Two time zones while using bit vpn

Rock.87
Rock.87 Defender of the month ✭✭✭
edited December 5 in VPN

How did this website detect my VPN usage and determine that my real-world time zone differs from my virtual location's time zone? Is there a way to consistently mask my real-world time zone and only present the time zone associated with my virtual location to this website?

Best Answer

  • Alexandru_BD
    Alexandru_BD admin
    Answer ✓

    I did some research and asked an opinion from the VPN team as well, and I think this is what actually happens:

    The VPN will do so much as to mask your IP address and make it appear that you're browsing from the VPN server's location, however, the browser and system information may still reveal your true timezone. First, I would check if the timezone is still visible using another VPN, so it would be interesting to check if this happens only with Bitdefender's VPN, or while using others as well. I suspect that, since most web browsers report the system's local timezone through javascript, tools like 'browserscan' can retrieve this information directly from your browser, rather than relying on your IP. This is often used for localization purposes but can reveal your actual timezone regardless of the VPN location. Here's the thing: the VPN doesn’t change your system clock or timezone settings. When websites run scripts to check the local time on your device, they detect your original timezone based on your system settings.
    My point is, this doesn't really have to do with the VPN and it's not a privacy breach either. Most probably, you will encounter the same behavior with any VPN you use.

    Furthermore, there's also something called 'browser fingerprinting' and this is a method used by websites to gather various details about your device, browser, and configuration to create a unique identifier. Timezone is one of the data points collected in this process. Now, if you want your timezone to match your VPN’s server location, here are a few steps you can consider:

    • you could use a privacy-focused browser extension, one that can mask or alter your timezone to match your VPN server's location. Extensions like "Trace" or "Chameleon" may help;
    • set your device’s timezone to match the VPN server’s location. This will ensure that javascript-based checks detect the VPN's timezone rather than your local one;
    • browsers like Tor, are designed with privacy in mind and may mask more identifiable information, including timezone.

    Now, these would be my personal recommendations, the ones I can think of right now. There could be other ways.

    I hope this better explains the processes involved there.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

Answers

  • You've made an important discovery here. This is a serious privacy breach occurring. I connected to a USA server via Bitdefender VPN, and here are the results. I am currently based in India.

    Also, as I checked, the issue persists when trying to select the double-hop VPN option as well.

    @Alexandru_BD

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Rock.87
    Rock.87 Defender of the month ✭✭✭
    edited November 13

    if you ll disable java ( as the real location is shown with th e help of java ) the website ll not be able to perform the entire test but ll show the browser's fingerprint authenticity as 100% , don't know that even after disabling java the real location ll be vulnerable or not.

  • @Alexandru_BD, can you check on this?

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Sure, I'll get back to you on this one.

    Premium Security & Bitdefender Endpoint Security Tools user

  • There is a problem somewhere. I installed the Windscribe extension in my Microsoft Edge (Chromium), selected the Switzerland server, but the website was still able to detect my original location.

    Furthermore, there's also something called 'browser fingerprinting' and this is a method used by websites to gather various details about your device, browser, and configuration to create a unique identifier. Timezone is one of the data points collected in this process. Now, if you want your timezone to match your VPN’s server location, here are a few steps you can consider:
    

    Browser fingerprinting collects various details, including timezone, to create a unique identifier. When using a VPN, the timezone may not match the VPN server location if the browser is using cached information or if the VPN connection is not properly established. That being said, if this is the case, then using a VPN is not an effective way to hide your identity, and you should have this checked by the developers.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Alexandru_BD
    Alexandru_BD admin
    edited November 14

    using a VPN is not an effective way to hide your identity - But it doesn't reveal your real IP, does it? And it also encrypts your online traffic. Ok, so browserscan says your timezone is Asia/Calcutta. How does this reveal your real identity, if I may ask? 😄 Now, it may reveal that you are using a VPN, but a lot of sites these days detect a VPN connection, that's no longer a secret. But the actual location and traffic are still anonymous.

    have this checked by the developers - I have already done this and you've read my response above. This is not some kind of feature they can simply add on the VPN, in my opinion. But there are some tweaks you can do so that your timezone is not leaked, should this be a concern. The VPN does its job and your traffic stays private and anonymous while connected, but it doesn't emphasize the timezone. At most, this could be a feature request, should you wish to pursue this further. But if you want my personal opinion, I don't think the timezone is a priority for the VPN, because it doesn't actually reveal anything that may compromise your privacy online.

    Premium Security & Bitdefender Endpoint Security Tools user

  • Thanks for the clarification, @Alexandru_BD. I searched the web and tried various time zone spoofing extensions, but none of them worked. Is there any extension that actually works, or could the developers provide information on the best extension to install for this scenario in the web browser, if you could ask them?

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Rock.87
    Rock.87 Defender of the month ✭✭✭

    chameleon extension worked for me :

    after a little configuration i configured the both time zones , no double time zone alert this time :

    we can change the browser as well but changing the browser ve some important drawbacks:

    i think it ld be better if we could get such security from a single security solution named as Bitdefender instead of replying on other extensions.

  • Rock.87
    Rock.87 Defender of the month ✭✭✭

    Hi there ! thx a lot for your time & attention , really obliged. plz let me know a few things , Can chameleon block/alter browser fingerprinting & device info completely ?

    i would strongly recommend adding features like Chameleon blocks and browser fingerprinting alteration to BitVPN. This is because knowing a user's country can make it easier for hackers to launch targeted attacks, even if the user is using a VPN. By masking these details, BitVPN can make it significantly harder for hackers to identify and exploit vulnerabilities specific to a particular region.
    Knowing your country can make it easier for a hacker to target you, even if you're using a VPN and masking your location. Here's why:

    1. Targeted Attacks: Hackers can tailor their attacks to exploit vulnerabilities specific to your country's infrastructure, laws, or common user practices.
    2. Social Engineering: Hackers can use social engineering techniques that are more likely to succeed if they know your cultural context, language, and current events.
    3. Legal Hurdles: If a hacker is located in a different country, knowing your location can help them understand the legal risks they face and adjust their tactics accordingly.

  • Yes, extensions like Trace or Chameleon may help adjust your browser's timezone, like you noticed. Based on my findings (and these should be thoroughly checked with the actual extension provider), Chameleon is designed to mitigate browser fingerprinting by modifying or randomizing certain browser characteristics, but it cannot block or alter fingerprinting completely. By the looks of it, this extension can spoof or randomize many browser characteristics that are commonly used in fingerprinting, such as user-agent string, timezone, even screen resolution, language settings, platform and OS information, etc. The information available online shows that it actively blocks or modifies requests made by scripts known to perform fingerprinting, such as those from trackers or certain analytics services, and the extension disables or restricts access to features that are often exploited for fingerprinting, like WebRTC (used to detect local IPs), WebGL, and canvas elements (used to generate unique hashes). It appears that Chameleon can randomly change details at intervals, making it harder for trackers to generate a consistent fingerprint.

    However, my understanding is that there are certain limitations to what it can do, and it cannot prevent all fingerprinting, because some aspects of this rely on data that is difficult to hide without breaking browser functionality, so there are some drawbacks, like you already noticed. I can draw the conclusion that Chameleon helps improve privacy, but it doesn’t make you entirely anonymous. But combining it with tools like VPNs, Tor, or privacy-respecting browsers helps ensure greater anonymity, in my opinion. Pairing it with privacy-focused tools like uBlock Origin or Privacy Badger can help block additional trackers.

    I would strongly recommend adding features like Chameleon blocks and browser fingerprinting alteration to Bitdefender VPN - I'm not sure if this is something the developers would be interested in, especially since it can have some drawbacks on the browser functionality and to be honest, I haven't heard of an extension that can completely block all fingerprinting methods. I think that privacy can be enhanced by using a combination of tools and careful browsing habits, because there isn't really a 'one-size-fits-all' solution here..

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • Rock.87
    Rock.87 Defender of the month ✭✭✭

    @Alexandru_BD thx for the favor ''

    I would strongly recommend adding features like Chameleon blocks and browser fingerprinting alteration to Bitdefender VPN

    i am going to make a new recommendation about this. plz check and vote if u like.. need your help to forward it too.

  • @Rock.87, just a piece of information: @Alexandru_BD cannot do anything related to introducing or upgrading features in the Bitdefender product. This responsibility lies entirely with the development team, who evaluate the feature's worthiness for implementation based on their perspective (not necessarily from the user’s perspective).

    The best approach here would be to contact Bitdefender support. They will provide you with a ticket ID and keep you updated in real time regarding the developers’ decision on whether they plan to introduce this feature in the Bitdefender product.

    This way, you will have a record of all your conversations with Bitdefender support via the ticket ID, which you can use for further communication with them.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • To add here, the developers always analyze feature requests based on many criteria and some will not be implemented even if they may have low complexity, as long as they do not provide value for a relevant mass of users. The priority is to develop new things that bring additional benefits and protection for all users, as the threat landscape evolves. And to correct @Flexx a bit here as well, they do analyze all suggestions they receive from both perspectives. You can't really expect to deliver a positive user experience if you don't put yourself in the customer's shoes. It's just that the perspectives may be different in some cases, but I think they do overlap.

    I think that as a developer, you look at how you can improve the product and services in an efficient way and take into account the development time, resources, vulnerabilities that can arise, available technology, compatibilities, etc. plus the actual value that the feature or service delivers at the end of the day. On the other hand, one must see with the users' eyes as well. All new developments must meet certain requirements and pass rigorous testing, be user friendly, easy to understand and bring considerable benefit to the majority of users, from less experienced to tech savvy.

    Premium Security & Bitdefender Endpoint Security Tools user

This discussion has been closed.