You mentioned bwrap (bubblewrap), how would you isolate the timezone to
display something different then the system time for an application such
as a browser? Would it require root or could it be ran without root?
On 8/30/25 21:53, Satoshi via Tails-dev wrote:
> Hello Tails devs,
>
> Regarding VPN browser proposal on gitlab:
>
> https://gitlab.tails.boum.org/tails/tails/-/issues/19465 <https://
> gitlab.tails.boum.org/tails/tails/-/issues/19465>
>
> One key thing that is being common with blocking VPN's, triggering
> captcha's, and browser fingerprinting is when the IP of the VPN doesn't
> match the javascript get timezone (via new Date().getTimezoneOffset() or
> Intl.DateTimeFormat().resolvedOptions().timeZone).
>
> I have tested this outside of Tor/VPN be simply changing my system
> timezone and simply browsing websites which equaled more capatchas or
> annoyances triggered.
>
> Because VPN already routes all traffic through the VPN, the only
> remaining “leak” is the local timezone offset that many sites read via
> JavaScript (Date.getTimezoneOffset()). Isolating the timezone eliminates
> that and can be done via bwrap I'm pretty sure.
>
> You could ping something to get the string `TZ_NAME=$(curl -s https://
> ipapi.co/timezone <https://ipapi.co/timezone>)` but I feel that
> increases attack surface and it looks like to geo-ip data base packages
> are already included so you could do it locally?
>
> libgeocode-glib-2.0 and tor-geoipdb
>
> If the lookup fails (e.g., the IP isn’t in the DB), could fall back to a
> default you choose Etc/UTC but you would need an overlay that interacts
> with this for bwrap
>
> I don't think it would be worth messing with changing the local system
> timezone for the VPN with the browser but simply isolate separate
> timezone so the browser thinks the local machine time matches that of
> the VPN.
>
> Thanks,
> Nakamoto
>
> _______________________________________________
> Tails-dev mailing list
> Tails-dev@???
> https://www.autistici.org/mailman/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to Tails-dev-unsubscribe@???.
--
Blessings,
- James M.
