Hi everyone, I don’t know if this is a bug or maybe something that is not documented and needs to be documented. I have a Slate AX router at home running as a Wireguard server, and I have another router that I use when I travel. I have done the port forwarding correctly on the Slate AX and everything works fine for me and I have never had any problems.
But I have noticed that for some reason Google knows my location under double NAT, and Google is the only website that I have tried that manages to get it. Why is this? When I leave the Slate AX as the only router, Google cannot locate me, but if I have it under another router (double NAT) Google manages to get my location.
Microsoft? It shows my server location… any other website? it works! Google? It shows the same exact city I’m in, exposing me completely.
By the way, I’m not talking about using Google Maps or other apps that can find your location through your phone. I’m simply referring to anonymously on a random PC visiting the regular Google website (www.google.com) and seeing your physical location, like “France”, displayed in the bottom left corner.
As it is only Google, it still sounds like you have another device that is giving away your location. If you are logged into Google on a device that is connected to the VPN and one that is not, it could be reporting either of them. For instance, if you have your phone disconnected from WiFi, but still logged into Google, it could be reporting your location from there.
But if other sites are reporting the correct location, it doesn’t sound like a bug or a networking issue to me.
I know that double NAT shouldn’t expose the location at first glance, but it’s weird. I think it’s something that should be investigated in depth by GLInet.
There are plenty of ways to get your location other than an IP address. If hiding/changing your location is important to you then do some Googling to better understand how to hide your location properly. This is not a GL-iNet issue.
wether it is a Chromium based browser, or a Android device they all do not respect the dns resolver in your settings, instead they use their own, in browser this is often a setting exposed in the browser, if you really want to avoid it use dns hijacking.
google fingerprints by persisting cookies, so if they have the exact info, it has fingerprinted you, instead it shows that, however this is not always used by them or often for a limited time until it invalidates, and sometimes triggered by typing wrong addresses as your interest in the search.
from webshop tracking what you have put in those fields.
dns origin mismatch with your own ip, this gives them a idea you are behind a proxy or vpn due to mismatching geo.
so best i can advise is use dns hijacking, make sure dns are not leaking this is sometimes harder than possible.
Especially if policy routing is involved, but from my experience works better in gl-inet than OpenWrts through the pbr app by Strangri.
To add to this, for machines I absolutely don’t want leaking, I have a firewall rule to allow it to access the vpn and right after that a firewall rule denying all other traffic for that host. As long as you build your policy properly, that should prevent leakage around the vpn.
