I use a VPN and/or Tor to do the majority of my websurfing/streaming/torrenting. Some programs (notably web browsers) can read your local system time to access your timezone. And, I happen to live in… let’s just say a very “narrow” timezone, my country of origin can be trivially pinpointed if you take a look at the UTC offset.

I know Firefox has a setting to spoof my timezone to UTC, but chromium browsers do not have that option (at least no option i could find after a fairly extensive search), and I don’t even know whether any of the other programs I’ve installed are reading my timezone, such as, for example, my matrix client.

So, the solution I came up with: Do a timedatectl set-timezone UTC on the device. I can separately make my desktop clock do a little timezone conversion so no worries about time disorientation. This fixes the issue with most apps not allowing timezone spoofing too.

Honestly, now that I’ve typed all that^^ out, this is beginning to sound like an unnecessary schizo post that goes WAY beyond my threat model XD. Still, I’d love to hear anyone else’s thoughts on it. Ideas to improve upon it are appreciated too.

  • NateNate60@lemmy.world
    10·
    21 hours ago

    I think there is a line to be drawn between what is theoretically better and what is meaningfully useful.

    It is realistically not useful information for an attacker to know what country you are from by observing your UTC offset. It’s simply much easier to guess this information by observing your other behaviours. For example, the text and time of your post is already leading me to guess UTC+5:30 as the time zone in question. But again, knowing what country you’re from is not really useful information most of the time, as even if my guess is correct, that narrows it down to a whopping one-eighth of the human population.

    • glint@mander.xyzOP
      2·
      16 hours ago

      Heh, I wish it was +5:30

      It’s UTC +5:45, and my country’s the only one using it. That’s ~30 million people. My main fear is not being pinpointed to my personal identity, but the fact that this serves as a perfect fingerprint metric, rare enough to stick out like a sore thumb.

      (felt safe enough to reveal, as i do not expect this account to be tied back to me personally)