A new Google Chrome browser extension called Vytal prevents webpages from using programming APIs to find your geographic location leaked, even when using a VPN.
Many people use VPNs to hide their location or connect from another country while browsing the web. People do this for bypassing censorship, geographic blocks, or simply having additional privacy on the Internet.
Intl.DateTimeFormat().resolvedOptions() method can be used to retrieve a website visitor’s timezone.
Date().toLocaleString() can be used to return the visitor’s local time.
Using this information, a website can determine what country, or at least geographic region, a visitor is from and continue blocking content even if they are using a VPN.
Vytal uses the chrome.debugger API, which the developer believes makes the use of the extension undetectable by websites. This will spoof the data during the initial loading of webpages as well as in iframes and web workers.
Vytal Chrome Extension
Vytal has two shortcomings that users need to be aware of .Chromium-based browsers display a “started debugging this browser” message at the top when extensions are active that use the debugging API. The notification is displayed at the top in the browser when Vytal is being used.
Chrome and other Chromium-based browsers support the command line switch –silent-debugger-extension-api, which suppresses the message in the browser.
While this extension should work on all Chromium browsers, including Brave Browser.
However this extension cannot be ported to Mozilla Firefox as the browser does not support the debugger API.
z0ccc told Bleeping Computer that the extension was initially created to prevent their location data from being leaked when using a VPN.
on adding additional features to the extension to make it easier to use, including an allowed list of websites you commonly visit and should not receive spoofed data.