
@ray r, although I do not agree with you, the name calling doesn’t help. You wouldn’t say that to me or any of my colleagues in person, so why do it here? keep it civil or find another place to rant.
I recall that the initial announcement of this feature proposed letting the user share information at different levels: exact location versus zipcode, for instance. What happened to that?
anonymous, check out: http://dougt.wordpress.com/2008/10/14/fuzzing-a-geolocation/
How do I specify my location? Is it done for me by checking my IP?
@natanael90 it is done using either your IP, or the WiFi access points around you.
I always thought information was used to generate Google ads. They always has local information until you use an IP address changer or something of the sort.
Is this API available for FireFox extensions also? I dont get any callbacks, even though ‘navigator.geolocation’ object is available.
Doug,great piece of work .But i went through the geolocation spec mentioned by you in the blog.spec says that watchPosition API gives an update(notification) to the user whenever user location changes.Now given the kind of accuracy that can be supported by underlying technology(wi-fi,IP) how do you determine whether user position has really changed?
pushkar, for wifi, we determine that there was a significant change in the access points we see. For example, here is the comparison for the Mac platform:
http://mxr.mozilla.org/mozilla-central/source/netwerk/wifi/src/nsWifiScannerMac.cpp#119
When there is a change, we tell the listener about it. In our case, the listener happens to be the thing that knows how to talk to the location provider (Google, here). It packages the WiFi AC’s up, send them over, and we get position data.
Of course, all of this happens only if you shared your location with a website.
marc, for now, extensions can’t use the same API.
I would like to fix this soon. Here is an example of what you have to do:
https://bug459073.bugzilla.mozilla.org/attachment.cgi?id=347004
The problem I have with this isn’t the fact that there is a possible invasion of privacy. It’s that you really DON’T have an opt-in. By that, I mean, every web page that asks for this info will cause that prompt appear. What I would want is the ability to turn it off globally so it NEVER asks. I know I can do it by going to about:config and double-clicking geo.enabled so it is flagged as “false”, but many, many users won’t know of this.
Thanks for all the info dougt. I don’t understand the privacy fuss, since it seems to me that the browser is becoming more personal and more secure simultaneously. Can’t wait for the Firefox 3.5 full release. I’m imagining the implications of social networking with geolocation. I understand that a lot of people are very skeptical of any kind of personal data being transmitted over the web, but I think as developers start to integrate this in creative ways, the widespread support will come. Can’t be angry at something that’s opt-in!
Some important quotes from the “Google Location Service in Mozilla Firefox Privacy Policy” at http://www.google.com/privacy-lsf.html:
“(…)we will collect, depending on the capabilities of your device, information about the wifi routers closest to you, cell ids of the cell towers closest to you, and the strength of your wifi or cell signal.”
“(…)we also collect IP address, user agent information, and unique identifier of your client. We use this information to distinguish requests, not to identify you.”
“(…)We also use all the information above to operate, support, and improve the overall quality of the Google Location Service.”
“Information collected above will be anonymized and aggregated before being used by Google to develop new features or products and services, or to improve the overall quality of any of Google’s products and services.”
Is there any addon available allowing “manual address entry”?
I can’t find any. Would be great to allow lat/lon entry for fixed computer when Google geolocation is way off!
Hey Clem,
Yeah. Nothing elegant. We need to figure that feature out, either in Firefox itself or via a Addon.
For now, check out what this guy is doing: http://pugio.net/2009/07/fake-your-geolocation-in-firef.html
@dougt w3c geolocation spec is not yet complete.also it does not talk about different error handling scenarios.e.g. lets say API user by mistake passed an object instead of successCallback and he did not pass any errorCallback which is optional anyway so in this user request to fetch location will be simply ignored.so are you handling these kind of error scenarios in your implementation?
@pushkar Right, the spec isn’t complete, but much of the work is done, it is implemented in many browsers, and it is available to millions of users.
I am not really following your comments about the edge case you are talking about. Best thing to do is to comment on the geolocation mailing list and include a test case.
Really great post, I’ve been searching for a few hours about this geolocation feature and your post was very informative, thanks!
There’s one thing, though, that keeps me scratching my head: do you know how Google may know the location of the different WiFi access points so that they can know your location so accurately? I’m in Rosario, Argentina so I doubt they use a third-party like Skyhook (their coverage doesn’t have any access points in my city according to their website), and I have no GPS in my notebook (which also hasn’t mobile data for cell tower triangulation).
For Rosario, Argentina, I am not sure. In regions that have Street View, you’d imagine that they would collected Wifi data during their driving. They do fall back on GeoIP (technology that maps your IP to your location in a somewhat crude fashion) in the case where nothing is in their Wifi database. So, maybe that is what you are seeing. What is the accuracy you are seeing being used? For example, on a page like http://people.mozilla.org/~dougt/geo.html, what is the accuracy reported? If it is > 24000, then you are probably are seeing a geoip.
Thanks for your quick reply! The accuracy is impressive on WiFi enabled devices (~50m in my case). There’s no Google Street View in Argentina yet (actually, Google Maps deployed their city maps this year). Maybe they already got the images and are processing them and meanwhile they have the AP locations, I don’t know… I see it unlikely. Btw, here’s the output:
1 lat = -32.9558804 long = -60.6280729 accuracy = 150
202-300
9 de Julio
null
Rosario
null
Santa Fe
Argentina
AR
null map
2 lat = -32.9555559 long = -60.6290963 accuracy = 150
301-399
9 de Julio
null
Rosario
null
Santa Fe
Argentina
AR
null map
very cool. i wish there was street view so that I can check out that body of water east of you.
Hehe, yeah, that’s de Parana River
It starts in the south of Brazil and merges with the Uruguay River to form the Río de la Plata which goes to the Atlantic Ocean. It’s really wide; where I live (Rosario) it’s about 600 meters wide.
The color of the river isn’t nice, but well, it’s better than nothing XD There are some pictures of the Parana River (in Rosario) at flickr.
This is cool, but I am seeing some odd behavior with location getting stuck.
I was messing around with some sites that use geolocation in Firefox, and proxying to see how the proxy data was interpreted by various sites using the geolocation API. So for example using a proxy in California and (as expected) the geolocation sets your current location to the proxy’s geographic area.
Unfortunately somehow things got “stuck” and applications like Google Maps now think I am in California (where one of the proxies was), rather than my real location several states away. Even though I have cleared local browser data (all cache, cookies etc), restarted my machine and moved to several other wireless access points (with different IPs) locally.
Google Maps “locate me” feature puts me in my correct location once, then after that if I reload the page it puts in California every time.
But if I use some sample code to query Gears, http://www.webmonkey.com/tutorial/Track_User_Geolocation_With_JavaScript (see the Gears example, not Geode) I get my correct location every time.
Is there a client cache somewhere that Google Maps might be reading from? I have cleared out the geo.location.accesstoken values in about:config in Firefox, I have even tried a new browser profile, but to no avail. Applications, and Google Maps keep thinking I am in California. I cannot figure out where it could be reading this data from.
Any ideas?
If you try loading http://people.mozilla.org/~dougt/geo.html, it will report where Firefox’s geolocation provider thinks you are at. If you like me to debug this, you can drop me an email and I can send you the details.
We have found an article to discuss about this HTML 5 geolocation and IP geolocation.
http://www.ip2location.com/html5geolocationapi.aspx
Interesting! There is another article which made the comparison between Wireless Geolocation (HTML 5 Geolocation API) and IP Address Geolocation at http://www.ip2location.com/html5geolocationapi.aspx .
Ah, we not only start down the slippery slope, folks want to accelerate the pace.
It is bad enough that we have to deal with geolocation code as an integral part of the browser with the only protection being a preference setting, other foolish people want to add to the information dispensed to others beyond our control.
Big Brother is knock. His name is Mozilla. His foot in our door is geolocation.
Stop the madness. Remove the geolocation code from Firefox.
I hate to sound like a broken record, but geolocation and what Martin wants to add should ONLY, ONLY, ONLY be an extension. That way the fools who stupidly want this can add it at there leisure and then only they will suffer the consequences while the rest of us browse in anonymity.
@Doug – I have a concern over the accuracy of one of your statements above. Specifically “The feature doesn’t do anything unless you expressly agree to share your location with the site requesting your location.”
Whilst I am sure you did not mean to mislead, this is not entirely accurate.
Even with geo.enable set to false, the Firefox still advises any website which asks that you have the geo location functionality.
If it truly disabled the function, then the navigator.geolocation object would not exist.
not sure if removing navigator.geolocation if the pref is off is a good idea. Doing so it will require web developers to write extra code to test for this feature instead of just writing code as if it was there. Why do you think that removing navigator.geolocation is a good idea in the case where a user disables it via preference?
I’m impressed to see someone jump on this so quickly – looking forward to being able to make more use of the old bluetooth USB receiver that I have laying around.
I’m actually seriously amazed that there ISN’T a simple “manual entry” interface already. I would have imagined that would be in there first thing for testing, before adding e.g. Skyhook® plugins to supply the data. (Or was there one and it was deemed “not shiny enough” and removed once other location providers were written?)
15 Trackbacks
[...] this Blog post for in-depth details, including discussion of privacy and links to the complete [...]
[...] to Doug Turner from Mozilla, geolocation will be an “opt-in tool” that shares users’ location only if they want [...]
[...] super simple to discover the location of a user on your website You can read more about it from Doug Turner or the official Mozilla page, but today I want to look at how to use the new [...]
[...] Geolocation in Firefox 3.5 and Fennec « DougT’s Blog (tags: geolocation firefox) [...]
[...] http://dougt.wordpress.com/2009/04/30/geolocation-in-firefox-35-and-fennec/ [...]
[...] Geolocation in Firefox 3.5 and Fennec I’m excited to introduce a new feature in Firefox 3.5 Beta 4 that I’ve been working on called geolocation. [...] [...]
[...] Doug Turner from Mozilla has actually worked on the development of this new app and according to his blog, [...]
[...] // Mozilla announced last week that Firefox 3.5 and its mobile Fennec browser will support Google Location Services, the same geolocation provider behind Google Toolbar with My Location and Google [...]
[...] [...]
[...] we are getting the notion of “people” and Identity in the browser, and we also have “location” too, we are really getting somewhere. A great [...]
[...] we are getting the notion of “people” and Identity in the browser, and we also have “location” too, we are really getting somewhere. A great [...]
[...] we are getting the notion of “people” and Identity in the browser, and we also have “location” too, we are really getting somewhere. A great [...]
[...] the problem, viscerally. The latest Firefox 3.5 beta has GeoLocation built-in: However, we were still left with a chicken-or-egg problem: unless lots and lots of users [...]
[...] to Doug Turner from Mozilla, geolocation will be an “opt-in tool” that shares users’ location only if they want [...]
[...] will it work? According to Doug Turner, one of the geo-location feature developers, “This feature is completely opt-in! If you [...]