How do websites know where I am?
IP Geolocation
IP geolocation isn't particularly precise or accurate, but it's dead easy to get the rough metropolitan area, which is enough for many applications. The simplest method is to use Google's Client Location, particularly if you're already using the Google AJAX API to load jQuery or Google Maps:
if (google.loader.ClientLocation) {
var lat = google.loader.ClientLocation.latitude;
var lon = google.loader.ClientLocation.longitude
var center = new GLatLng(lat, lon);
ipMap = new GMap2(document.getElementById("ipMap"));
ipMap.setCenter(center, 13);
}
I'm also using the IPInfoDB API, which seems to be less precise but have broader coverage. Done from the client, this requires a proxy to fetch an XML file in order to avoid cross-site scripting restrictions.
-->
Websites commonly use IP geolocation to collect and store your general location without getting your permission or giving you any notice. So if you want to know if a website is tracking this level of information about you, you'll need to read the website's privacy policy. Worse, you'll also need to read the privacy policy of every website that provides an image or script on this page, including any advertisements or analytics scripts.
This tracking isn't always bad: Google uses this information in an anonymous aggregate to predict flu outbreaks. And without a subpoena to your internet service provider, it's nearly impossible to get your precise name or address.
Just by visiting this page, I can guess (with Google's help) that you're near ...
Javascript Geolocation
Verifying whether a client supports the W3C Geolocation API is extremely easy:
if (navigator.geolocation) {
//great!
} else {
//provide links to Firefox 3.5
}
Calling the API itself requires an asynchronous callback which you can simply define inline:
navigator.geolocation.getCurrentPosition(function(position){
var lat = position.coords.latitude;
var lon = position.coords.longitude;
var marker = new GMarker(new GLatLng(lat, lon));
var jsMap = new GMap2(document.getElementById("jsMap"));
jsMap.addOverlay(marker);
},function(error){
//use error.code to determine what went wrong
});
You can also define an error handler callback (again shown inline) which is very helpful for debugging, and specify a few options about whether or not you want the client to use a cached location. You can find more examples and details in the latest Editor's Draft of the API.
This code works just for the W3C API; very similar but distinct code can obtain the location from Google Gears, Loki or Geode, all of which may still be in use.
Javascript geolocation will attempt to determine where you are using nearby WiFi signals or an attached GPS device. As a result, this tracking is much more precise and therefore more sensitive. In order for a webpage to obtain this information, your browser should ask you explicitly for your permission first, with a bar like this one:
Or a dialog like this one:
However, this dialog doesn't tell you how your location will be used, whether it will be shared with other people or companies or how long it will be stored. You'll still need to dig into the web sites privacy policy to figure that out: if you don't know what a website will do with your location information or don't trust the website, don't click "Share"!
If you're using a supported browser, then I can more precisely determine your location with your permission. I promise I won't store your location or share it with anyone.
Find my location
If you want to try this out, download the latest version of Firefox, or borrow somebody's iPhone.
Reverse Geocoding
There are multiple free resources for reverse-geocoding (and many more that handle regular geocoding) including GeoNames and Google. I've used Google's here since I'm already using Google Maps.
var geocoder = new GClientGeocoder();
var point = new GLatLng(lat, lon);
geocoder.getLocations(point, function(response){
place = response.Placemark[0];
alert(place.address);
});
With an address, the look-up possibilities are endless. Of course, the user agent won't always return a precise location and the reverse geocoder may not either.
Once a website knows your latitude and longitude coordinates, it can use a freely available reverse geocoding service to look up the corresponding street address. As you can see, this guess may not be completely accurate, but a street address makes it relatively easy to look up a business name or a residential address.
Finally, websites can use reverse geocoding services to guess your street address once they've obtained your latitude and longitude coordinates. Using the coordinates above, I can guess that your address is ....