Wednesday, March 23, 2016

Geolocation Fail

I was on Tor the other day, when I tried to access a Blogger blog. I got an infinite chain of redirections, because Google geolocates the IP and then issues a redirect to that country's blogger site.

For instance, with an IP geolocated to the Netherlands, *.blogspot.com and *.blogspot.de will redirect to *.blogspot.nl.  Tor Browser sees that as a new site and runs a new circuit with a different exit node, likely in a different country, causing another redirection.

Generally, the domain and exit node mapping remains fixed.  So, blogspot.com might redirect to blogspot.de, which would redirect to blogspot.nl, which might redirect to blogspot.com.  But the later accesses retain the original exit nodes, and all cause the redirections again.  Most sites work because they don't try to change domains per country.

A few attempts at "New Tor circuit for this site" finally broke the loops by changing the exit node for that single domain, but it's clear Google still puts too much faith in geolocation.

Any blogs that end up being accessed from EU exit nodes also get the cookie warning… generally in a language I can't read, because it's chosen by geolocation.  Even though my headers have "Accept-Language: en-US;q=0.5" and I'm visiting a page whose primary language is English. IK SNAP HET!

(Speaking of Tor, though. If you want to know whether a site uses CloudFlare, just load it in Tor Browser. You'll generally see a CloudFlare CAPTCHA on their sites. They're so aggressive about putting out high-difficulty puzzles, I generally don't bother to solve anymore.)

No comments: