How websites know where you are
The article explains how websites determine a user's location through methods like IP geolocation, GPS (on mobile devices), Wi-Fi triangulation, and browser geolocation APIs. It also discusses privacy implications and how users can control or spoof their location settings.
Background
- Geoff Spoofing (geospoof.com) is a site focused on browser geolocation privacy and spoofing techniques.
- The article explains how websites determine a user's physical location: primarily through the browser's Geolocation API (exact GPS coordinates, requires user permission), IP geolocation (approximate, maps your IP address to a city/region), and Wi-Fi/BSSID triangulation (scanning nearby access points).
- It also covers how JavaScript APIs and HTTP headers (like `Accept-Language`) can reveal location indirectly.
- Key context: most users don't realize that even if they deny the GPS permission prompt, their IP address alone gives away a rough location. And in many jurisdictions (e.g. under GDPR and ePrivacy directives), geolocation data is considered personal data, so tracking it without consent has legal implications.
- The article's audience is people who want to understand or avoid browser-based location tracking, not just developers.