Original post here.
Note that this demo is specific to Firefox on Windows, and may not work as expected on other systems or in non-standard screen configurations (dpi, etc); these factors could be accounted for, though. In principle, all browsers supporting the geolocation API seem to be vulnerable.
This proof-of-concept is non-disruptive, and if successful, will not send your data anywhere. Complain to <email@example.com> as appropriate.