Hello Tails devs,
Regarding VPN browser proposal on gitlab:
https://gitlab.tails.boum.org/tails/tails/-/issues/19465
One key thing that is being common with blocking VPN's, triggering captcha's,
and browser fingerprinting is when the IP of the VPN doesn't match the
javascript get timezone (via new Date().getTimezoneOffset() or
Intl.DateTimeFormat().resolvedOptions().timeZone).
I have tested this outside of Tor/VPN be simply changing my system timezone and
simply browsing websites which equaled more capatchas or annoyances triggered.
Because VPN already routes all traffic through the VPN, the only remaining
“leak” is the local timezone offset that many sites read via JavaScript
(Date.getTimezoneOffset()). Isolating the timezone eliminates that and can be
done via bwrap I'm pretty sure.
You could ping something to get the string `TZ_NAME=$(curl -s
https://ipapi.co/timezone)` but I feel that increases attack surface and it
looks like to geo-ip data base packages are already included so you could do it
locally?
libgeocode-glib-2.0 and tor-geoipdb
If the lookup fails (e.g., the IP isn’t in the DB), could fall back to a
default you choose Etc/UTC but you would need an overlay that interacts with
this for bwrap
I don't think it would be worth messing with changing the local system timezone
for the VPN with the browser but simply isolate separate timezone so the
browser thinks the local machine time matches that of the VPN.
Thanks,
Nakamoto
_______________________________________________
Tails-dev mailing list
[email protected]
https://www.autistici.org/mailman/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
[email protected].
