Hello Tails devs,
Regarding VPN browser proposal on gitlab:
https://gitlab.tails.boum.org/tails/tails/-/issues/19465
One key thing that is being common with blocking VPN's, triggering captcha's, and browser fingerprinting is when the IP of the VPN doesn't match the javascript get timezone (via new Date().getTimezoneOffset() or Intl.DateTimeFormat().resolvedOptions().timeZone).
I have tested this outside of Tor/VPN be simply changing my system timezone and simply browsing websites which equaled more capatchas or annoyances triggered.
Because VPN already routes all traffic through the VPN, the only remaining “leak” is the local timezone offset that many sites read via JavaScript (Date.getTimezoneOffset()). Isolating the timezone eliminates that and can be done via bwrap I'm pretty sure.
You could ping something to get the string `TZ_NAME=$(curl -s
https://ipapi.co/timezone)` but I feel that increases attack surface and it looks like to geo-ip data base packages are already included so you could do it locally?
libgeocode-glib-2.0 and tor-geoipdb
If the lookup fails (e.g., the IP isn’t in the DB), could fall back to a default you choose Etc/UTC but you would need an overlay that interacts with this for bwrap
I don't think it would be worth messing with changing the local system timezone for the VPN with the browser but simply isolate separate timezone so the browser thinks the local machine time matches that of the VPN.
Thanks,
Nakamoto
