Mozilla Geode

Nov 12, 2008
By:
Nicole A. Ozer

Page Media

ACLU of Northern CA

Recently, Mozilla introduced Geode, an extension for the Firefox browser that can determine where you are and share that information with Web sites and other services. This allows Web sites to deliver location-based services, which, as we recently discussed, carry serious privacy concerns. Geode's privacy policy mitigates some of these concerns, but ultimately our ability to control location information depends on the policies and practices of the Web sites with which we share this information.

Geode and Privacy

Geode is expressly designed as an opt-in system. It is currently available as an optional extension to the Firefox browser (although Mozilla plans to build location determination into future browsers). In addition, users must give permission before any given site or service is provided with their location. Users can decide to give a specific site or service ongoing access to location information as well, but this again is an opt-in rather than a default option.

Geode uses the Skyhook service, which determines location based on nearby WiFi networks. Although Geode, like Chrome, relies on a unique ID that is sent with each request for location, Skyhook's privacy policy explicitly states that "[a]t no time do we store or retain the random ID."Furthermore, Skyhook's policy includes pledges not to collect any other personal information, to store all information in an encrypted log after 72 hours, and to post a notice on their Web site if and when they comply with any law enforcement or other official request for information.

Moreover, "the ultimate plan for Firefox is that service providers and geolocation methods will be pluggable and user selectable – to provide users with as many choices and privacy options as possible." Giving us the ability to choose whether, how, and to whom we reveal information about our location allows us – not Mozilla, not Web sites wondering where we are, and not the government or other third parties – to control our own information and to demand that it is only being used, stored, or shared when we give our consent.

Is It Enough?

Given the extent to which location information reveals our personal lives, Geode's opt-in requirements and Skyhook's privacy policy are necessary steps to protect our privacy. Yet Geode is only a tool to generate location information; other services that use this data must also commit to giving us full control over the use and retention of our location information.

Ideally, when Geode offers users the choice of sharing location information, it should include a link to the privacy policy of the site or service that is requesting this information so that users can make an informed choice about how and whether to share their location information.

Until that happens, if you do decide to try Geode or similar products, you should carefully consider the privacy policies of any site that takes advantage of Geode data. Share information only with sites that commit to using and retaining location information only when necessary and in a privacy-enhancing manner. Demand your right to control your own information and to choose when and if your location is shared with others.

Chris Conley is the Technology and Civil Liberties Fellow with the ACLU of Northern California.