Hello everyone. I am concerned about ProtonVPN services and using VPN in general for surfing the web. It seems everyone is using VPN these days and it seems they are using it to hide their IP address and Geo-location. The VPN masks the IP but there seems to be a serious false sense of security when using a VPN and you may ask why is that. SO…When you surf the web while using a VPN, your IP is masked BUT you Geo-location isn’t. This is a problem. I’d like to ask ProtonVPN users and owners how we can mitigate this flaw?
Here is an example:
I am connected to ProtonVPN on a “DENVER Server” via secure core. I’m going through 2 of ProtonVPN’s servers via the secure core. BUT… look at this… though the magic of fingerprinting…
TIME ZONE
America/MY_REAL_CITY_HERE
Now you may ask yourself HOW CAN THIS BE?? I am connected through ProtonVPN Secure Core and my local city I reside in is showing up via browser fingerprint. Now you can see “YOU ARE NOT fully anonymous” using a VPN. Unfortunately your operating system overrides the VPN Geo-location and your are identified in the city you live in. NOT GOOD!!!
Besides using an insecure browser extension to change your Geo-location there really is no other way to hide your TIME ZONE/GEO unless you change it in the operating system
Your browser is the problem. You can be fingerprinted with EASE while using a VPN.
This is a problem.
Anyone have any comments or suggestions to remedy this insecurity while using VPN to surf the web? TOR does not block this. Incognito/Private Mode does not block this.
The solution is to change your operating system timezone to UTC.
Via Linux commands:# cat /etc/timezone# sudo dpkg-reconfigure tzdata
scroll to the bottom of the Continents list and select Etc or None of the above; in the second list, select UTC. If you prefer GMT instead of UTC, it’s just above UTC in that list.
sudo timedatectl set-timezone UTC (Will change your timezone to UTC system wide.)
Run these command to confirm the change:
# timedatectl status
# cat /etc/timezone
Go check https://www.deviceinfo.me/ to confirm that the headers/fingerprinting can no longer see your DATE & TIME via local operating system time zone.
Date & Time: System (Live):
Mon, Sep 25, 2023, 03:26:19 (UTC+00:00) (DST: No) System Time Zone:
Unknown. Detection blocked by browser setting(s)/extension(s). Local (Live):
Sun, Sep 24, 2023, 20:26:19 (UTC-07:00 PDT) (DST: Yes)
Local Time Zone:
America/Los_Angeles ← protonvpn timezone
Yes, no VPN blocks this as it’s your browser willingly sharing that information. TOR does in fact prevent this, by assigning a consistent fake value.
With Firefox, enable strict tracking protection in the settings, and in about:config set privacy.resistFingerprinting to true (setting the timezone as GMT). You can’t do similar in Chrome.
Browser: Brave / Chromium version 117.0.0.0 (Engine: Blink)
TrueBrowser Core: Brave / Chromium
IP Address (WAN): 0.x.0.x (IPv4) (Default)
2xx1:9xx:xx00:xx7::2 (IPv6) (Fallback) Tor IP Address: Yes
VPN IP Address: Not detected
Location:
Country: France (FR)
Region: Unknown. Could not detect.
City: Unknown. Could not detect.
Latitude & Longitude: 48.85820, 2.33870
Date & Time:
System (Live): Sun, Sep 24, 2023, 20:22:58 (UTC-04:00 EDT) (DST: Yes) System Time Zone: America/New_York
Local (Live):
Mon, Sep 25, 2023, 02:22:58 (UTC+02:00 CEST) (DST: Yes)
Local Time Zone: Europe/Paris
I am connected via ProtonVPN Secure Core, and now going through TOR via BRAVE browser and it STILL showing local time zone. The Brave Browser is giving up this information local Geo-location via the OS. Is there a way for Brave to ignore local time or can I edit it to UTC. Thanks
The Tor Browser is the only browser with potential to reliably protect against browser fingerprinting. Any other browser is much weaker, making the Tor Browser the only viable choice if that’s important to you.
Note that VPN and Tor Network are not browsers. They are how you connect to the Internet and their uses are making this connection more secure, private and/or anonymous in different ways. Browsers are one way to make these connections to the internet, and they come with their own problems, vulnerabilities and identifiers. Just because you’re connected over a VPN or Tor, your browser won’t necessarily be secure or private. The Tor Browser unites both a connection over Tor and a browser designed to resist fingerprinting to give you as good a shot at anonymity as you’re gonna get.
This hasn’t anything to do with VPN but everything to do with browser fingerprinting. Perhaps try mullvad-browser or running in firefox with jShelter extension to remove the fingerprinting. mullvad-browser lies about some fingerprinting stuff including timezone and varies its responses as I understand it.
Dawg ofc it does ur going via brave there is a dedicated onion browser for a reason and brave clearly states that it is not as secure to go thru brave to reach the onion network and if your privacy truly matters u should use the dedicated onion browser