The new Vytal extension for Google Chrome will prevent web pages from using the API to discover the geographic location of users, which can be done even with a VPN enabled.
Bleeping Computer journalists talked about the new Vytal extension, aimed at improving the security and privacy of users. The publication notes that usually, wanting to hide their location, people use a VPN, but this only helps to hide the IP address of the device, while the physical location of the user can still be determined in a number of ways.
To combat this problem, a developer known as z0ccc created a Vytal extension for Google Chrome and shared his project with Hacker News users, asking them to rate the extension.
“Vytal can fake your timezone, locale, geolocation, and user agent. This data can be used to track and reveal your location,” z0ccc explained in his post. – Most extensions that provide anti-fingerprinting features rely on scripts to embed script tags into web pages. There are many restrictions on their implementation, which you can read about here. Vytal uses the chrome.debugger API to spoof this data. This allows data to be spoofed in frames and web workers during the initial loading of the site. It also makes spoofing completely invisible.”
After installing Vytal, the extension allows you to select a custom location from a list of pre-populated locations, change data to match an IP address, or add a custom location. It is noted that when choosing the “Match IP” option and connecting to a new VPN server, you will need to click the “Reload” button in the extension to create new fake location data.
Z0ccc acknowledges that while the extension does not work perfectly, some real data may still be “leaked” during the initial loading of a web page. The point is that there is a slight delay between the page loading and the start of data spoofing by the debugger.
Auto Vytal told reporters that it plans to add additional features to the extension in the future to make it easier to use, including a whitelist of frequently visited sites that should not receive fake data.