-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disabled UnifiedNLP providers are queried anyway (security) #8
Comments
I experience similar. When I want to temporarily enable providers which I normally leave disabled, no results are returned for them. It's as if my configuration changes aren't being applied. Sometimes I've had success with stopping My Location entirely, and relaunching. As if configuration is only read at initialisation. This discourages experimentation. |
My report is from the very first time running MyLocation. So I don't think it's a cached info issue. Maybe the real bug is that providers that are not configured on in ugNLP settings respond to requests to locate. Perhaps just document; I disabled the Mozilla NLP provider (app disable, not NLP configure off), and then MyLocation didn't show it. I should say that it's a huge win for MyLocation to point out that this leak is even possible. |
I have this strange behaviour: When Mozilla Backend is disabled in unifiedNLP MyLocation shows location data from Mozilla Backend. But when I try to use it in another app, say OSMAnd, location is not shown. When Mozilla Backend is enabled in unifiedNLP Mylocation shows "Failed" for Mozilla Backend. But OSMAnd shows location. Thats weird. |
@y0va I think your first case matches this issue, exactly. In both cases, OSMAnd not getting and getting location seems correct (and not about MyLocation but of course it's helpful debugging info). Your second case is a separate problem, and I don't understand it. But I have observed "Failed". |
A crude workaround might be to disable (background) network access. At least at the time of enabling UnifiedNLP querying in MyLocation. |
I have disabled the unifiedNLP providers I don't want to use at the system app level. That works fine. After thinking, I am seeing this as an OS bug, not a MyLocation bug. If an app could query, it's good that MyLocation does, to tell us what's going on. I'm going to leave this open until the app author comments, even though I more or less think this isn't a MyLocation bug. |
On CalyxOS, UnifiedNLP is present via microg, and the Mozilla and DejaVu backends are preinstalled. I have configured Mozilla off in settings, to prevent location (wifi list) from being sent to Mozilla. (In addition to paranoia, I find that because I usually navigate to places with osmand, DejaVu has learned wifi for most places, and it therefore is sufficient 99% of the time.)
On starting MyLocation (f-droid, up to date today), I see that it reports a location value from DejaVu and one from Mozilla. In most respects this is great and useful detail, but it violates my configured policy not to use Mozilla. I'm really unclear on if Mozilla is operating in the background anyway always, or whether the query from MyLocation causes it to wake up and send wifi info to a server, but I'm assuming for now that this is triggered behavior.
For a fix, I suggest either
or
The text was updated successfully, but these errors were encountered: