I'm using the web application at http://m.rummble.com website and when I click find my location using gears. The application returns my current location (approximate city location) with various establishments in a given mile radius. To further understand how this works, I opened up wireshark and what I notice is that a POST request is sent to www.google.com/loc/json. Then the google server responds with 200 OK and location data in JSON format. I understand this part. The next step is what I don't understand. Apparently after the rummble application receives the location data (lat, long, address, etc.) it sends this information using a GET request to some api on another server that acquires the various establishments in a given mile radius. All I did was click, find my location using gears. I would reasonably expect the application to just return my location but it's returning more than that without clicking any other buttons in the application. Can someone explain how this happens? Is there a script that makes this happen? I hope I explained my situation better.
views:
823answers:
2Well, the first step in determining an anonymous user's location, is by his IP. If that's what you want, you need to do one of two things:
- Find a database of IP-and-locations. A quick Google search turned up http://ip-to-country.webhosting.info/downloads/ip-to-country.csv.zip
- Trace route and reverse-lookup the IPs to host names using DNS, and try to read the host names for geo-information, such as country and city.
Either way, once you have a country and/or city, you can do a lookup geo-lookup to find latitude and longitude, and display a map based on those coordinates.
Presumably, Google Gears uses something similar, or perhaps based on data mass-collected by Google using their various data-collection techniques. That way, once Google Gears has figured out where the user is, it knows which city/country he's in, and requests the matching latitude and longitude.
For whatever reason, rummble.com isn't querying navigator.getlocation on my machine, so I can't confirm your report myself.
However, when you click to allow rummble.com to get your location from Gears, you're handing over that location information to the rummble.com website. That website is then free to do with it as it wants -- the information is returned to a piece of Javascript running on the browser, and in this case it sounds like that piece of Javascript is using your location information to load a list of nearby restaurants.
You might very reasonably be worried about this. What if rummble were sending your name and location information to an advertiser or to the government? How long are they storing your precise location information? You should consider these implications before giving permission to share your location with a website.