Puffin requires the permission to access GPS location

Some Puffin users are angry with the recent change that Puffin requires the permission to access GPS location. Here are the reasons for the change.

(1) The current app permission is not designed for web browsers. Being “a generic app to access all websites”, the web browser is “more like the OS than an app”.

(2) If you search “Starbucks near me” on Google, web browsers will ask the GPS location for the Google search. Once the permission is granted “explicitly” for Google to access GPS location, it is granted “implicitly” to all websites to access GPS location.

(3) Most users grant GPS permission to web browsers “sooner or later” for legit websites without knowing the same permission is granted to illegit websites, too. If you use web browsers, you can’t count on not granting the GPS permission. We want to inform all users of the ugly truth.

(4) We did not realize that Jack Nicholson’s “You can’t handle the truth” in the movie is true in real life. Some users, mostly not aware the whole truth, can’t handle the truth. To be fair, Puffin can handle the ugly truth better by adding another layer of permission based on the domain names of the websites. Nevertheless, it still requires Puffin to have GPS permission from the OS.

(5) This section is very technical. It is intended for the web experts. Puffin is a unique web browser, and Puffin needs GPS location more than other web browsers. For all websites, the source IP can be used to deduce the approximate location. For Puffin, the source IP is our server IP and the location is at our data center. Even though Puffin provides the true source IP in the XFF header, most websites ignores the XFF header. Nevertheless, they do use JavaScript to ask for GPS location. With GPS location, websites can serve users accurately, e.g., for geo-restricted contents. As far as Puffin is concerned, we have the true source IP and we know the user location pretty well without GPS location, .e.g., for law-enforcement subpoenas.