1. 6

Lobsters on my phone just requested location permissions. Has anyone run into this?

Screenshot

  1.  

  2. 3

    That’s a weird one. Looks like the js Geolocation API? We have nothing like that in the code.

    Looks like Mobile Firefox, are you running any browser extensions?

    1. 1

      No, this is Chrome on Android.

      1. 4

        I see two possibilities:

        1. Our single JavaScript file has unintended effects somehow. We will look into this.

        2. Your network connection has an MITM (possibly simply shady behavior by your cell provider), or your phone has malware.

        Can you verify that you’re connected via https? You certainly should be, since we automatically redirect http to https. Are you in a position to help with debugging in other ways, for example by connecting your phone to a computer to do web inspector stuff? I totally understand if not, but it’s hard to know what to make of this report, so having more data would be helpful.

        1. 5

          I’ve now looked at both our code on GitHub, and our code as it is actually deployed, and I see nothing referencing this API at all. We also do not use any third-party resources such as CDNs, as I verified in the web inspector here, so I don’t see how malicious code could be making its way in from our side.

          I wasn’t sufficiently explicit in my previous comment, but I think the most likely explanation is a browser extension at your end. Please let us know what you find out; if our users are affected, we’re concerned.

          1. 2

            I’m trying now to reproduce this, and I’m unable to do so. It’s starting to feel like it’s a bug in Chrome itself.

      2. 2

        What phone operating system?

        Is that the Chrome browser? I don’t recognize the… chrome.

        1. 1

          Chrome on Android 10.

          1. 1

            Any browser extensions that could be modifying the page contents?

            1. 1

              This is Chrome on Android, which doesn’t support extensions.

              1. 1

                Ah. Good to know! For some reason I thought it did (note: I’m not an android user).

        2. 1

          Have a Pixel 3 with Android 10 for testing some development stuff @ work (not my daily driver, nearly clean install) – just pulled up Lobste.rs, no location request.