How does a Website Know My Location? Hidden Tactics

We’ve all been in a situation where a website advertisement has been a little too personalized for our liking. Targetted ads that are location specific can really make us question the legitimacy of how our data is being collected.

There are undoubtedly situations where an ad, message or website element has targetted us based on previous browsing activity. Location-specific tracking remains a huge concern amongst general website users.

Sensitive information that touches a little too close to home can raise some alarm bells about the safety of our locational information. But how exactly do tracking networks build up locational profiles of your browsing activity across multiple websites over time?

Well, a particular computer has its own unique IP address which is essentially its digital identity. When browsing on the internet, this identity is used as a point of origin to send and receive data. An IP address is required by every website that you visit, so it knows where to send the requested data. 

In order to target your location for advertisements and experiences, a website must look up the IP address. Your IP is provided by an Internet Service Provider. These providers provide basic information about you. Generally, info such as the region of the IP address is available.

Of course, this is not pinpoint accurate but it can be generally close. Each internet service provider has a certain range of IP addresses that correspond to various geographical locations. The registry that contains this information makes location data public, hence it’s relatively straightforward for website to know a rough location.

An alternative method used to track website visitors are the location services features in most modern browsers. Typically, you will receive a pop-up notification requesting your location.

They are usually worded along the lines of “This website would like to access your location, Allow or Block?” If accepted, accurate tracking is available for the website. You may have even accepted this location permissions and have since forgotten about it. This commonly why users are troubled by the location-specific advert without realizing that they had already forgone their anonymity.

What are other tracking Methods?

While IP addresses act as the most effective method of obtaining your location. There are also various other methods of tracking your general information. These include:

  • HTTP Referers
  • Cookies and Tracking Scripts
  • User Agents

Let’s examine these methods further.

User Agent

Every time your browser retrieves data from a website a user agent is sent with the request. A user agent will typically hold your browser type and operating system. And although a user agent will not hold any information about your location but it still acts as a core piece of information that can be stored and used for targetted ads.

An example user-agent string looks like this:

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0

However, user agents do have a lot of positives. Since they contain information about hardware and software, websites can provide a more optimized experience for the user. Knowing the specifications of the browser and device being used can lead to a faster browsing experience overall.

Websites can also read user agents to detect spam bots and can act accordingly to prevent any nefarious actions.

HTTP Referrer

When navigating to a new website from a link, data about where you have navigated from is also sent over. While this isn’t strictly a geographical location, it still reveals info relating to your browsing history.

This information can be utilized in fairly innocuous ways such as analytics, logging and optimized caching. However, this is very useful information for a website trying to determine what ads to show you. For example, if you had come from browsing skiing gear in an e-commerce store a relevant ad can now be shown based on this information.

Cookies

When discussing issues relating to data protection, the use of cookies has come to the forefront of the conversation. Cookies are small segments of information that a website can store in your browser. They have genuine uses such as remembering login information, remembering an order that you didn’t purchase.

Since cookies persist in your browser over multiple websites, there is a huge opportunity for 3rd party advertisers to take advantage of this. Knowing users browsing habits allows for more direct advertising. This is, of course, quite an invasive tactic and recent legislation have been passed to combat it.

According to the Cookie Law,  websites must get consent from their visitors to store or retrieve any information on any browsing device. This has been enacted since 2011 and has prompted websites to display a consent process to their users upon their initial visit.

How do I hide my location on my website?

So as we’ve established, invasive location tracking tactics are used widely across the web. Most websites can increase their revenue through ads clicked and affiliate marketing by targetting more precise locations.

In a world where data privacy and integrity is being compromised daily it’s important to know how to hide basic information about yourself. Let’s explore a few methods.

Brave Browser

Brave is perhaps my favorite option to help hide your location from data-hungry websites. Brendan Eich (the creator of JavaScript) sought to create a browser that reinforced data protection for the user. Right out of the box, Brave fights malware and prevents data tracking.

This keeps sensitive information such as location safe and secure. The Brave team have also mandated that they will never sell your data to third parties. This is hugely reassuring as selling data to external buyers has been a common tactic used by website to make a bit of extra coin.

Brave also provides detailed visibility on what sites are actively trying to track your information. It is transparent when showing the user what sites they have blocked during their session. It’s actually quite staggering just how many data phises occur on a daily basis. While I had some idea about it the extent to which this is done is still a surprise.

If you already can’t tell, I’m pretty sold on Brave and have been using it daily. It puts me at ease knowing that I have a much strong security layer between my and potential data threats.

Proxy

A proxy has been a renowned option for hiding your location for a very long time. When the average user connects to a site, our IP address is sent. Essentially, a proxy acts as a middle ground that connect to the website on your behalf. It sends its own IP address to connect instead of yours.

Proxies are most commonly used these days in browser extensions. It is a convenient way to mask your true location. However, these extensions will only protect browser traffic in one specific browser. Many other programs will use your IP address to connect to external websites.

Although proxies are free and abundant they do have their drawback. Firstly, the proxy server can still leak data. Because most proxies are free, they have framed in advertisment based browser. This can provide a poor or obstructed browsing experience.

Additionally, most proxy server requires a registeration and login services. Therefore, your online activity can still be traced.

VPN

A VPN offer connectivity to a different network. Your computer will receive a new IP address from the VPN provider. From this, every data request will be made on the VPN’s IP address, so your true IP address is hidden. The ability to leverage a separate IP address enables a  virtual private network to perhaps be the most effective option for hiding your location. In theory, it protects in a similar manner to a Proxy.

However, unlike a proxy, a VPN will encrypt your connection. Ideally, a VPN should be used as a desktop application. This ensures that all inbound and outbound connections to the internet using a VPN are protected.

VPN services tend to offer additional features for a priced subscription. Some popular features include a strict no-logs policy that effectively removes records of your communications, increased layers of security and automatic connection monitors.

In particular, a connection monitor assists in cleaning up accidental leaks of data. For example, if your internet connection drops there is a period of time where you need to reconnect to the VPN service. During this time, you can be unprotected from data leaks. Using a connection monitor, all connections are effectively dropped during these moments, combating any data comprises.

Tor

Tor, the renowned browser that offers anonymity is also a popular choice among those trying to keep their location data safe. Tor works by sending your data communications through a distributed network of relay nodes in order to communicate anonymously.

Due to the global distribution of communication, its difficult to trace the original connection back to your original IP address.

It should be noted that Tor is still just a conventional browser. Therefore it only protects connections made within its browser and not from other sources such as desktop applications. Because of its attempts to distribute requests over multiple nodes, your internet speed can experience a slowdown. After all, your connection could be jumping from various locations around the globe, so an adverse affect on your browsing experience is expected.

Gareth Dunne

Senior JavaScript Engineer and creator of JSdiaries. Passionate about the latest in web technologies and how it can provide value for my clients.