p.enthalabs

GeoSpoof - Your VPN hides your IP but your browser gives you away

Anthony Sgro just open-sourced something every VPN user should have on hand. It's an extension for Safari, Chrome and Firefox (and not Fail-Fox, sorry) called **GeoSpoof**, and it starts from a pretty obvious observation that most people don't know about.

See, your VPN does a fine job of masking your real IP address (when properly configured, anyway), great, cool, but your browser just keeps quietly spilling everything to websites - including where you actually are.

!Image 1

_Don't come to my place, that's not my address..._

And it has a thousand ways to do it. There's the geolocation API that blurts out your GPS coordinates if you allow it, but more importantly there's all the rest, way more sneaky stuff - like your timezone, for example. You're connected to a VPN server in New York but your browser replies `Europe/Paris` when a script asks for the time, and bam, the site figures out in a millisecond that you're bluffing. Same deal with the `Intl.DateTimeFormat` object, with the system `Date`, with WebRTC which loves leaking your real local IP.

You can have the best VPN in the world - if all those signals are pointing back home while your IP says otherwise, you're actually more traceable than someone without a VPN. That's exactly what a VPN doesn't do[FR] on its own, and that's why your Youtube Premium, Netflix, or Disney+ subscription bought for 30 cents in Turkey or wherever ends up getting flagged.

!Image 2

GeoSpoof plugs that hole by directly rewiring these APIs in the browser to return fake data. The extension injects itself right at the start of page loading, before the site's JavaScript has had a chance to run - and then when a script asks for your location, your time or your timezone, it gets back the location YOU chose, and everything is consistent. Geolocation, timezone, dates, WebRTC - it all tells the same story, and there's no contradictory signal poking through.

!Image 3

The mode I find most useful in GeoSpoof is mainly the automatic VPN sync. The extension detects your VPN's exit IP and automatically aligns your browser location to match it. If you switch servers and go from Tokyo to Montreal, it resynchronizes on its own without you having to touch a thing.

Otherwise you can also do it manually - search for a specific city or type in your coordinates directly. To verify it actually works, the author even built a test page at geospoof.com/verify , and the extension passes classic fingerprinting tools like CreepJS or BrowserLeaks.

A small detail that shows the care put into the work: the overrides are disguised to respond `[native code]` when a script tries to check whether they've been tampered with. Hehe, clever!

Where Anthony Sgro is honest is that he's not selling you total invisibility. It's stated in the docs that GeoSpoof does NOT change your IP. Without a VPN behind it, your address still points back home, and the benefit will remain limited against sites that cross-reference the IP.

It also doesn't bypass server-side detection - your account history or payment method will still give you away. And the most aggressive mode, which goes through Chrome's debug protocol to lock the timezone all the way into workers, remains detectable by tools specifically looking for that kind of tampering. It's simply a consistency tool to use alongside the best VPN you've subscribed to ^^.

It runs on Firefox, Chrome, Brave, Edge and even Safari on iOS and macOS via the App Store. Everything is under the MIT license, and there's no tracking or data collection inside. It's rare to see an extension with such a high level of polish - kudos again to Anthony!!

And if you're already tinkering with your privacy using something like Fingerprint Defender[FR] , GeoSpoof will round out the picture perfectly on the location side of things.

Bottom line: a VPN without this is like an armored door with a wide-open window right next to it. Go check it out, it takes 2 minutes to install!

This article was originally written in French and automatically translated. Read the original.

This article may contain AI-generated images. I take great care with every article, but if you spot a slip-up, let me know!