Alexandre,
Thank you for the response. I posted this a while ago, but it took some time to get approved by the mods of the forum. I took the video down because I got a response from ProtonVPN that in part gave me an answer (although it raised more questions that have went unanswered), and didn’t want it to appear via the video as thought it was solely an issue with Proton or some type of problem with their product.
Here is the response that I received from ProtonVPN support:
Hello,
Thank you for contacting us!
From the information, you provided we can see that your connection is secured by using the ProotnPVN server IP/DNS.
In regards to that website, please note that it is not using simply your IP address location. Instead, they are using an API call to invoke your location. This means without you clicking on allowing the location sharing on your browser, they won’t be able to utilize the same.
You can find more information on this article on how they utilize geolocation (https://www.w3.org/TR/geolocation-API/).
As it is stated “The Geolocation API defines a high-level interface to location information associated only with the device hosting the implementation, such as latitude and longitude. The API itself is agnostic of the underlying location information sources. Common sources of location information include Global Positioning System (GPS) and location inferred from network signals such as IP address, RFID, WiFi, and Bluetooth MAC addresses, and GSM/CDMA cell IDs, as well as user input. No guarantee is given that the API returns the device’s actual location.”
We suggest not to allow on third-party websites any access when it comes to location services if this is the case.
Let us know if you have any additional quesios.
Kind regards,
Customer Support
ProtonVPN
The API thing makes sense, but considering I’m using a laptop and not a phone, and I don’t believe that I have GPS enabled hardware that aspect is a possibility but… I have to look into that, but haven’t had much time with the holidays.
The other things, such as MAC address, and blutooth and stuff I guess could potentially provide additional clues as to my location if the website in question is gaining location info from other devices around me, but I think overall this has shifted my concern a little bit away from ProtonVPN and toward potential other factors as possibilities, and has ended up raising more questions than what I initially had.
I question how I can find out exactly what the site is using to find my location. I don’t have much experience with VMs, but I’m thinking of figuring VMware out and enabling one piece of hardware at a time for a VM until I can replicate the issue.
I also question if the website in question can see cookies or something saved from past activity while online using ProtonVPN. I’m considering taking my laptop on a trip and using it someplace to see if it still shows my actual home location just the same, which should answer that.
I guess there’s a million different possibilities as to how a location can be given even with a VPN.