
Show HN: Simple JavaScript VPN detection using timezones - nsamala
https://simple-vpn-detector.netlify.com/
======
LukeBMM
While others seem to be beating up on the idea a bit, I thought it was a
really helpful reminder. Without having thought about it too much, my default
assumption would have been that Netflix, for example, would block VPNs by
comparing IP against a blacklist of known endpoints.

The underlying concept - checking user level information and comparing against
network information - is an interesting and valuable way to think about it.
This is a nice, simple illustration of that idea. Thanks for sharing it.

~~~
nsamala
First off, thanks! I appreciate you seeing some silver lining in my silly idea
:)

And yeah, more than likely they've got a blacklist of VPN IP addresses to
check against.

------
bangboombang
Maybe add an error message if ipapi.co isn't reachable.

uBlock blocked it on my end, and all I see is the "learn how it works" link,
and above that is invisible text saying "Browser Timezone" and "IP Timezone".

------
_-___________-_
I think you need to look at the offset, rather than the timezone name. For
example, if I fly to somewhere in e.g. the Central Europe timezone I don't
always pick a city in the same country when setting the timezone; I just pick
Paris or Berlin or whatever comes to mind first.

But then if you only look at the offset, you'll have even worse VPN detection
since any VPN exit in the same timezone offset won't be detected. This is not
really a good way to detect VPN.

------
astatine
Another false positive. Really simple one. Browser timezone Asia/Calcutta and
IP timezone Asia/Kolkata ... The city changed its name a very long time ago
and both the names refer to the same city.

Looked like an interesting idea, but seems like there are many reasons for
false positives.

------
skitter
Yet another false positive: When privacy.resistFingerprinting is enabled in
Firefox, UTC is reported, at least for me (and even when disabled, the
timezones do not match despite both being correct: CET vs. Europe/Berlin). So
it seems like a cool idea, but not very practicable.

------
nsamala
Thanks for all the feedback! It was just a fun idea I had before going to bed
and it's definitely not fleshed out.

I know that services like Netflix do VPN detection in much fancier ways and
had noticed it when traveling abroad. There's no motivation for me to
implement it in anything I do.

Thanks again and sorry for wasting your time!

~~~
ThePowerOfFuet
You didn't waste our time.

------
netsharc
It's a silly check, with a silly workaround: if a website uses this, you can
just change the OS'es timezone, so the browser would report the same thing as
GeoIP.

~~~
nsamala
Yeah, it was just a fun idea. I even mention at the bottom of the GitHub page
that you could just change your OS timezone. But given it was a small 15
minute hack, I'm not entirely surprised it doesn't work.

~~~
tsukurimashou
YES BUT DID YOU READ ABOUT THE FALSE POSITIVES? ;p

~~~
nsamala
haha what false positives? :P

------
AndrewThrowaway
Seems to give false positive on Windows 10 as in my Date setting on OS level
time zone is selected as something like Helsinki, Sofia, Kyiv, Tallinn, etc.
(UTC+02:00) so both Firefox and Chrome reports it as "Europe/Kiev". While I am
in a different country so IP address obviously reports differently. I wonder
if it was thought about timezones where a lot of small countries can be in the
same one.

------
weddpros
Same here (Tenerife Spain), false positive

(fellow developer, please do not ban VPNs if you can't guarantee 0 false
positive)

~~~
JohnFen
> fellow developer, please do not ban VPNs if you can't guarantee 0 false
> positive

Or, better, don't ban VPNs at all.

------
matjazdrolc
Another false positive here. Geoip is correct, but timezone is not. (Belgrade
instead of Ljubljana).

------
ddffre
It's a clever thinking, but only for vpns in other countries, the solution
would probably fit netflix and other streaming services.

------
noobnoobles
This doesn't work, I'm on holiday and it thinks I'm using a VPN.

------
futhey
Got a false positive in Taiwan because your IP lookup service provider
([https://ipapi.co/json](https://ipapi.co/json)) returned no timezone.

------
Renaud
False negative when the VPN exit is in the same country. This doesn't detect
you're using a VPN.

------
mariopt
False positive. I’m in London but I’m using my Portuguese number for 4G
roaming.

------
mewwts
False positive, I’m in Copenhagen, but my browser reports Oslo.

------
simas89
false positive as well. this is not a good idea.

