Firefox 55 won't send your location to sites unless they use HTTPS

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
In August 2017, Mozilla will release Firefox 55. One notable change that’s expected to arrive in the update will be that insecure sites won’t be able to get your geolocation data, the information will only be sent to HTTPS and encrypted WebSocket (wss://) connections, and requests from local resources including localhost. The move represents another step in browser makers pushing sites to adopt more secure protocols.

According to Mozilla’s Telemetry data from five months ago, the change will break about 0.188% of page loads, a relatively tiny number which is set to decrease in the meantime. Of the 0.188% of insecure sites requesting location data, 57% use getCurrentPosition() requests and 2.48% use watchPosition() requests.

Users running Firefox Nightly, which is already on version 55, can enable the feature manually through the about:config menu and toggle the geo.security.allowinsecure setting to false.

Mozilla is playing catch-up with Google Chrome which disabled sending geolocation data over insecure connections about a year ago. In Google’s statement at the time, Paul Kinlan wrote, “Chrome has public intent to deprecate powerful features like geolocation on non-secure origins, and we hope that others will follow.” It seems Mozilla is following, finally.

Source: Ghacks
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top