2

If I'm on a VPN and accessing sites like Youtube or other's using Google services, am I still at risk for being located geographically via scripts in content I am viewing? Like I think some scripts can read what wifi networks my computer is seeing (other networks) and those networks are not using any security so they can be geographically located and show that my VPN IP is phony and I'm really close to "Billy's Bakery Wifi" and "TMobile Starbucks Springfield,NJ" or somewhere. I assume something like noscript can block some of this but can some of these scripts embed within other scripts that may seem less harmful? I guess VPN can only encrypt your traffic, not truly block a dedicated attack from knowing where you are roughly.

user1535311
  • 21
  • 1
  • 2
    Crude Geolocation can be done simply by I.P. address as well as by script, so NoScript may not prevent them from determining roughly where you are. Beyond that, though, I'm not clear on what you're asking. Can you list some specific concerns you have? Why you're worried about them knowing your location, for example? – David Stratton Jan 03 '13 at 05:10
  • 1
    "[Tor](https://www.torproject.org/) is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis." – Mike Samuel Jan 03 '13 at 05:17

1 Answers1

3

There is no way Javascript code could have access to information related to the WiFi networks in range. This may be possible using a Java applet or ActiveX, but I don't think it is very likely, as the user should permit the applet to run.

There is though another problem you should consider: DNS leak.

Explained here: http://www.dnsleaktest.com/what-is-a-dns-leak.html

Also discussed here: What is a DNS leak?

Community
  • 1
Dinu
  • 3,186
  • 16
  • 25
  • 1
    a signed Java Applet can do pretty much anything. unsigned applets live inside the sandbox. If it was signed you could probably work out whether the network connection is using MAC addresses from popular WiFi chipmakers but I've not tried it so can't be totally sure. – Callum Wilson Jan 03 '13 at 13:23
  • The Prey Project tools seem to be able to do this even while connected to a VPN. Prey claims it is using a Google service. Presumably it is only possible since the computer owner grants the app permission to look up this info? – user1535311 Jan 06 '13 at 04:03
  • Prey is a standalone Application which you download and install on your computer. It does not run in the Browser, it just has a Control Panel which is accessible online. – Dinu Jan 06 '13 at 09:02