Hi everyone, I don’t know if this is a bug or maybe something that is not documented and needs to be documented. I have a Slate AX router at home running as a Wireguard server, and I have another router that I use when I travel. I have done the port forwarding correctly on the Slate AX and everything works fine for me and I have never had any problems.
But I have noticed that for some reason Google knows my location under double NAT, and Google is the only website that I have tried that manages to get it. Why is this? When I leave the Slate AX as the only router, Google cannot locate me, but if I have it under another router (double NAT) Google manages to get my location.
Microsoft? It shows my server location… any other website? it works! Google? It shows the same exact city I’m in, exposing me completely.
By the way, I’m not talking about using Google Maps or other apps that can find your location through your phone. I’m simply referring to anonymously on a random PC visiting the regular Google website (www.google.com) and seeing your physical location, like “France”, displayed in the bottom left corner.
As it is only Google, it still sounds like you have another device that is giving away your location. If you are logged into Google on a device that is connected to the VPN and one that is not, it could be reporting either of them. For instance, if you have your phone disconnected from WiFi, but still logged into Google, it could be reporting your location from there.
But if other sites are reporting the correct location, it doesn’t sound like a bug or a networking issue to me.
I know that double NAT shouldn’t expose the location at first glance, but it’s weird. I think it’s something that should be investigated in depth by GLInet.
There are plenty of ways to get your location other than an IP address. If hiding/changing your location is important to you then do some Googling to better understand how to hide your location properly. This is not a GL-iNet issue.
wether it is a Chromium based browser, or a Android device they all do not respect the dns resolver in your settings, instead they use their own, in browser this is often a setting exposed in the browser, if you really want to avoid it use dns hijacking.
google fingerprints by persisting cookies, so if they have the exact info, it has fingerprinted you, instead it shows that, however this is not always used by them or often for a limited time until it invalidates, and sometimes triggered by typing wrong addresses as your interest in the search.
from webshop tracking what you have put in those fields.
dns origin mismatch with your own ip, this gives them a idea you are behind a proxy or vpn due to mismatching geo.
so best i can advise is use dns hijacking, make sure dns are not leaking this is sometimes harder than possible.
Especially if policy routing is involved, but from my experience works better in gl-inet than OpenWrts through the pbr app by Strangri.
To add to this, for machines I absolutely don’t want leaking, I have a firewall rule to allow it to access the vpn and right after that a firewall rule denying all other traffic for that host. As long as you build your policy properly, that should prevent leakage around the vpn.
There are many ways to have location exposed. By GPS (on a phone), signing into a personal Google account, searching things relevant to your true location, etc. Google is smart, but it doesn't mean you have to worry about your work laptop exposing your location... your IP is still your Wireguard server's, it's just your browser (ex. Google Chrome) that thinks you're not where your IP says you are
Seeing "France" is hardly giving away your location, unless, of course, you want to appear to be in another country!
Only a guess but is the PC set to the French language?
What they will do however is check language of the browser, they can use a clever social engineering trick in where they use client side javascript to read the local api of the browser rather than the public ip.
either you have to block javascript or use a transparant proxy which adds a javascript on top messing what google reads, which breaks the trust in https aswell, not really useful and complicated, not sure if it works to change browsers language maybe it took it directly from the system.
I don't think this is needed and pretty sure it's not at all related to the router itself in any way.
If you turn off the router Wi-Fi and connect it with wired ethernet directly to a PC that doesn't have any wireless adapter, your "new" location won't be exposed.
Then, change one by one and you'll eventually find the cause.
