Bitcointalk.org would like to use your current location

[LTU_btc]

Today I was looking for one Bitcointalk thread on Google. I visited one link that I got in search results and got this notification:

It says "Bitcointalk.org would like to use your current location".
At first I thought it's phishing website, but no, it's original Bitcointalk. I have never faced it on Bitcointalk before. Does it come from Cloudflare? Because I don't know why theymos would want to know our location.

[Last of the V8s]

Cannot be the proper bitcointalk.
theymos wouldn't need that.
possible puny codes? https://bitcointalk.org/index.php?topic=5184169.0

[LTU_btc]

Cannot be the proper bitcointalk.
theymos wouldn't need that.
possible puny codes? https://bitcointalk.org/index.php?topic=5184169.0

Nope, it's proper Bitcointalk, because I was signed in to my Bitcointalk when I visited this link. If it would be fake website, I would have to enter my login data to sign in.

[TryNinja]

Is your phone rooted?
Or are you using any browser extension?

[LTU_btc]

Is your phone rooted?
Or are you using any browser extension?

Nope, it's not rooted and I don't have any extensions on my browser

[theymos]

I've never heard of that before. I can see in the access logs that you were talking to bitcointalk.org, though.

My first thought is some sort of browser glitch or extension.

My second thought is that it's Cloudflare. Normally Cloudflare doesn't do anything like that, but it reminds me of a case several months ago where they introduced some new feature which worked by injected Javascript into the page for mobile users only, and I had to go turn that off once I learned of it. (I forget exactly what the feature did.) At a guess, maybe they added this as a way to improve the accuracy of their IPCountry header: since bitcointalk.org doesn't use that, I just now turned that off.

If you visit the same page in a private tab, does it request your location still? (This isn't a sure-fire way to test it, but if it's a problem on my end which I didn't fix, this might trigger it.) Does anyone else see it?

If it's some change in Cloudflare, you'd see it on a lot of sites, since CF is very widely used.

[LTU_btc]

If you visit the same page in a private tab, does it request your location still? (This isn't a sure-fire way to test it, but if it's a problem on my end which I didn't fix, this might trigger it.) Does anyone else see it?

On private tab I didn't got that request. But now when visited this link in regular way, I didn't got this request too. As I said, so far I only got this notification only once.

[Welsh]

You'd think that Cloudflare would have the decency to turn newly implemented features off to prevent these sorts of issues. Especially when most websites don't need this sort of in depth location detection.  Despite Cloudflare probably being the  best option its things like these which put me off of using them.

[suchmoon]

On private tab I didn't got that request. But now when visited this link in regular way, I didn't got this request too. As I said, so far I only got this notification only once.

It's not gonna ask again if you blocked (or allowed) it. Assuming it's Chrome, go to (Lithuanian equivalents of) Settings, Site Settings, Location, find Bitcointalk under Blocked or Allowed, remove it, and try again.

[libert19]

This is the link, op tried to visit: https://bitcointalk.org/index.php?topic=319540.1280

I didn't get any prompt, tried multiple browsers as well. Seems like a browser glitch to me.

[teeGUMES]

Could it be an invasive app that recognizes the word bitcoin and is collecting info for potential malware/information gathering? I hardly have anything on my phone app wise because the permissions get out of hand real fast.

[hilariousandco]

The feds are onto you.

[AB de Royse777]

I wish we (the forum) had an alternative to Cloudflare :-(

Imagine Cloudflare has all the logs of the IP address that you have ever used to browse your BitcoinTalk account. I do not question that they do not have it yet.

[Lafu]

I never got this "Bitcointalk.org would like to use your current location" on my Computer or on my mobile phone.
First time i hear and see about that notification .

[Harlot]

We might need more than one incident to confirm that this is really happening because of cloudflare because right now we just need this to be treated as a individual problem which is only related to his phone or the app he is using. @OP haven't you experience the pop up on other websites which doesn't usually ask for your location? If it is maybe it is really related to your browser app or you might have other third party apps doing that for you in disguised of a website asking your location.

[Welsh]

I wish we (the forum) had an alternative to Cloudflare :-(

Imagine Cloudflare has all the logs of the IP address that you have ever used to browse your BitcoinTalk account. I do not question that they do not have it yet.

There's other solutions out there, but Cloudflare definitely has the monopoly within the industry. They're unfortunately the best service around in terms of uptime, speed, and features. However, there's definitely been questions about what they do with the data, and who's seeing the data. I've used Cloudflare, and haven't had too many complaints about them. Possibly if there was a decent competitor I'd give them a look though. I think I remember theymos being somewhat reluctant to using them also.

[hilariousandco]

I wish we (the forum) had an alternative to Cloudflare :-(

Imagine Cloudflare has all the logs of the IP address that you have ever used to browse your BitcoinTalk account. I do not question that they do not have it yet.

If you're worried about snooping use a proxy or tor.

[AB de Royse777]

~snip~
I think I remember theymos being somewhat reluctant to using them also.

Yes he did and it was understandable.
We talk about decentralization but I still see we have few decades to go to enjoy the full decentralized (hope we do)

~snip~

If you're worried about snooping use a proxy or tor.

Yeah that's what I do since I have learnt that we were under Cloudflare's service.

[DaveF]

@LTU_btc were you on your usual connection to bitcointalk?

The local cable provider where I am is injecting javascript ads to http (not https) pages.

https://www.reddit.com/r/longisland/comments/a70owc/anyone_getting_ads_injected_into_their_web/

I know other providers do it also.

However, I have noticed at very rare times it does try to inject it into https pages if it sees any http traffic at all. The result is very odd behavior on the page until a refresh. Then it's all good again.

-Dave

[bob123]

The local cable provider where I am is injecting javascript ads to http (not https) pages.

You can't visit this forum via http (301 Permanently moved).
Additionally HSTS is set, which means that your browser will automatically connect via https next time. So if you don't clear the cache of your browser, you don't even try to connect via http at all.

However, I have noticed at very rare times it does try to inject it into https pages if it sees any http traffic at all.

That's itself not possible without your browser trusting a CA from your ISP.
They would effectively be the man-in-the-middle in such a case.

Unfortunately this site does not have the HPKP header set, which would say that your browser can only trust the certificate if it is being handed out by CA X (certificate pinning). This would prevent any MITM attacks, even if a trusted CA signs a new certificate for this site in order to perform a MITM.