Home » Garmin talk

GPX files security notice

 
Tue, 03/18/2025 - 10:48am

For some time now, the GPX files I download from POI Factory gives a security message of not safe to save. I contacted Jon about this and thought I should pass this info on to other members . Past years I don't remember getting this security message. My browser is Brave.

"This sounds like this is the the "Insecure download blocked" warning message that Chrome, Brave, and other chromium-based web browsers show for .GPX (and certain other file types) when they're downloaded using http."

The warning shows for all .GPX files (but not for .CSV files).

Checking the downloaded files using the malware scanners at VirusTotal.com shows "Undetected".

Howard Johnsons.gpx
https://www.virustotal.com/gui/file/8eb28d8da49145ed20d12e08...
Places to visit.gpx
https://www.virustotal.com/gui/file/7437ef19b7a08bf115fdea38...

So, the files appear to be okay. But the web browser is warning that it's theoretically possible for an attacker to tamper with the files before they arrive at your computer.

‹ GTM60 with Garmin Drivesmart 66 (or any newer device with USB C) Lost Junction Views - Confirm A Hypothesis ›
--
Charlie. Nuvi 265 WT and Nuvi 2597 LMT. MapFactor Navigator - Offline Maps & GPS.
Thu, 04/10/2025 - 9:32am

No Warnings for Me

I am using Firefox browser and I have not seen this warning for GPX files ever (that I can recall).

I only just downloaded Travelodge.gpx a few minutes ago, and received no warning.

Could it be the level of security that is being used in the browser settings?

I tend to have my settings on "Strict", and I block as much as I can get away with and still have a site workable.

Thu, 04/10/2025 - 6:06pm

GPX filees

Using the Brave Browser set for standard security. I resolved the problem by deleting my GPX files and replacing them with CSV. I convert a few files to build the alert distance into a GPX file by converting them from CSV to GPX . No problems then when saving them .

Brave Browser known to block a lot of trackers ads and etc. Suppose to be one of the fastest and safest browsers out there. Have used it for years. https://brave.com/download/

--
Charlie. Nuvi 265 WT and Nuvi 2597 LMT. MapFactor Navigator - Offline Maps & GPS.
Fri, 04/11/2025 - 4:43pm

Another means of resolving the problem

charlesd45 wrote:

I resolved the problem by deleting my GPX files and replacing them with CSV.

Another method to fix the problem is for Jon to upgrade the site to https. Something that honestly should have been done years ago.

--
"Anyone who is capable of getting themselves made President should on no account be allowed to do the job." --Douglas Adams
Fri, 04/11/2025 - 5:22pm

The problem is not with the

The problem is not with the files but rather how they're being served, or not served. This site only uses https for login credentials, everything else is sent via unencrypted transport. This was fine in 2000, but not so today.

Not sure what web server software is handling the back end, but it's easy enough to implement free https using lets encrypt certs. Even I, as a novice do this on my own servers. For local servers (content never leaving my own network) i'll use self signed certs, but for internet facing stuff, it has to be a legit cert (ie mail server).

Sat, 04/12/2025 - 5:48am

I had alerted folks here a

I had alerted folks here a year ago when I access this site from iPhone Safari would always deem the site: Not Secure..
As I type this on iPhone.. right above the keyboard on screen it is saying:
Not Secure — poi-factory.com

Agree—It’s possibly Not HTTPS

--
A 2689LMT in both our cars that we love...