I use a VPN and/or Tor to do the majority of my websurfing/streaming/torrenting. Some programs (notably web browsers) can read your local system time to access your timezone. And, I happen to live in… let’s just say a very “narrow” timezone, my country of origin can be trivially pinpointed if you take a look at the UTC offset.
I know Firefox has a setting to spoof my timezone to UTC, but chromium browsers do not have that option (at least no option i could find after a fairly extensive search), and I don’t even know whether any of the other programs I’ve installed are reading my timezone, such as, for example, my matrix client.
So, the solution I came up with: Do a timedatectl set-timezone UTC on the device. I can separately make my desktop clock do a little timezone conversion so no worries about time disorientation. This fixes the issue with most apps not allowing timezone spoofing too.
Honestly, now that I’ve typed all that^^ out, this is beginning to sound like an unnecessary schizo post that goes WAY beyond my threat model XD. Still, I’d love to hear anyone else’s thoughts on it. Ideas to improve upon it are appreciated too.
I’m reasonably sure there’s an option in librewolf that will hide your timezone and just report it as +0, independent from what you actually use is the os.
It has a lot of fingerprint hardening either enabled by default or available as an option.
No, don’t do that. Some browsers check if your timezone is in check and if not then they refuse to load HTTPS webpages.
But if you’re setting the time to UTC and your time zone to UTC, your time is still accurate. I assumed that was what OP was talking about doing, not just “leave the time as my time but change the time zone.”
Not the browsers fault, but the certificates for transport encryption (like https) don’t match with a wrong system time.
Huh- I haven’t experienced any connection problems (yet)
I think there is a line to be drawn between what is theoretically better and what is meaningfully useful.
It is realistically not useful information for an attacker to know what country you are from by observing your UTC offset. It’s simply much easier to guess this information by observing your other behaviours. For example, the text and time of your post is already leading me to guess UTC+5:30 as the time zone in question. But again, knowing what country you’re from is not really useful information most of the time, as even if my guess is correct, that narrows it down to a whopping one-eighth of the human population.
Heh, I wish it was +5:30
It’s UTC +5:45, and my country’s the only one using it. That’s ~30 million people. My main fear is not being pinpointed to my personal identity, but the fact that this serves as a perfect fingerprint metric, rare enough to stick out like a sore thumb.
(felt safe enough to reveal, as i do not expect this account to be tied back to me personally)
Fingerprinting is a very difficult topic. A lot on how their algorithms and tech actually works is obfuscated and hidden from the people’s eye. I will be totally honest with you, I don’t think changing ur timezone will gian you much benefit, it might even make you stick out more since it doesn’t correlate with other information like your IP address, preferred language, etc.
There has been a browser extension that set ur browser values to match the IP address region, but it’s now history sadly.
Overall, I think if cchanging your timezone will benefit or harm you, comes down to very specific adversaries.
I don’t changed my timezone but sometimes I will set local time to a country south of me. Same time but appears as a different location.
I use ungoogled Chromium, with chrome://flags
Handling of extension MIME type requests
Used when deciding how to handle a request for a CRX or User Script MIME type. ungoogled-chromium flag. – Mac, Windows, Linux, ChromeOS, Android
extension-mime-request-handling
Always prompt for install
Disable search engine collection
Prevents search engines from being added automatically. ungoogled-chromium flag. – Mac, Windows, Linux, ChromeOS, Android
disable-search-engine-collection
Enabled
Force punycode hostnames
Force punycode in hostnames instead of Unicode when displaying Internationalized Domain Names (IDNs). ungoogled-chromium flag. – Mac, Windows, Linux, ChromeOS, Android
Enabled
Popups to tabs
Makes popups open in new tabs. ungoogled-chromium flag – Mac, Windows, Linux, ChromeOS, Android
Enabled
Reduced System Info
Reduces the amount of system information obatainable through headers and javascript, also causes hardwareConcurrency to respond with two cores. ungoogled-chromium flag. – Mac, Windows, Linux, ChromeOS, Android
Enabled
ClipboardChangeEvent
Enables the
clipboardchangeevent API. See: (link broken) – Mac, Windows, Linux, ChromeOS, AndroidDisabled
Edit: looks like Voyager only allows for https links?
If you care about privacy why would you use chromium which shipped manifest v3?
UGo Chromium is my second browser, for crap i would like to avoid because it errors out on my slightly hardened policies.json.
You should check your browser fingerprint first. Anything privacy-focused likely already reports your timezone as UTC. I believe that Mullvad, LibreWolf, and Brave all do that.
And it’s not unnecessary at all. In fact, I’ve had to set my time zone to other countries where my VPN is set in order to use some sites, and set streaming device time zones to the US to not get dinged as using a VPN. This isn’t unreasonable at all.
Keep your net-using apps in a container/vm with UTC?
Or, like you said, set your system to UTC and change your clock app to calculate the correct time but you may encounter weird issues. A lot of stuff relies on accurate time.I use UTC+0 because I don’t like the ideas of timezones and DST.
