Location Spoofing

Related Threads: Anarchist Spellbook, MITMPROXY

I'd like to develop an app that allows people to spoof their location. Ideally folks could either configure multiple locations and lead virtual lives from those locations or just choose a randomizer that moves their id around independent of their actual location.

Good to go not to track!

Have home network routing Google and Apple through TOR (last showed up in Turkey) and have my portable location recorder ready to roll for next outing.

Already reporting locations recorded in house over and over.

Who knows where I am...not Google or Apple but I can still use their 'free' mapping services.Web References https://johnnywunder.info/mywiki/index.php/Location Spoofing

STEPS TO HIDE YOUR LOCATION

NYTimes Location Spoofing Query Comment

1. Add _nomap to SSID Router.
2. Turn off cookies for all location tracking sites. Doing that for Google Maps allowed Google to only find a general location (Virginia Beach for Me) attributed to your ISP provider I suspect. That still allows me to do my mapping applications without isolating me to a specific location...that's a start.

I will be looking through the Google pages and figuring out what they use to identify location. Starting with Maps link with no cookies, save data, nor signed on I still end up pointing to my house in the first screen displayed. I'll be working through how google does that at Google Location Spoofing. To date what I've determined is the key location factors are

1. SSID for you WIFI
2. IP address

An effective way to mask location is to use TOR proxy(turn on htmlfirward) or Browser for all location services.

Why Spoof Your Location Articles

Why Spoof Your Location Content

No recorded data at this time.

Web Tracking Analysis

There are tiers you're tracked at.

Hardware with GPS is the base, is the most specific and the most current. Both you're cellular provider and your device manufacturer have direct access to this information.

The cellular provider gets it though the cellular network and has direct need of it to provided their service. To date I see no way to effectively block or control this...the best I'm hoping for is the ability to report false positives so they cannot be 100% certain where you are but I have no good idea how to do that.

Your device manufacturer, Apple in the case of my iphone, gets a lot of its information over the web. Simple things like history data and stuff. Whenever you go through a safari start-up it gets a lot of information unless you turn everything off and that is damned inconvient.

It looks like hard realtime location data rarely (if ever passes over the web. What does seem to pass is requests for chunked up roadmap pictures along you route.

Web Geolocation Education

MITMPROXY

Main tool for analyzing flows.

Breakthrough

Johnny 10:17, 16 January 2020 (EST) MITMPROXY do all the heavy lifting.

1. Using mitmdump gather as many client location mappings as possible
2. User central server to randomly replay client mappings.
3. Provide a way to proxy mobile cellular client.

mitmproxy.org , Client replay (Date:Thu 16 Jan 2020 09:18:44 -0500)

New Approach Trace First mitmproxy

To get a detailed handle on what's going on I'm going to trace calls from iPhones and stuff on my LAN using mitmproxy and starting with my core Linux server and the FireFox browser.

Tracing Firefox https calls

1. Start mitmproxy with mitmproxy.sh
2. Configure Firefox to accept system proxy setting.
3. Configure Network Proxy removing localhost, 127.0.0.0/8, ::1 from proxy definition

HTML5 Geolocation

1. W3Schoolls HTML5 Geolocation Article
2. W3Schools Sample HTML5 page

Log

Tuning

1. --Johnny 09:38, 11 March 2020 (EDT) Found out that many of the services, particularly Apple, use the government supplied ArcGIS map tiling tool. To run that you need to get a token associated with either the the HTTP referer or the IP. I'm going to see if I can correct and incorporate this so it works properly.
2. --Johnny 23:10, 10 February 2020 (EST) Turns out already had dnsmasq installed as part of raspap and just had to set-up DNS right to use it. Course found it out by installing bind and then having to back it out. Hey no one is perfect. Tested locally all good, response time much better. Test at station tomorrow.
3. --Johnny 19:28, 9 February 2020 (EST) Today got posting to google over web. Interesting thing is both Latitude and Longitude have 7 9s at the end of them. Additionally determined most of the errors are occurring because of lost DNS need to look at Pi DNS and whether putting BIND on Pi makes sense.
4. --Johnny 11:13, 6 February 2020 (EST) Working Location Spoofing/Google Map from iPhone
5. --Johnny 17:12, 30 January 2020 (EST) Couple of issues with set-up that need to be tuned.
6. Autostart mitmdump is a god send for ease of use but if you don't move the file recorded before next start it wipe out the file.
   1. Updated Autostart to timestamp file so files will not be erase --Johnny 09:12, 4 February 2020 (EST)
7. We're capturing too much data. Need to filter for both security reasons and storage constraints.
8. For whatever reason sign-ons and check-ins do not seem to playback.

Setup Complete and Working

1. --Johnny 17:12, 30 January 2020 (EST) Tested set-up today and it worked great. This is the set-up I'm going with. Requires
2. Smart phone
3. Raspberry Pi with mitmproxy, libimobile and hotspot capability
4. Power source powering Pi. Kindle cord works if car has USB
5. USB cable connect Phone and Pi standard Phone cord.
6. --Johnny 14:45, 29 January 2020 (EST) Set-up http 'location' recording system.
   1. Sett up as Raspberry Pi with mitmproxy as WiFi hotspot
   2. Connect USB as iPhone hotspot to network
   3. Connect iPhone to pi hotspot defining mitmproxy at port 8080
   4. Viola a location recording system with iPhone and pi

   Tested downstairs and worked with no other connections. Should work on road.

7. --Johnny 23:42, 19 January 2020 (EST) Turned on Google Location history.
8. Location Spoofing#Breakthrough Breakthrough make MITMPROXY core.
9. Struggling with this. Tried to think through how to simulate a location and have it double book the location for web sites like google maps and the weather channel. Problem is each is probably using a different unique id to track. Indeed most are likely using a combination of ids to include
   1. Hardware ID
   2. Software ID like UUID
   3. Network ID like IP Address
   4. User ID like Apple ID.

   This seems pretty complex. Where I am now is I'm going to run a few geoservices on my webserver and determine how exactly the post position ferreting out the id used.

10. Swift Hello World working on Mac but did not yet pay $99 to become a registered Apple Developer. Not sure what that is costing me beyond not being able to register app in Apple Apps.
11. Get User Location Data next step is to see how Apple gets Location Data. Ideally be able to run this in virtual app for any simulated apps from Weather Channel to Google Maps.

References and Metadata