I use a VPN and/or Tor to do the majority of my websurfing/streaming/torrenting. Some programs (notably web browsers) can read your local system time to access your timezone. And, I happen to live in… let’s just say a very “narrow” timezone, my country of origin can be trivially pinpointed if you take a look at the UTC offset.
I know Firefox has a setting to spoof my timezone to UTC, but chromium browsers do not have that option (at least no option i could find after a fairly extensive search), and I don’t even know whether any of the other programs I’ve installed are reading my timezone, such as, for example, my matrix client.
So, the solution I came up with: Do a timedatectl set-timezone UTC on the device. I can separately make my desktop clock do a little timezone conversion so no worries about time disorientation. This fixes the issue with most apps not allowing timezone spoofing too.
Honestly, now that I’ve typed all that^^ out, this is beginning to sound like an unnecessary schizo post that goes WAY beyond my threat model XD. Still, I’d love to hear anyone else’s thoughts on it. Ideas to improve upon it are appreciated too.
I think there is a line to be drawn between what is theoretically better and what is meaningfully useful.
It is realistically not useful information for an attacker to know what country you are from by observing your UTC offset. It’s simply much easier to guess this information by observing your other behaviours. For example, the text and time of your post is already leading me to guess UTC+5:30 as the time zone in question. But again, knowing what country you’re from is not really useful information most of the time, as even if my guess is correct, that narrows it down to a whopping one-eighth of the human population.
Heh, I wish it was +5:30
It’s UTC +5:45, and my country’s the only one using it. That’s ~30 million people. My main fear is not being pinpointed to my personal identity, but the fact that this serves as a perfect fingerprint metric, rare enough to stick out like a sore thumb.
(felt safe enough to reveal, as i do not expect this account to be tied back to me personally)
You should check your browser fingerprint first. Anything privacy-focused likely already reports your timezone as UTC. I believe that Mullvad, LibreWolf, and Brave all do that.
And it’s not unnecessary at all. In fact, I’ve had to set my time zone to other countries where my VPN is set in order to use some sites, and set streaming device time zones to the US to not get dinged as using a VPN. This isn’t unreasonable at all.
No, don’t do that. Some browsers check if your timezone is in check and if not then they refuse to load HTTPS webpages.
But if you’re setting the time to UTC and your time zone to UTC, your time is still accurate. I assumed that was what OP was talking about doing, not just “leave the time as my time but change the time zone.”
I use UTC+0 because I don’t like the ideas of timezones and DST.
