New Google Chrome extension hides location data that could leak even when using a VPN


Google Chrome welcomes a new addition to its browser extensions, Vytal, the new VPN tool.

Installing Vytal as a virtual private network (VPN) extension in the Chrome browser will allow users to have privacy control over their location.

The main purpose of a VPN is to conceal and prevent users from revealing their online activities. Even though VPNs are most commonly used to protect against hackers and spies on public networks, users can also use them to conceal their IP address, browsing activity, and personal data while using any which Wi-Fi network.

A VPN is also commonly used by many people to avoid certain types of online tracking and to stream specific types of content that are not yet available in their current location or country.

Vytal chrome extension

On Y Combinator’s Hacker News, the developer who goes by the name ‘z0ccc’ revealed the new Vytal Google Chrome extension and asked readers for feedback on how the app works.

Vytal has the ability to impersonate users in terms of time zone, locale, geolocation, and user agent. According to Google Chrome, “This data may be used to track you or reveal your location.”

The vast majority of browser extensions that provide fingerprint protection rely on content scripts to inject script tags into online pages.

Chrome added: “There are many limitations to script tag injections, which you can read here: -fingerprinting- Easier/.”

In order to falsify this data, Vytal uses the chrome.debugger API. Because of this, it is possible to spoof data in frames, web workers, and when a website first loads. On top of that, it makes spoofing entirely untraceable.

Read also: The Apple M1 chip has a security flaw that cannot be fixed

Using Vytal as a VPN

After installing Vytal as an extension, users will have the option to select their location from a selection of pre-populated locales, change data to match their IP address, or create a location personalized.

As reported by BleepingComputer, the extension does not provide 100% accuracy instantly. This may allow the initial display of incorrect user information during the loading process of a web page.

There is a brief pause between page loads and when the spoofing debugger begins its work, and precise information about a user can be collected while the web page is still loading.

However, despite the fact that tampered data is not displayed on initial load, the script does an excellent job of hiding location information that can be discovered using JavaScript APIs.

This extension should work on all Chromium-based browsers, including the Brave browser. However, it cannot be extended to Mozilla Firefox because this browser does not support the debugger Application Programming Interface (API).

The developer, z0ccc, told BleepingComputer that the extension was originally developed to prevent their location data from being exposed when using a VPN and to prevent another of their projects, called LocateJS, from detecting location metadata.

z0cc said additional features for the expansion will be revealed soon. These additional features also aim to simplify the use of the extension and include an authorized list of websites that users visit frequently and whose data will not be spoofed.

Related article: Does Pi have 100 trillion digits? A Google developer claims to have the answer


Comments are closed.