I have MS Edge installed as the browser on my phone. I also have this installed on my PC. They're linked with the same account so that the bookmarks synchronise.
"Location" is and always has been disabled on both the phone and the PC. For absolutely everything. If I want to use, say, Maps, I have to allow it for that app, and I then turn it back off again afterwards. Otherwise it's "globally disabled".
I have never allowed Twitter access to my location on either. Twitter doesn't know my address anyway so it has no means of knowing where I am. It couldn't work it out from what I do on there. So it can't pass that information anywhere.
If I click through from a link on Twitter to certain sites, I see adverts and they're personalised for my location in that they're things like "The cost of dental implants in (town name)".
This made me highly suspicious. How is it getting the location? It's specific - town name. Not generic.
It's not the IP address. At least, it shouldn't be. Both devices use the same internet connection here which is routed through a VPN. That is not "homed" here.
I had a look at the URLs. The Twitter links to the articles are short-links. When the actual end URL is shown on the news site (for instance) it does have a parameter at the end indicating "from Twitter".
If I remove just that and reload, the personalised ads vanish. Yet, I don't see how the location could be passed from Twitter. The short URL is surely too short.
If I click through the same link from Twitter to the identical article on my PC, the ads aren't personalised. Exactly as I'd expect.
The "link" is MS Edge. Microsoft browser on Microsoft PC. Synchronised with phone. Did it "leak" from the PC first? Not according to the setting on the PC. And the PC's behaviour is correct.
So neither device is authorised to disclose the location and never has been. It's not the IP. It's not in the HTTP headers.
The sinister behaviour is only on the phone. And when using outbound links from Twitter. But I think it more related to the ads themselves. The ads are served from a content network called Revcontent. Looks like that has a cookie that identifies me and in turn my location.
If I clear cookies on the phone, and "Close All", then open Edge again and reload the page: no personalised ads. OK, think I've found the culprit.
The question is: how did Revcontent get my location? It wasn't from my PC. Was it from the phone when out and about on 4G? No, because "Location" is disabled.
Or, is it really? Can anyone guess what's happening here? My suspicion is that the phone's assertion that "Location" is off, isn't quite true.
Without resorting to some complicated "packet sniffing" on our home network to see what the phone is actually doing I can't be sure. Can anyone point out anything I've missed? Any ideas? Thanks.
"Location" is and always has been disabled on both the phone and the PC. For absolutely everything. If I want to use, say, Maps, I have to allow it for that app, and I then turn it back off again afterwards. Otherwise it's "globally disabled".
I have never allowed Twitter access to my location on either. Twitter doesn't know my address anyway so it has no means of knowing where I am. It couldn't work it out from what I do on there. So it can't pass that information anywhere.
If I click through from a link on Twitter to certain sites, I see adverts and they're personalised for my location in that they're things like "The cost of dental implants in (town name)".
This made me highly suspicious. How is it getting the location? It's specific - town name. Not generic.
It's not the IP address. At least, it shouldn't be. Both devices use the same internet connection here which is routed through a VPN. That is not "homed" here.
I had a look at the URLs. The Twitter links to the articles are short-links. When the actual end URL is shown on the news site (for instance) it does have a parameter at the end indicating "from Twitter".
If I remove just that and reload, the personalised ads vanish. Yet, I don't see how the location could be passed from Twitter. The short URL is surely too short.
If I click through the same link from Twitter to the identical article on my PC, the ads aren't personalised. Exactly as I'd expect.
The "link" is MS Edge. Microsoft browser on Microsoft PC. Synchronised with phone. Did it "leak" from the PC first? Not according to the setting on the PC. And the PC's behaviour is correct.
So neither device is authorised to disclose the location and never has been. It's not the IP. It's not in the HTTP headers.
The sinister behaviour is only on the phone. And when using outbound links from Twitter. But I think it more related to the ads themselves. The ads are served from a content network called Revcontent. Looks like that has a cookie that identifies me and in turn my location.
If I clear cookies on the phone, and "Close All", then open Edge again and reload the page: no personalised ads. OK, think I've found the culprit.
The question is: how did Revcontent get my location? It wasn't from my PC. Was it from the phone when out and about on 4G? No, because "Location" is disabled.
Or, is it really? Can anyone guess what's happening here? My suspicion is that the phone's assertion that "Location" is off, isn't quite true.
Without resorting to some complicated "packet sniffing" on our home network to see what the phone is actually doing I can't be sure. Can anyone point out anything I've missed? Any ideas? Thanks.