Proton VPN issue

I’m running a dual boot Win 10 and Parrot MATE, and noticed an issue in Windows 10. I don’t know if it’s a hardware specific issue that would present a problem on any OS I’m using (including Parrot MATE), or if it’s just Windows 10. I don’t know if it’s really an issue, or just a browser thing, but I cleared all cookies and website data in Firefox with the “everything” option, rather than just “1 hour” or “today.”

I’m not highly concerned, because I’m primarily using Parrot for learning amateur radio SDR related stuff, and VPN just for general privacy, but it appears that a specific website can still determine my location despite running proton VPN (completely updated Win 10 and Proton VPN).

This makes me wonder if there is a hardware component that can detect my location independent of IP address on a Matebook Pro X? A bad configuration of the VPN? Browser cookie issue (even though clearing it didn’t solve the problem, and I installed Chrome and tried it with the same results).

Here’s a video of the issue I uploaded to youtube. https://youtu.be/s8p0Dufzzd0

I’m going to see if the same happens with Parrot Mate, but have to switch over from Windows and install OpenVPN, which may take a little while.

Does anyone have any idea as to what might be going on here? I wouldn’t normally ask the Parrot community, but since it is a security thing thought you all might have an idea.

Hi John, the link to the video with the issue doesn’t work anymore. Have you solved this issue ?

Alex

Alexandre,
Thank you for the response. I posted this a while ago, but it took some time to get approved by the mods of the forum. I took the video down because I got a response from ProtonVPN that in part gave me an answer (although it raised more questions that have went unanswered), and didn’t want it to appear via the video as thought it was solely an issue with Proton or some type of problem with their product.

Here is the response that I received from ProtonVPN support:

Hello,

Thank you for contacting us!

From the information, you provided we can see that your connection is secured by using the ProotnPVN server IP/DNS.

In regards to that website, please note that it is not using simply your IP address location. Instead, they are using an API call to invoke your location. This means without you clicking on allowing the location sharing on your browser, they won’t be able to utilize the same.
You can find more information on this article on how they utilize geolocation (https://www.w3.org/TR/geolocation-API/).
As it is stated “The Geolocation API defines a high-level interface to location information associated only with the device hosting the implementation, such as latitude and longitude. The API itself is agnostic of the underlying location information sources. Common sources of location information include Global Positioning System (GPS) and location inferred from network signals such as IP address, RFID, WiFi, and Bluetooth MAC addresses, and GSM/CDMA cell IDs, as well as user input. No guarantee is given that the API returns the device’s actual location.”
We suggest not to allow on third-party websites any access when it comes to location services if this is the case.

Let us know if you have any additional quesios.

Kind regards,
Customer Support
ProtonVPN

The API thing makes sense, but considering I’m using a laptop and not a phone, and I don’t believe that I have GPS enabled hardware that aspect is a possibility but… I have to look into that, but haven’t had much time with the holidays.
The other things, such as MAC address, and blutooth and stuff I guess could potentially provide additional clues as to my location if the website in question is gaining location info from other devices around me, but I think overall this has shifted my concern a little bit away from ProtonVPN and toward potential other factors as possibilities, and has ended up raising more questions than what I initially had.

I question how I can find out exactly what the site is using to find my location. I don’t have much experience with VMs, but I’m thinking of figuring VMware out and enabling one piece of hardware at a time for a VM until I can replicate the issue.
I also question if the website in question can see cookies or something saved from past activity while online using ProtonVPN. I’m considering taking my laptop on a trip and using it someplace to see if it still shows my actual home location just the same, which should answer that.

I guess there’s a million different possibilities as to how a location can be given even with a VPN.

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.