this post was submitted on 22 Jun 2025
3 points (80.0% liked)

Browsers

1234 readers
12 users here now

About Community

This is the community to discuss about browsers.

Browsers List

Open Source browsers

Closed Source browsers

List will be updated

founded 4 years ago
MODERATORS
Archit@lemmy.ml
3
Browser Timezone & Privacy Concerns (lemmy.world)
submitted 19 hours ago by happeningtofry99158@lemmy.world to c/browsers@lemmy.ml
4 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.world/post/31789847

Browser Timezone & Privacy Concerns

How can I hide my "timezone" from sniffing sites?

From my understanding, websites can access both the timezone of my browser (without using javascript) and the timezone of my local machine (using javascript). my question being

  • If a website has access to my local machine's timezone, does it mean it has access to other information on/about my local machine?
  • According to Privacy - How can I hide my "timezone" from sniffing sites? - Super User, we must disable JavaScript to block timezone access. However disabling javascript is not really feasible as it breaks most of websites. Is there a workaround that allows us to block JavaScript from running specific commands?
  • Maybe my understanding of JavaScript is incorrect, but if a website has the privilege of running any program on my computer through the web browser, it can retrieve all the information it needs. If I don't disable JavaScript while using the browser, I don't see the point in resisting fingerprinting, like spoofing my device info.

appreciate any help!

Please see the cross-post as it is updated.

you are viewing a single comment's thread
view the rest of the comments
[–] lurch@sh.itjust.works 1 points 17 hours ago (3 children)

First of all, fingerprinting isn't that precise. It's extremely overrated, because instilling fear gets clicks and views. You can't use the browser fingerprint for authentication, for example, because even though there are enough bits in theory, they are not random and not unique and a lot of people end up having the same exact fingerprint, for example, if they use company PCs where everyone gets the exact same PC and plugins/extensions are enforced with group policy.

However, the JS running in the browser is limited and sandboxed. It cannot do everything and can't access everything. But among the few things it can actually do is prompting for the timezone offset and transferring it to a permitted site, like the one the JS app is running on. If you feel stalked by ad companies fingerprinting you and you have JS enabled, that's unfortunately something you have to accept, unless you run your browser in an environment with a different timezone, but then all times on sites you visit and in its history, will appear off. For example, in Linux, you could achieve that by setting the TZ environment variable in the environment you start the browser in. If that environment is a shell script, it can be temporary and just for the browser while it's running. A script could even be made to pick a random TZ on every browser start, to confuse fingerprinters.

[–] happeningtofry99158@lemmy.world 1 points 16 hours ago (2 children)

thanksalot

JS running in the browser is limited and sandboxed

Except for timezone, what else information can sandboxed JS get from a local machine?

[–] lurch@sh.itjust.works 1 points 15 hours ago (1 children)

A lot. A few I can think of: Locale, Window.devicePixelRatio, Window.history (per domain limited access), various Window and screen size properties and various browser and system properties and settings (like browser name, vendor, RAM, etc) see https://developer.mozilla.org/en-US/docs/Web/API/Navigator for more info.

[–] happeningtofry99158@lemmy.world 1 points 14 hours ago

I see

thanksalot