VPN up, geolocation leaked

[ParaplegicRacehorse]

Description

GeoLocation leaked when operating behind a VPN.

Steps to Reproduce

1. Start ProtonVPN and select a country 10 time-zones different from my actual geolocation for exit node.
2. Start Brave browser. Configure to universally block geolocation sharing.
3. Visit a site known to geoblock my country.
4. Note that I am blocked and, further, the site correctly identified my country.

Expected result:

1. Start ProtonVPN and select country 10 time-zones different from my actual geolocation for exit node.
2. Start Brave browser. Configure to universally block geolocation sharing.
3. Visit a site known to geoblock my country.
4. Pleasantly interact with visited website.

Reproduces how often:

Easily reproduced, though not universally reproducible. Reproducible with all proxies and all VPNs I tested under.

Brave version (brave://version info)

Brave: 1.60.118 Chromium: 119.0.6045.163 (Official Build) unknown (64-bit) Revision: b0599b790dbdfe28428202afe2b54758a044ccfc OS: Linux JavaScript: V8 11.9.169.6 Package Format: Flatpak; source: Flathub

Version/Channel Information:

This is reproducible with current stable release, linux flatpak from flathub. I did not attempt with unstable or nightly.

Other Additional Information:

• Is the issue reproducible on the latest version of Chrome? Unknown, I don't Google Chrome. This is also reproducible with same reliability with Firefox v119.

[fmarier]

Since this also affects Firefox and many VPN products, I wonder whether the site is looking at other signs than just the IP address. You could try the following (if you want to appear US-based):

• Create a fresh browser profile (no cookies, cache, etc.)
• Set your IP address to USA using your VPN
• Set your language to US English
• Set your timezone to America/NewYork

[fmarier]

Another thing to check: what do you have the -WebRTC IP handling policy set to in brave://settings/privacy?

The value that's guaranteed not to leak any of your IP addresses is Disable non-proxied UDP.

[ParaplegicRacehorse]

The value that's guaranteed not to leak any of your IP addresses is Disable non-proxied UDP.

Just tried this. Sadly, it failed.

I begin to wonder if the problem is an extension? I don't know how to test for this, though, except to disable extensions. Since the site(s) I'm particularly interested in accessing are web3 and the extension(s) in question are wallets, disabling them would defeat the purpose.

[fmarier]

I begin to wonder if the problem is an extension?

That's also a possibility. Extensions can do a lot of things in the browser.

Maybe you could try disabling all of your extensions instead of the one that is required for the web3 connection?

[bsclifton]

Interesting - I've only seen this happen on Windows (which has a problem with Smart Multi-homed Name Resolution)

A good test page is https://dnsleaktest.com/

@ParaplegicRacehorse did you have an update if disabling extensions did anything? Also curious if you have any proxy settings setup? Something you might try - visit brave://settings/security and enable secure DNS. Basically make sure you're using DNS over HTTPS.

Let us know please. Thanks!

[mattmcalister]

Closing this issue, though please re-open if you're still seeing this issue. Thanks!