We have gotten Firefox fingerprinting about as tight as possible for a web extension that spoofs your location. Most practical methods to detect lies in the browser are patched (to my knowledge).
That being said, Firefox does expose a couple of niche OS-level apis that do expose your system date/time, including Web Workers. There is nothing any extension can do about this. Realistically, the vast majority of trackers and websites are not using these to determine your timezone. However, it IS possible, therefore I cannot recommend this extension for those with extreme threat models. If you are worrying about this, you should be using TOR or Mullvad instead.
One workaround for the above is to set your system OS date time to the GeoSpoof timezone. This actually completely passes the Arkenfox fingerprinting test suite here: TZP
Otherwise, this is about as good as you can spoof location data on Firefox, Chrome, etc.
Thanks for the response, but it still doesn’t work. I really can’t figure this out. At the end of the day, is it an important feature?
So let me tell you my setup at the moment. I’m wondering if GeoSpoof is making a difference or not. My Android phone is connected to a router using a VPN. On my Android, I’m using another VPN app, so I’m effectively getting a multi-hop with two different providers. The VPN app can also enable mock GPS, which I have enabled. It gets the GPS location to the VPN location. Finally, I’m using your extension with Firefox. I have location and WebRTC protections enabled. The sync with VPN still doesn’t work for me. Instead, I searched up the city of the VPN that my router is using. I know it sounds confusing, but is the obfuscation likely to work?
Your setup sounds solid and your workaround is correct. Manually setting the city to your router VPN’s location is exactly what VPN Sync would have done automatically. The browser-level spoofing should be working fine.
VPN Sync failing in a multi-hop setup may be a limitation, I haven’t checked that scenario. To help debug, can you share your VPN provider so I can try to replicate this? If you want to help me diagnose the VPN Sync issue, here’s what to do:
Enable debug logging: Open the GeoSpoof popup → Details tab → Advanced → enable Debug Logging and set verbosity to Debug
Open the extension inspector: Go to about:debugging in Firefox → This Firefox → find GeoSpoof → click Inspect
Capture logs In the inspector: go to the Console tab and clear it. Then click “Sync Now” in the popup. Copy and paste all the log entries.
Capture network requests: Still in the inspector, switch to the Network tab and clear it. Click “Sync Now” again. Right-click any request → Save All As HAR to export the network log.
That’s awesome! How did you make this work for iOS? I thought iOS was too locked down to make this work?! What about Brave or any other browsers on iOS?
I’ll get back to you this week; I have more time this weekend. I’m wondering if all this obfuscation will make a difference, or if I should simplify things? It sounds like I’m not missing a whole lot without being able to sync, which is good news.
Are you going to make this compatible with Brave on desktop and Android?
Will all Firefox-based browsers, including IronFox and Waterfox, be compatible?
I see that it’s also available on macOS, too? Is it possible for you to make it available for download outside the App Store? On my Mac, I refuse to sign in and use the App Store.
Unfortunately no way that I know of. You can only install Safari extensions through the App Store. I can do a bit of research to try to find a way around that but I’m not very hopeful
Oh wow. I hope there is a workaround. Really hate how I have to sign in to everything with an account these days. All of this surveillance is annoying!
I have been working on patching Web Worker timezone leaks, and made some significant progress in the most recent version of GeoSpoof (1.19.1). More updates to come
You can test your browser running GeoSpoof on my new experimental test suite: Verify your protection | GeoSpoof (disclaimer: may have bugs, still in progress).
