So…this might be a stupid question, but I was testing a social media analysis program on VPN and despite the VPN being set for a different geographical location, it showed the time zone currently displayed on the phone (which wasn’t updated to current time due to being on airplane mode from travel but still).
Can someone please help me understand why VPN’s don’t seem to override the location/gps functions of a phone. I’m not sure I understand it.
Thank you!
The VPN itself works, but your browser and apps pass along all sorts of information to the servers they access, often things like time zone, screen resolution, browser/app version, etc. etc.
You’re correct. VPNs do not override the location/gps functions of a phone.
VPNs only change your apparent IP address. This is often used to geolocate when no other location information is available.
If your phone knows its location from something aside from its IP address - eg. GPS - and you have location services enabled and switched on for your app, then your phone is going to tell the app the location it thinks it’s at regardless of where your IP address is.
VPNs really do work, but if your phone is set up to tell an app where you really are then it’s going to know.
VPN routes your Internet traffic through a server elsewhere. Effectively this changes your public IP address. Some websites look at that public IP address to determine your location.
But there are many other ways to determine your location. Using your GPS, by looking at nearby MAC addresses (see skyhook.com), looking at cell towers, information leaked by your browser (like timezone/language), etc.
Depending on which browser you use some or all of that information is available to web browsers.
My experience is if I open same APP with and without VPN, then definitely the APP gonna know the next time you open it with VPN about the actual location. For that reason I do not open certain APPS outside VPN.
Makes sense, though a website accessed on private browser with no cookies still wouldn’t use the VPN data for location/time?
Okay that definitely makes sense for apps. But the analysis program I referred to, and the follow-up Test I did with Botsentinel, were websites (on a private browser and no cookies enabled), so I’m curious about why the website didn’t use the VPN location as expected.
Also, is there a way to override/spoof the cell location? (If too complicated to answer, just let me know and I’ll look into it more later)
Thank you for that! Also not sure I heard about skyhook so I will look into it
You can track private browsers without cookies. Additionally, your browser will have a fingerprint of its own depending on your device: https://panopticlick.eff.org/
A VPN isn’t enough for privacy. The only turn-on-and-don’t-think-about-it benefit I’m aware of is torrenting.
There isn’t much besides an IP and a date and time to track who is torrenting what, so if you have an IP of a VPN provider and the VPN provider doesn’t keep logs, then lawyers won’t have enough info to find out who you are.
There are apps that can take advantage of the developer option “mock location”. There’s a chance a browser may respect that and will send the mocked location to the site. Not tried it myself though
Without root though, any installed app can detect if location mocking is on - I’m not 100% sure if they can still see the real location though
The best option if trying to hide yourself is to disabled location services, or disable location services for certain apps. Certainly with modern Android, and I’m sure iOS too, you can fine tune location access permissions to individual apps
Obviously the best way is to completely disable location services
Your browser is an app, so the same logic applies to your browser as with other apps.
You can disable location services completely or on a per-app basis under settings for iOS, I assume android has similar settings.
Except VPNs don’t typically use the Android mock location. That’s referring to a mocked location of GPS / aGPS data. OP sounds like they’re only using fake location via IP address which will trick some websites and not trick others.
Okay that makes sense. Thank you