LTU_btc (OP)
Legendary
Offline
Activity: 3234
Merit: 1375
Slava Ukraini!
|
|
September 25, 2019, 08:47:13 PM Last edit: September 10, 2023, 10:20:08 PM by LTU_btc Merited by mprep (1), DdmrDdmr (1), DireWolfM14 (1) |
|
Today I was looking for one Bitcointalk thread on Google. I visited one link that I got in search results and got this notification: It says "Bitcointalk.org would like to use your current location". At first I thought it's phishing website, but no, it's original Bitcointalk. I have never faced it on Bitcointalk before. Does it come from Cloudflare? Because I don't know why theymos would want to know our location.
|
|
|
|
|
LTU_btc (OP)
Legendary
Offline
Activity: 3234
Merit: 1375
Slava Ukraini!
|
|
September 25, 2019, 09:06:21 PM |
|
Nope, it's proper Bitcointalk, because I was signed in to my Bitcointalk when I visited this link. If it would be fake website, I would have to enter my login data to sign in.
|
|
|
|
TryNinja
Legendary
Offline
Activity: 3010
Merit: 7438
Top Crypto Casino
|
|
September 25, 2019, 09:13:01 PM |
|
Is your phone rooted? Or are you using any browser extension?
|
|
|
|
LTU_btc (OP)
Legendary
Offline
Activity: 3234
Merit: 1375
Slava Ukraini!
|
|
September 25, 2019, 09:23:29 PM |
|
Is your phone rooted? Or are you using any browser extension?
Nope, it's not rooted and I don't have any extensions on my browser
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5376
Merit: 13407
|
|
September 25, 2019, 09:28:15 PM |
|
I've never heard of that before. I can see in the access logs that you were talking to bitcointalk.org, though.
My first thought is some sort of browser glitch or extension.
My second thought is that it's Cloudflare. Normally Cloudflare doesn't do anything like that, but it reminds me of a case several months ago where they introduced some new feature which worked by injected Javascript into the page for mobile users only, and I had to go turn that off once I learned of it. (I forget exactly what the feature did.) At a guess, maybe they added this as a way to improve the accuracy of their IPCountry header: since bitcointalk.org doesn't use that, I just now turned that off.
If you visit the same page in a private tab, does it request your location still? (This isn't a sure-fire way to test it, but if it's a problem on my end which I didn't fix, this might trigger it.) Does anyone else see it?
If it's some change in Cloudflare, you'd see it on a lot of sites, since CF is very widely used.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
LTU_btc (OP)
Legendary
Offline
Activity: 3234
Merit: 1375
Slava Ukraini!
|
|
September 25, 2019, 09:38:55 PM |
|
If you visit the same page in a private tab, does it request your location still? (This isn't a sure-fire way to test it, but if it's a problem on my end which I didn't fix, this might trigger it.) Does anyone else see it?
On private tab I didn't got that request. But now when visited this link in regular way, I didn't got this request too. As I said, so far I only got this notification only once.
|
|
|
|
Welsh
Staff
Legendary
Offline
Activity: 3304
Merit: 4115
|
|
September 25, 2019, 10:55:18 PM |
|
You'd think that Cloudflare would have the decency to turn newly implemented features off to prevent these sorts of issues. Especially when most websites don't need this sort of in depth location detection. Despite Cloudflare probably being the best option its things like these which put me off of using them.
|
|
|
|
suchmoon
Legendary
Offline
Activity: 3850
Merit: 9088
https://bpip.org
|
|
September 25, 2019, 11:01:51 PM |
|
On private tab I didn't got that request. But now when visited this link in regular way, I didn't got this request too. As I said, so far I only got this notification only once.
It's not gonna ask again if you blocked (or allowed) it. Assuming it's Chrome, go to (Lithuanian equivalents of) Settings, Site Settings, Location, find Bitcointalk under Blocked or Allowed, remove it, and try again.
|
|
|
|
|
teeGUMES
Legendary
Offline
Activity: 1253
Merit: 1203
|
|
September 26, 2019, 04:18:22 AM |
|
Could it be an invasive app that recognizes the word bitcoin and is collecting info for potential malware/information gathering? I hardly have anything on my phone app wise because the permissions get out of hand real fast.
|
|
|
|
hilariousandco
Global Moderator
Legendary
Online
Activity: 3990
Merit: 2713
Join the world-leading crypto sportsbook NOW!
|
|
September 26, 2019, 07:36:50 AM |
|
The feds are onto you.
|
|
|
|
AB de Royse777
Legendary
Offline
Activity: 2660
Merit: 4140
Campaign Manager. My Telegram @Royse777
|
|
September 26, 2019, 10:19:34 AM |
|
I wish we (the forum) had an alternative to Cloudflare :-(
Imagine Cloudflare has all the logs of the IP address that you have ever used to browse your BitcoinTalk account. I do not question that they do not have it yet.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Lafu
Legendary
Online
Activity: 3150
Merit: 3226
|
|
September 26, 2019, 10:37:01 AM |
|
I never got this "Bitcointalk.org would like to use your current location" on my Computer or on my mobile phone. First time i hear and see about that notification .
|
|
|
|
Harlot
|
|
September 26, 2019, 11:20:45 AM |
|
We might need more than one incident to confirm that this is really happening because of cloudflare because right now we just need this to be treated as a individual problem which is only related to his phone or the app he is using. @OP haven't you experience the pop up on other websites which doesn't usually ask for your location? If it is maybe it is really related to your browser app or you might have other third party apps doing that for you in disguised of a website asking your location.
|
|
|
|
Welsh
Staff
Legendary
Offline
Activity: 3304
Merit: 4115
|
|
September 26, 2019, 11:21:53 AM |
|
I wish we (the forum) had an alternative to Cloudflare :-(
Imagine Cloudflare has all the logs of the IP address that you have ever used to browse your BitcoinTalk account. I do not question that they do not have it yet.
There's other solutions out there, but Cloudflare definitely has the monopoly within the industry. They're unfortunately the best service around in terms of uptime, speed, and features. However, there's definitely been questions about what they do with the data, and who's seeing the data. I've used Cloudflare, and haven't had too many complaints about them. Possibly if there was a decent competitor I'd give them a look though. I think I remember theymos being somewhat reluctant to using them also.
|
|
|
|
hilariousandco
Global Moderator
Legendary
Online
Activity: 3990
Merit: 2713
Join the world-leading crypto sportsbook NOW!
|
|
September 26, 2019, 11:35:08 AM |
|
I wish we (the forum) had an alternative to Cloudflare :-(
Imagine Cloudflare has all the logs of the IP address that you have ever used to browse your BitcoinTalk account. I do not question that they do not have it yet.
If you're worried about snooping use a proxy or tor.
|
|
|
|
AB de Royse777
Legendary
Offline
Activity: 2660
Merit: 4140
Campaign Manager. My Telegram @Royse777
|
|
September 26, 2019, 11:39:33 AM |
|
~snip~ I think I remember theymos being somewhat reluctant to using them also.
Yes he did and it was understandable. We talk about decentralization but I still see we have few decades to go to enjoy the full decentralized (hope we do) ~snip~
If you're worried about snooping use a proxy or tor.
Yeah that's what I do since I have learnt that we were under Cloudflare's service.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
DaveF
Legendary
Offline
Activity: 3654
Merit: 6664
Crypto Swap Exchange
|
|
September 26, 2019, 12:10:25 PM |
|
@LTU_btc were you on your usual connection to bitcointalk? The local cable provider where I am is injecting javascript ads to http (not https) pages. https://www.reddit.com/r/longisland/comments/a70owc/anyone_getting_ads_injected_into_their_web/I know other providers do it also. However, I have noticed at very rare times it does try to inject it into https pages if it sees any http traffic at all. The result is very odd behavior on the page until a refresh. Then it's all good again. -Dave
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
September 26, 2019, 12:46:31 PM |
|
The local cable provider where I am is injecting javascript ads to http (not https) pages.
You can't visit this forum via http (301 Permanently moved). Additionally HSTS is set, which means that your browser will automatically connect via https next time. So if you don't clear the cache of your browser, you don't even try to connect via http at all. However, I have noticed at very rare times it does try to inject it into https pages if it sees any http traffic at all.
That's itself not possible without your browser trusting a CA from your ISP. They would effectively be the man-in-the-middle in such a case. Unfortunately this site does not have the HPKP header set, which would say that your browser can only trust the certificate if it is being handed out by CA X (certificate pinning). This would prevent any MITM attacks, even if a trusted CA signs a new certificate for this site in order to perform a MITM.
|
|
|
|
|