1283351 - geo.enabled setting is set to true by default

Status: RESOLVED INVALID

(Firefox :: Settings UI, defect)

Description

[rufwork]

Attachment: Image of geo.enabled setting with current, full Firefox use history (minus ~12 pages with my bank info) on machine

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36

Steps to reproduce:

Installed Firefox v47. Went to my bank's website. Went to aaa.com. AAA.com knew *my* zip code, not my ISPs. 

Checked about:config. The geo.enabled setting was true out of the box. I don't believe that's what's intended:

https://www.mozilla.org/en-US/firefox/geolocation/


Actual results:

AAA.com forwarded me to a URL with my zip code in the querystring.

http://[regionalClub].aaa.com/?zip=MyActualZip&stateprov=MyState&city=MyCity&devicecd=PC&referer=www.aaa.com


Expected results:

AAA.com should not have been able to deduce my precise zip code, city, and state.

Further, geo.enabled should be false by default.

Comment 1

[Loic]

It's true by design because it's a feature used by some websites to improve user experience and browsing.
If you don't want geolocation, you can disable it permanently in about:config as written in the FAQ.

Comment 2

[rufwork]

Note that this page: https://www.mozilla.org/en-US/firefox/geolocation/

... claims, "Location-Aware Browsing is always opt-in in Firefox. No location information is ever sent without your permission."

I would've assumed geo.enabled would therefore be false (or what's claimed on that web page is in error, as I'm understanding it).

Comment 3

[Loic]

Yes, the FAQ is correct. It's opt-in because Firefox displays a notification to the user when a website wants to use the geolocation API. So the user needs to accept or refuse the geolocation, no info is sent by default without the user's consent.
You can test it yourself here: http://html5demos.com/geo

geo.enabled is only a pref to disable the entire API.