Match timezone/locale to user's VPN server location OR spoof and randomize timezone/locale to enhance privacy

tathastu871 commented 1 year ago

@brave-dev

Description

Brave Browser Does Not Spoof The Timezone and Locale of browser. This result in privacy Leak. As Brave is a privacy focused browser. It need to be solved

Steps to reproduce

Go to https://browserleaks.com/javascript
It will Leak The Timezone and locale.
Even if i have Vpn in US/New York -> Brave leaks the timezone to Asia/India My actual Timezone. It thus reveals my National Location.

Actual result

Screenshot_20230418-224905_Brave

Screenshot_20230418-224900_Brave

Expected result

SOLUTION: Spoof The TimeZone And Locale And USER-AGENT And PLATFORM

How to Do That POC: KIWI BROWSER ANDROID PLATFORM ASIA/CALCUTA TIMEZONE SPOOFING **EXTENSION https://chrome.google.com/webstore/detail/spoof-timezone/kcabmhnajflfolhelachlflngdbfhboe?hl=en

https://chrome.google.com/webstore/detail/vytal-spoof-timezone-geol/ncbknoohfjmcfneopnfkapmkblaenokb**

After Installing The Above Extension, Timezone, Platform, locale, USER AGENT Are Spoofed

Eg: My Android Device Is spoofed as IPHONE, MY ASIA TIMEZONE is spoofed as USA, also USER AGENT SPOOFED

Screenshot_20230419-005530_Kiwi Browser

Screenshot_20230419-005533_Kiwi Browser

Screenshot_20230418-234506_Kiwi Browser

Screenshot_20230418-234532_Kiwi Browser

20230418_235616

All User-Agent, Locale, Calender, Timezone, Platfom are spoofed using extension on ANDROID KIWI APP WITHOUT DISABLING THE JAVASCRIPT

Issue reproduces how often

Version/Channel Information:

Can you reproduce this issue with the current Play Store version? YES
Can you reproduce this issue with the current Play Store Beta version? YES
Can you reproduce this issue with the current Play Store Nightly version? YES

Device details

Install type (ARM, x86): ARM
Device type (Phone, Tablet, Phablet): PHONE
Android version: 10

Brave version

LATEST

Website problems only

Does the issue resolve itself when disabling Brave Shields?
Does the issue resolve itself when disabling Brave Rewards?
Is the issue reproducible on the latest version of Chrome?

Additional information

olologin commented 1 year ago

Duplicate of https://github.com/brave/brave-browser/issues/8574 I think.

ShivanKaul commented 1 year ago

This is a feature request, not a bug. Basically, spoof the timezone and locale if the user is on a VPN. @bsclifton could we do this if the user is on Brave VPN i.e. use the chosen VPN server's location to report the timezone/locale

tathastu871 commented 1 year ago

This is a feature request, not a bug. Basically, spoof the timezone and locale if the user is on a VPN. @bsclifton could we do this if the user is on Brave VPN i.e. use the chosen VPN server's location to report the timezone/locale

Randomize them i have given examples. I randomized spoofed the timezone/locale related fingerprinting on kiwi android browser using chrome extensions and tested them through browserleaks testing. And they were success

This will enhance the privacy websites and trackers wont be able to know location. (Location are also important factor that marketting companies using to commercialized their products depending on which region users has searched more for products)

brave / brave-browser