Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Tell HN: Google is correlating location data to your IP
172 points by wereallterrrist on Dec 17, 2022 | hide | past | favorite | 126 comments
Hi HN, Is this a known thing? I'm pretty frustrated, and even given my near-complete disillusionment about capital-driven-tech these days, I can't believe Google is doing this.

I just got home from being in Mexico where I used my VPN (because of course US financial apps panic if you access them outside the US).

I fired up my LG TV running the YouTube app (which I'm not signed into) and every, single, ad is in Spanish.

My Edge browser on my desktop computer gives results in Mexico and claims I'm in Quintanna Roo. In many places, I cannot override this, at least without signing in and/or apparently explicitly feeding it more accurate location data to "fix" it's perception.

Is this expected/known? At one point, it even said "based on your IP address" despite the fact that my IP clearly looks up to a Washington State IP address.

I just wish I could make this known to Google's advertisers. Are they aware that when I travel, they're pay to show me ads that I can't understand?



Not you IP address but your router/access point's MAC address and been doing it for many years.

For example, I receive quite a few devices for reviews, and I mostly give things away after using those. Many years ago, I gave a friend in another city a router. For a few weeks his computer and other devices reported his location as being my city instead of his. It took a couple of weeks for Google services to catch up.

Google logs your current location and the MAC address of any access point visible to your phone. In your case, if you used your phone via the VPN for more than a few hours, Google associates that MAC address with the finer location from your phone's GPS. It may not link that data to your account, but it uses it to help getting a GPS location.

If you live in a location with low traffic/human density then it may take longer for Google to change it back.

This information is also used for a GPS cold start. Actual GPS takes a few moments to get a fix, even more if indoors. A GPS get a fix faster if you are using it close to where it was last used, or how fresh the stored almanac data is, otherwise it may not find expected satellites in certain locations in the sky. While a fix is not available phone GPS uses any visible MAC address to determine its coarse location.

On laptops and desktops with no GPS, browsers will use this access point data to set a location - IP addresses databases are not up to date enough and sometimes they are linked to the ISP office address and not to specific towns and cities and certainly not to a specific address.


Can confirm this. In my naive days I used to use Google's Maps together with location tracking on my Android phone. When I moved location, the ISP I was using was available in the new location so I just moved with my router and my IP address and device Mac address remained the same.

Google Maps still thought I was living in my old address. My phone was stuck on the old location for days iirc.


I'm curious how this actually works. My workplace has extremely bad cell coverage and no GPS coverage indoors. I work at a satellite office about a mile from the main headquarters, but we have facilities (mostly small storefronts) over about a 1000mi radius from that location. Few employees have company-issued phones connected to the network. Whether or not we're connected (or have ever been connected) to the company network, people in my office will find that our detected location is maybe 200 mi away from our office, often in places that have none of the same ISPs as our headquarters and are nowhere near any of our facilities. The location will change maybe every few months. Currently we are showing up as being in the middle of a lake outside a town of 30000 people, though the FCC believes that area is only served by satellite internet providers. I assume our locations are being provided based on the MAC of the nearest router(s), but it's not clear why those router MACs get associated with such far-flung and uncorrelated places.


How do they get mac address from HTTP requests?


It’s not the MAC address, it’s the BSSID of the wireless network you are connected to, and those around you.

Software typically obtains BSSIDs from your mobile OS’s wi-fi frameworks.

The BSSID looks like a MAC address, and in many but not all cases, a given AP’s wireless network BSSID is within a byte or two of its actual wi-if radio MAC.

Google and Apple maintain their own massive geolocation databases of BSSIDs, signal strength, and latitude/longitude.


Not from HTTP requests. Android has access to the network stack and location. Google grabs all visible APs around and correlate to your location.

It is way before HTTP even happens. This data is collected while you are driving around, walking down the street, etc.


How can you block this?


On Android, find Location Services in your system settings and look for Google Location Accuracy. The description for it on my Galaxy S21 reads:

> Google's location service improves location accuracy > by using Wi-Fi, mobile networks, and sensors to help > estimate your location. Google may collect location > data periodically and use this data in an anonymous > way to improve location accuracy and location-based > services. > > Turning this off will result in your device only using GPS > for location. This may impact the accuracy of location > used by apps such as Maps and Find My Device.

Based on that description, that should turn off the data collection, although it can also make GPS fixes take longer, and there may well be other apps collecting this data as well.


Disable “coarse location” option in settings. Might not work though.

If you want coarse location to work but don't want Google to know it, try microG with a non-Google location provider (I use Apple and Mozilla and it's pretty good).


www.GrapheneOS.org


Usa an iPhone?


Doesn't Apple do something similar however? When you turn WiFi off on your iPhone a prompt appears saying that it's better to turn it on for "better location tracking" or something like that.


Keeping Wifi on allows “find my” to work more accurately, which many people value. Third party apps such as YouTube have an additional permission to be able to look at the local network.


Newer wifi chips allow passive scanning while the bulk of the silicon is powered down. I.e. it could/should also work in flight mode


They can get it from your android phone or from chrome if you’re running it


They don't. But Chrome, Google Play Services and other popular apps likely share this data frequently.


They can get it if you log into your Android TV!

I believe they also track and log other Wifi networks that you arnt even connected to.

I'm sure they gather all sort of other metrics from any sensors and signals they can access.


In a http request/response, mac address would be meta data. ARP is not a thing there. That would be an example of data snaffling.


Do you have any info on this? AFAIK, MAC is only distributed in datalink layer around local connections.

I tried some quick packet sniffing browsing Google and did not see my MAC transmitted—as I’d expect (bc like you said, ARP not thing at this layer) also research on “MAC included in http metadata” turns up no results…

If you have any more info on this I’d love to learn more—as I’m puzzled to know why this would happen?


I think the poster isn’t talking about the remote server seeing client MACs (because, as you say) but, rather, about the way mobile OSes use nearby wifi access point SSIDs to provide GPS-less geolocation. Samy Kamkar raised my awareness of this way back in 2010 or so, and this article about his DefCon talk provides a good quick explanation: https://www.bbc.com/news/technology-10850875.


Correct.


In my case the location it shows is in most cases very wrong and also sometimes places I have never visited. Sometimes it changes during some minutes to other places hundreds of kilometers away. So in my case it is completely nonsense what is going on.


I'm sorry that you were oblivious to this, but their job is to track and monetize anything they can unless it's explicitly outlawed. Even then, Alphabet breaks the rules (namely of the EU) all the time as they seem to be content with paying fines on a regular basis.

https://www.wired.com/story/eu-hits-google-third-billion-dol...


The EU should add a zero to their fines. That will surely get some attention.


If they added a zero then Google would stop and then they couldn't fine them anymore. It seems you mistakenly thought that punishment was meant to dissuade bad actors. That's not how government works. Punishment is meant for politicians to profit from bad actors.


Could Google or anyone else still provide the service they do without tracking? Would it be profitable enough to keep doing it?

What would actually happen for users if they added a zero? Would poor people be SOL if they want high quality maps?


Of course they could. But it's an arms race and if one party breaks the pact it would start all over again.


Somehow ad networks worked fine before Android and Chrome supplying everything they can to the company.


They did seem to work perfectly well, and the ad targeting was not much worse(Half the ads now are random startup gadgets I don't want).

But what about stuff like Google Assistant? Seems like Google does a lot that doesn't serve ads, so I assume it must be either to sell their hardware or to spy. Are the hardware sales alone worth it to a CEO?


> Google does a lot that doesn't serve ads

Eh? Google Assistant is the quickest shortcut so serve you an ad, but also can do your calendar.

> Are the hardware sales alone

No way, especially the Google branded ones. But the ability to shoehorn it's ads on almost every device - is priceless. Don't forget, the Android smartphones are practically useless without Play Store and every Play Store install not only allows you to install apps, but:

links the device with your account (so any data explicitly known to come from this device is now can be correlated with you)

sends your location data

provides the way for you to spend the money, including RL

servers as a giant ad sink - every freemium game/app there has the ads from... you know whom?


Most of their stuff doesn't directly serve ads, I don't remember ever seeing one on Google Assistant or in Gmail.

They seem to mostly just exist to do tracking to enhance the stuff that does do ads, or to add value to some other thing that shows them, but they're not directly ad supported, they're tracking supported or pure promotions.


If you, as the user, want to restrict this, you can do so here:

https://myadcenter.google.com/controls/ads-data/historical-l...

Advertisers are generally aware of this. They can control location & language targeting. Digital advertisers are aware digital target is imperfect, and that imperfection is often called "wasted" and is n priced in.

Your comment about Edge on your desktop makes me thing something beyond Google is going on, as Edge only runs on Windows (a non-Google product, made by Microsoft) and Edge is also a non-Google product, made by Microsoft. I wouldn't be surprised if something is confused in Windows & that's propagating into your web experience.


Edge runs on many platforms - https://www.microsoft.com/en-us/edge/download?form=MA13FW


What? No, i just meant that its a random browser that i have no cookies on, on a stationary computer that has never left my apartment?


Have you not been out of the country in the last decade?

This is both expected and known and waaaay deeper than what you think.

The ad brokers - of which there are thousands - are tracking you and sharing information collected between different apps to each other. Each app has several analytics packages that send this data.

Any ad server can get this from an analytics package, or from another ad broker. Many ad brokers function as every other component in this web too. Just like Google has both Google Analytics, an ad serving platform, an ad brokering platform and ability to get data from other ad brokers, all alongside the ability to directly track you like you imagine. But probability wise, it’s not “Google tracking you”, its everyone.


Google changes the UI language in its first party apps based on IP, which is a much bigger deal than advertisers chosing to send Spanish ads to people who spend time in Spanish language countries.


Not just that, I also constantly get German Wikipedia articles as top result when my browser and OS are set to English. If it were only the UI, that would be better because I know the buttons by heart already (not a given for every user, of course).

I've always wondered what I'm supposed to do when on holiday in a country with a different script that I can't make heads or tails of. I'll have to practice my japanese or amharic then I guess?

The other extreme is DDG which will try to find English results for a query that very clearly uses Dutch words, matching pages that don't have those words on them rather than bringing up the Dutch page that contains all of the keywords.


I believe if you're logged in it will miraculously know what language to use. Mind you I don't actually know because I stay logged out


It doesn't. For me, it still puts the local language results first.


With DDG, you can switch the location slider on, and it seems to use your IP then.


Yep, so I have to tap the language menu, tap the search field, type ger, select Germany...

whereas it could just do keyword matching like I ask it to


You can preselect all these by using the correct link (look at the help section).


You can disable this by going to https://www.google.com/preferences and changing "Region Settings" to your home country. The fact that this is so undocumented, not easily accessible from first-party apps, and yet lives at such a simple URL is baffling to me.

Edit: It only works if you stay logged in to your Google account.


Doesn't help. My ISP covers Ontario and Québec with the same address pools — two different ‘primary’ languages, not to mention two different legal jurisdictions. IP ‘geolocation’ is fundamentally broken.

With Firefox, you can (with some difficulty) specify your location, but most still pull something out of their ass.


They still haven't understood that there's multilingual countries and immigration is a thing, I wonder how long it's going to take then to fix this annoying bug, this issue has been there forever.


Indeed - one of the more annoying things for me is Google and friends giving me UK-centric results because my browser language is set to en-GB despite being logged in, with a US billing address and a US IP address.

United Airlines is actually the worst offender for this - they constantly revert pricing to GBP. They somehow manage to know which home airport to set though.


As other people have said in exhaustive detail: where you are comes from a lot of signals other than your IP address at the VPN end of your VPN. Off the top of my head: you connected to some cell tower in Mexico.

Go to google.com/history and clear out all history from all services. Go to YouTube and do the same. Clear everything from your browsers, meaning you have to log in again. If it's allowed, return the phone to its default state.

Just for good measure, power the phone off, take the battery out, wait an hour, put the battery back in, and power back up again (this part is cargo-cult, I know).

There are probably even more sanitary measures I'm missing here.


I’ve tried everything but I can’t stop my google maps from randomly changing to Portugese. I went there for 5 days, years ago. I always change it back to English. It’s so frustrating.


I wonder which manager thought that's what the users want.. "Let's see, this user of ours has lived in the US for the last 10 years, he's never read any page in Portuguese, and he often uses Google Translate to translate Portuguese texts. But wait, he's currently in Portugal, he definitely wants us to be helpful and change the UI to Portuguese!".

In the same vein, I was holidaying overseas. I wanted to book a hotel back home for a ski weekend after I return. Despite Maps knowing my home address and probably a lot of other info (like my credit card billing address), it was showing the hotel prices for in the foreign currency...


It happens on my unsigned in TV that has been sitting in Seattle for a year. I'm really not an idiot. Idk what else to say.


Using IP addresses to infer approximate location is very common, but advertisers can do it other ways. Maybe Microsoft does something different?

Getting it wrong in this way is rather puzzling, but it's unlikely that anyone here is going to be able to debug it without a whole lot more information about your computers. Maybe there are cookies you can delete?


I can open private browsing on my laptop, and Google Shopping shows me Seattle results.

But again, my gaming PC, which was offline in my apartment in Seattle, has been showing me Mexico/Spanish results in Edge. And my TV, which sits in my apartment in Seattle, is inundated with Spanish ads.

I'm starting to suspect that different Google properties are using different signals, too, which makes this extra confusing.

It's really as if YouTube has modified it's profile of me and said "oh, since he was in Mexico for 2 weeks, he must speak Spanish now" the same way they *infuriatingly* insist on switching my results to Spanish whenever I first landed (which literally was why I started using the VPN).

It's a kafka-esque nightmare of them trying to be smart and absolutely making things harder.


Consider that Google might know best here, and it's high time for you to pick up Spanish.

J/K. Have you tried all the stupid stuff like clearing your cache and logging out and back in?


Again, edge is running on my gaming PC that has never once left Seattle. It clears cookies on exit. When i use google on it, it says im in mexico.

Idk why everyone is so gung-ho to disbelieve me. Theres NO EXPLANATION for what im seeing other than Google keeping a hint for my IP and it being currently set to "being in Mexico".


Are all those devices logged in into your account? Maybe Google thinks you're Mexican because of your recent stay in Mexico and serves you content in Spanish. I'd check the language settings of the search engine, Google News, Android or iOS apps, the content of cookies in the browser, etc.


It won’t matter. I went to Portugal for 5 days once. All my preferences are set to English. I randomly get Portugese results and my maps randomly changes to Portugese. It got worse when they moved it from the maps.google domain. The only way to fix it is to not be logged in.


It sounds like a leaky tunnel.

Also, is it your private tunnel? I think it also looks at the language settings of the bulk of users coming from that IP address. As an example, try using any public VPN hosted in a German datacenter, with a German IP address on a German AS, but created by Iranians (either as help to circumvent the crackdown or as a honeypot; they routinely post these en masse on Telegram), and you'll be detected as Iranian and start getting results in Farsi.

(don't try it actually, or at least use precautions and while not logged in)


I have location tracking disabled on my Android phone and moved to a different state over a year ago but they still show my old home and work pips on the map. However, the articles in the Google Assistant pane are now nearly all relevant to my current location but they gradually transitioned from the old regional news over many months. This is one of the few places where I leak detailed fingerprint data with unfiltered web browsing.

Google is clearly collecting its tracking from a variety of sources but integrates it sporadically.


You're absolutely right; I've operated a site-to-site VPN tunnel between two locations (tunnel endpoints were on the routers, and both peers were sharing an public IP address).

After a while, Google would associate the IP address of the local side of the tunnel with the location of the remote side of the tunnel.

I assume this is from Android devices connecting to the network on the remote side, being geolocated by Google Play Services, and Google tying this location with the IP address.


I don't have a single Google device in my residence for this among other reasons. I bought a tablet once while traveling just like you with my cc, didn't have time to use it much, just streamed video (never signed in, don't even remember my google account from years ago), the tablet has no gps or mobile data capability. As soon as I got home it connected to my wifi automatically. I thought I lost my mind for a few minutes. My phone being connected and somehow associating me (they can fingerprint you by your device sensors -- patented) with the stores ssid is my only explanation.

I get MS and apple are locked down but why the hell would you use a product by a company that treats you like google does. Apple and MS are just greedy or shortsighted, google is openly hostile, it's not that they don't care about your privacy but that loss of your privacy is their main product!


I am facing a different tyranny from Google. I just moved to US from a different country. I am not able to install any US based apps as Google play store has my original country tied in. Google knows I am in the US, but they want me to give a payment instrument (Paypal, or Credit card) before they allow me to update the country.


Use an alternative app store, like Aurora which allows you to access Play Store anonymously, or just download from an apk hosting site (apkpure or similar). For your privacy, just log out of google completely on your phone and preferably install a custom ROM that doesn't spy on you (GrapheneOS, CalyxOS if you have pixel, /e/ os otherwise)


Aurora Store is safe, as the APKs are fetched from the Play Store.

Anything else, and you are rolling the dice.


Thanks


Yes, they use your card to verify you are actually living in the country, and not just spoofing. You either have to give them your card or you simply make another google account.


Short answer can be summarized as follows: Can X correlate data "that way" about users at scale and at an acceptable cost? If yes, then X does it.

Works for all companies that generate revenue from targeted advertising (GAFAMs of course, and many many others).


For a very long time Google thought my Newark, NJ IP address was in UAE, where I’ve never been to. Most other websites serving a local version (e.g. airlines) based on GeoIP got it right, but a few also decided I was in UAE; I don’t recall which ones. I submitted Google’s IP location correction form[1] and it was fixed months later. Google’s GeoIP database is weird.

[1] https://support.google.com/websearch/workflow/9308722?hl=en


> I just wish I could make this known to Google's advertisers. Are they aware that when I travel, they're pay to show me ads that I can't understand?

I live in Canada, but came to Australia for an extended period to visit family.

I'd been in Australia, using wifi and a local Aussie SIM for over 6 months and Facebook and google were still showing me ads for Canadian things. I wonder if people paying for FB and Google ads know they're being shown to people outside the country like that. I'd be mad if I were paying for that.


Not the worst that can happen from travelling. At least now you can filter out everything that's in Spanish without having to second guess whether it's an ad or not.

I logged into the WiFi of a Russian airport once and from that day I had Russian spam in my email, fake invites on Google calendar, attempt to break into my Shopify account and others (probably using data from breaches)


This might be the use of the VPN tells them to identify VPN users and get their "real" location. Lots of people may be using VPNs from Mexico. So when they see a user that has used VPN, they discard their fake IP address data and use the one they suspect is true.


Its my tailscale exit node, its not a public vpn.

Sigh, i guess i wasnt clear enough but i didnt pull the conclusion out of my rear.

Days later, my stationary gaming PC still thinks its in fking Mexico.


Google’s IP geolocation database can sometimes be weird and not match what other providers think. One day, Google decided that I’m in the Netherlands (I’m not, I’ve never been there, and I haven’t used a VPN). This affected ads and displayed prices in a few random places, but then it went to normal.


Have a look at Wigle.net and you will better understand how some localisation services works.


it's not just ads, it affects the entire Google Cloud infrastructure. I've seen this in some proxy servers too. Wondering if this is mostly related to location data or a persistent cookie and/or tracker that's designed to detect VPN activity.


I actually like that I see ads in other languages on youtube, based on VPN location.

So instead of manipulative junk I receive some funny blahblahblah videos I don't have idea what about and not putting junk in my subconscious.


Genuine question. Does Apple just not do these things? Is my privacy *actually* protected better with an iphone? I still have to use Google Mail for work and occasionally use Google Maps to find things.


Apple does this, but to a lesser extent. I think the important distinction is in the business reasons that Apple and Google collect data.

When Google collects data on you, it's mainly so they can let other companies interact with you (ads), and those companies pay Google so that Google makes money.

When Apple collects data on you, it's mainly so that Apple can interact with you, and get you to pay Apple so that Apple makes money.

The existence of that third party in Google's motive (i.e., advertisers) incentivizes Google to collect data more aggressively, because as long as the people using Google are "happy enough" to not leave the platform, Google stands to benefit from collecting more data for advertisers. And "advertisers" isn't a well-defined demographic.

Apple's cost-benefit analysis when it comes to collecting user data is much ore clear-cut. If they can't tie data they're collecting to more revenue, there's not as much incentive for them to collect that data.

In my opinion, that's why the reporting earlier this year about Apple's pivot towards advertising is such a big deal[1]. It completely changes the relationship it's users have with the company.

1: https://www.bloomberg.com/news/newsletters/2022-08-14/apple-...


Also to consider: Wifi networks are used for tracking. Google and Microsoft offer methods for disabling this for the network that you control. (_nomap/website) Apple does not. Also Google makes it not impossible to stop tracking ( F-droid/Netguard/Superfreezz) on your phone. Pro iphone: Apple does not share access to an advertising id for monetization without user consent. Apple guards application boundaries.


I believe most of it is actually Mozilla, and not either one of those companies. Looking at DNS lookups, 2/3 of all DNS requests on my network go to location.mozilla.com


Find My Friends exists. Therefore, Apple has access to a pipeline providing real-time location data of your whereabouts, if you use that feature. Apple's privacy policy confirms that they collect "Precise location only to support Find My, and coarse location." Apple complies with law-enforcement subpoena requests about 90% of the time in the US (https://www.apple.com/legal/transparency/us.html). For comparison, Google's compliance rate is about the same, at 84% (https://transparencyreport.google.com/user-data/overview). I wouldn't expect those rates to be substantially different; they're both US companies subject to US law.

In other words, cops interested in your whereabouts probably don't care much if you have an iOS or Android-based product. Moreover, the easier subpoena target is your wireless carrier. For their service to work, your carrier must map your billing info to your SIM IMEI (I say "must" lazily; I could imagine a ZKP system that gave out certificates showing that a randomized IMEI is paid up. But the angry privacy mob doesn't seem to be focused on carriers right now, so I don't see why they'd change).

According to anecdotes on the web (I am not a customer of Apple), Find My Friends uses IP geolocation as a GPS fallback. It stands to reason that Apple's ad network has built a similar database. I believe both major networks allow individual users to opt out of that database being used to serve them ads, but I don't know whether that means that the ad networks do not still know where that user is.


Google Maps on iOS asks to track your location in the background by default.

Apple tracks your location as long as Location Services is turned on.


You can't truly turn off location on iPhone. Find My iPhone still works even if you, which demonstrate that your location is still going to them. In fact even if you turn the phone off, it still has bluetooth on, acting like Airtags.


Apple makes their money on their products and not your data. Google is “free” because it makes its money off your data.


This position is outdated. Apple now makes (some) money from your data with advertisements.


> Is this expected/known?

I expect that Google will use any data the can obtain to make themselves more money. So if could've imagined the situation you described.


A few years ago someone did a data export from linkedin and received a CD, I think either in the early days of GDPR or maybe during the predecessor (NL: WBP) which was effectively the same except no fines. One of the takeaways there was that linkedin suggests users to each other that share an IP address. I have also noticed that youtube on tv will suggest things that someone in the household watched on the phone. Whether it's truly by IP address or by some other proximity proxy, in the end the answer is the same: yes, adtech firms use correlations, such as your IP address.

It sounds like you're one of today's lucky ten thousand. https://xkcd.com/1053/


I have seen other people get recommendation in YT solely based on IP, which frankly should never, ever happen or be allowed.


So what should OP have done to avoid being tracked while on vacation?

Turn off android Location? Use a burner phone, and sign in with a new account?

Can Google do the same thing on iOS?


I recently bought a brand new pair of golf shoes from a physical store. I did not even search for them or look at any golf shoes online. The next day, I got Google ads served for the same brand of shoes I bought... Coincidence? Seemed very creepy. I know they sometimes do "re-tageting", but in this case I am sure I didn't look at any stores online. Only the fact that I physically visited a store with my tracking devi... errr i mean "phone", in my pocket...


FB (and to a lesser extent google) allow targeting via phone numbers, emails, and addresses.

This [1] shows the attributes Facebook Custom Audiences allows match on, and it includes email, phone, first/last name, address, dob, and age. So if any of those were shared with the store, they can upload them to FB (and very similar to Google) to show you ads.

[1] https://www.facebook.com/business/help/2082575038703844?id=2...


They know everything.. And yet on top of this, Google is still nagging me to add my DOB to my account...


I would guess it is linked to a membership with the store or a credit card used for purchase.


Omg, yes!


All your purchases are sold to marketing firms by your bank.


credit card data


Are you sure there isn't a mix-up with your VPN? I travel a lot internationally and never experienced anything like this.


I mean, I'm sitting in my apartment in Seattle and Google says I'm in Quintanna Roo. Given that I don't have any devices left in Mexico, I'm not really sure what else could be happening.

to be clear: my VPN is Tailscale configured to use an exit node running out of the apartment I'm currently sitting in.


> Google says I'm in Quintanna Roo

This is at the bottom of the Google search results page on mobile right?

If so, that location is based on signals from a bunch of places. The logic takes as input:

* Location history in your Google account (if enabled)

* IP address location lookup from the most recent request (if sufficiently accurate)

* HTML5 location API response from previous requests to Google search on your account (since the html5 location API is quite slow, and you don't want to wait 30 seconds for search results).

My guess is you have location history disabled. And you have the html5 location API disabled. And your Seattle IP address doesn't resolve to a very precise location (so is rejected). So the last fallback is the last known location for you, which was probably the hotel WiFi in Mexico, which probably did have a precise geocode associated.

If you want to fix that, you can set a manual location IIRC, or you can enable some other location source.


>If you want to fix that, you can set a manual location IIRC, or you can enable some other location source.

Yeah, but I can't. The only way I've seen hinted at doing that is letting my browser share location to Google.com and my desktop Firefox can't estimate my location anyway, on top of the fact that I'm not about to give in and fix this by just arbitrarily granting them access to more data about me.

Especially when they clearly have all of this effort around it, dialogs to try and tell me why it thinks I'm in Mexico and won't just give me a way to tell it where I am.

When I was looking for where to buy an SSD and used "shopping.google.com" earlier, I absolutely could not find how to convince it that I was in Seattle. Ironically, a private browser worked there.

And yet, I literally just sat through 3 spanish ads, again on my unsigned in TV that has been sitting in Seattle for a year.

I think you're absolutely right, it's this myriad of data. But it's frustrating that I /can't just easily override it/.


I think this might explain it? It sounds like various systems have decided that your Tailscale exit node is in Mexico, and something needs to happen to convince them that it isn't.

Various companies including Google have systems to determine a phone or computer's location via WiFi. To do this they have a table of the approximate locations of routers worldwide.

How does that table get updated? In part it's due to cell phone traffic. If a cell phone's location is determined in some other way (such as via the cell phone network), they will assume any visible router is nearby. So, for example, this would be a way of finding out where a coffee shop's WiFi is.

If, say, a mobile phone is in Mexico (determined via the cell network or GPS) and it's using an exit node in a different country, the inferred router location is going to be wrong. Ironically, using the VPN from Mexico is probably what broke it.

One way to fix it might be to change the exit node somehow. Or maybe connecting to the VPN while at home, using a cell phone, would fix it?


What kind of internet connection you have in Seattle?


Astound/Wave Broadband. From whatismyip.com:

My Public IPv4 is: 198.244.xx.yy

My Public IPv6 is: 2604:4080:redact

My IP Location is: Seattle, WA US

My ISP is: Wave Broadband


Oh yeah, something I've noticed is that I have Spanish neighbors and I occasionally get Spanish YouTube ads


Every single advertising company is exploiting every single side channel that they can.

This should not surprise you.


Sure. And in this case, they're showing me irrelevant ads, shopping results I can't use and more.

It's not surprising me, it's baffling me because it's just stupid to do this.


Is it? You haven't travelled to a non-English place in ten years to not notice this, and they're just going to be wrong with targeting you for a few weeks.


Large rich companies screw up way more than small ones.

Nobody cares, the business is making 10x what it would need to survive. Worst case scenario they still have their reputation (I still remember conversations before buying Azure: "it's Microsoft, it can't be that bad"...)

A small company either does things right or eventually gets destroyed.


Works for the 99.9% not using a VPN. They don't care about the last few users.


It's getting very serious. I created an fresh anon Instagram account using a cellphone number that I used with FB. And voila, someone I know is a recommended for me to follow on Instagram. They have no shame. And no one is holding them accountable even with proof.


Instagram and FB are both owned by meta. Is it really any surprise that they share data?


For privacy focused people that's a bad thing, for everyone else that's a feature. You gave meta that phone number, meta is going to use that phone number with all of meta's products. Not saying that's good, just saying that's a thing that makes sense.


Do no evil RIP.


When I change my dns location, the language and adverts change for my shield/android TV


> I can't believe Google is doing this

Have you been living under a rock?


No, I'm pretty careful about the information that I give to Google. The only Google app on my phone with access to my location is Google Maps.

To me, it's absolutely news that Google Maps data can taint my entire IP address across all Google services.

Ultimately, sure, great, I realize Google is going to Google, but this is absolutely not something I've seen discussed previously.


> taint my entire IP address across all Google services.

When in .mx your cell phone location was on, and you used apps like Google maps at least partially through the house/hotel wifi which you tunneled to exit in USA? If so, that tied the "trusted" phone location to the IP you used to exit traffic in USA.


Do any diving down there? I really need to get back.


Leaky VPN, time to switch to Mullvad. GOAT.


welcome to the matrix.

yes it's a known fact, and no there's no way around it.


Why is everyone so worried about personalized ads? Serious question.


Google uses the whole bag of tricks to correlate your location and other personal information, they are actively engaging in a surveillance system which previous Stasi members (yes Eastern Germany) have described as a wet dream.

That can include any number of avenues, including from implants they've put on devices you may carry. For example, even if you don't have location services on, depending on the model it will keep the last X number of AP points and cell towers that came into range, and that information may be used to correlate your location regardless of if the feature was turned on or off by you. I'm pretty sure intermediate cell towers sell some of this information to Accurint which is where most governments agencies go for information when not Palantir.

Google has a lot of ad fraud because of their pernicious use of surveillance may indicate you fall within a demographic to their ad companies that you do not, but they are the only marketshare in town for ad providers.

No there isn't a way to game the system in any way, you have no control over their algorithms, or even your own hardware.

You may also notice that if you talk about a specific thing hitting the same keywords over and over within a few minutes, within range of one of those devices all the ads switch to that thing. Like a purple dog collar. Technically that's wiretapping, and should be illegal, but no ones holding them to account because someones decided its not illegal if an algorithm does it?

For anyone not aware of the tech involved in this, this may seem like a tinfoil hat like response invoking the I can't believe it response. That's fine, but it is happening regardless of people thinking those thoughts, and you have no agency to change or stop it which was by design.

If you are unhappy with that, the only option is to become an expert in the technology, or bury your head in the sand.

The thing that most people don't get about privacy is, privacy is your future. If you give up your privacy, you are giving up your future.

Whatever that may be, its what you are trading when you use anything made by companies involved in this despicable and evil trade.

You become a victim to anyone who pays to have access to that information or some derivative of it, and its done in a subtle way that you don't concretely know when that's been used against you or when its happening.

Those companies won't give you enough information to make an informed decision about it because they are deceitful and malevolent by design and have used leveraged buyouts to consolidate that power in a global game of monopoly, and most likely received funds from people within the government to set this up in the first place.

They have gotten where they are now at by stripping agency, and voice, and corrupting and subverting the areas they would normally be held to account.

So the only real alternative without specialized knowledge is to become a luddite and not engage in society (in the US).

This mostly because everything is being forced through compulsion into the online space without proper safeguards, you have companies who are acting as arms of government without government oversight, which is also by design.

Most people can't become a specialist at tech overnight, and the people that do go the luddite route are ostracized, and have less opportunities for anything that falls in the social spectrum.

Many people do not realize just how bad things have gotten because they rely on institutions to get their news, such as from the Sinclair's of the world.

If you have a chance look at the deadspin Sinclair video. That was made years ago, and despite that and other issues, they were still authorized for further mergers to consolidate their business.

The reason the world is getting so crazy and going off the rails is because these 'evil' people have been allowed to continue this attack on agency and speech without restriction, and the people responsible for not taking action against these companies are the same people we voted into office but more appropriately were tweedism'ed into office without a real choice by us.

When you look at social media stuff, you always have to wonder if the people responding are real, most of the time if the post has an algorithmic negative sentiment then you'll be downvoted, not by real people but by bots. To de-amplify your voice. The same goes for news, to amplify your engagement.

If you've read any history, you would understand we have very dark times ahead of us, and the previous generation who came to power in the 90s, will have a legacy of the generation that failed in every area that counted because they sacrificed their childrens future for short term goods which were then stolen from them under the same framework they supported.


If people actually looked at the machines and code doing the tracking, they would find out that advertising online is tied to complete electromagnetic surveillance of the entire globe, including people's inner speech and bodily actions.

The same people responsible for Havana Syndrome have coerced their way into the tech industry and, as you said, privacy will only be had with a fight.

Petty criminals are recruited online and given unfettered access to systems that have complete dossier and real-time tracking of anyone, enabling harassment, surveillance and sabotage.

Just disconnecting isn't enough, tinfoil won't shield against the advanced electromagnetic surveillance used and only a rebuild of our society, with housing that can absorb and nullify radiation, will bring privacy and security back.


Well that characterization is a bit farfetched, but not completely.

You would have to equate "em surveillance" with all radio (that is em after all), and coverage of course varies by location.

As for inner speech and bodily actions that does go too far because its much simpler, and has little to do with the other.

They use a combination of psychological blindspots, mass media, and indoctrination to influence the latter. It could be as simple as a sound that previously was associated with a dopamine hit, or other conditioned response. Cialdini wrote a book on the subject covering the most common blindspots.

As for the rest, that's a bit off the rails sir.


Yes I fucking hate that. Google knows where I am and all searches take into account my location and I can't change it. If I change IPs, it's a matter of days before they find out. I think they do it using physical geolocation (gps, wifi routers nearby) from Android phones connected to my wifi network.


You can mitigate it greatly though. Never log in at your home without vpn, especially don't log in on your devices. Clear cookies at the end of session when logging in on your browser.


They’ve been doing this for probably twenty years. It is not new.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: