Security News > 2022 > June > New Vytal Chrome extension hides location info that your VPN can't
A new Google Chrome browser extension called Vytal prevents webpages from using programming APIs to find your geographic location leaked, even when using a VPN. Many people use VPNs to hide their location or connect from another country while browsing the web.
While a VPN will hide the IP address of your device and thus your physical location, it is possible to use JavaScript functions to query information directly from a web browser to find a visitor's general geographic location.
To illustrate how JavaScript can be used to reveal a visitor's location information, z0ccc created the https://vytal.io website that displays the type of information that can be obtained directly from a visitor's computer, even if they are using a VPN. For example, when this author connected to a VPN server in London, the Vytal.io site could still retrieve my device's correct time zone, locale, and time, providing a general location of where I am located.
After installing the extension, you can specify your location from a list of pre-populated places, modify data to match your IP, or add a Custom location.
Users should note that when you select 'Match IP' and connect to a new VPN server, you need to click on the 'Reload' button to populate the extension with the new spoofed geographic location data.
While this extension should work on all Chromium browsers, including Brave Browser, it cannot be ported to Mozilla Firefox as the browser does not support the debugger API. z0ccc told BleepingComputer that the extension was initially created to prevent their location data from being leaked when using a VPN and prevent another project of theirs, called LocateJS, from detecting location info.