Browser extension that spoofs your geolocation & timezone, and auto-syncs to your VPN. Firefox, Chrome, Edge, Brave & Safari.
GeoSpoof
Your VPN changes your IP address. Your browser is still telling websites where you actually are.
Contents
- Getting started β Install Β· Usage
- Why GeoSpoof? β What it does NOT do
- Overridden APIs
- External Services
- Featured in
- Development
Getting started
Install
| Browser | Store | Works on | | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------- | | | Firefox Add-ons | Firefox 140+ on desktop and Android | |
| Chrome Web Store | Chrome, Brave, Edge, Opera, and other Chromium browsers | |
| App Store | Safari on iOS, iPadOS, and macOS | |
Safari setup β enabling after install
After installing on Safari, tap the puzzle piece icon (or go to Safari Settings β Extensions) and enable GeoSpoof for the sites you want to protect. On iOS/iPadOS, you can also enable it per-site from the AA menu in the address bar.
Other install paths β self-hosted XPI, from source
From GitHub Releases (Firefox self-hosted)
Each release includes a self-hosted signed XPI alongside the AMO submission. The self-hosted XPI uses a 4-segment version (e.g., 1.18.0.42) to avoid collisions with the AMO listing.
- Go to the Releases page
- Download
geospoof-firefox-v<version>-signed.xpifrom the latest release - In Firefox, open
about:addons - Click the gear icon (β) and select Install Add-on From Fileβ¦
- Select the downloaded
.xpifile
Note: An unsigned geospoof-firefox-v<version>-unsigned.xpi is also included in each release for Firefox forks that don't support AMO signatures. Most users should use the signed version.
From source
See CONTRIBUTING.md for build instructions.
Usage
- Click the GeoSpoof icon in your toolbar
- Search for a city, enter coordinates manually, or use "Sync with VPN" to auto-detect your VPN exit region
- Enable "Location Protection", "WebRTC Protection", and "Sync with VPN" features
- Refresh open tabs to apply
- Confirm it's working at geospoof.com/verify
Why GeoSpoof?
A VPN changes your IP, but your browser still leaks your real location through the Geolocation API, timezone offsets, Intl.DateTimeFormat, WebRTC, and more. Sites cross-reference these signals against your IP β when they don't match, you're flagged.
GeoSpoof overrides every one of those channels so your browser reports a consistent, chosen location instead of your real one. Set it to match your VPN, mismatch it on purpose, or pick anywhere in the world.
- VPN Region Sync β detects your VPN exit IP and sets your location to match. One click, and it re-syncs automatically as you switch exit servers.
- Manual control β search for a city or enter coordinates directly.
- Full signal alignment β geolocation, timezone, Date APIs, Intl, Temporal, and WebRTC all report the same place.
- Anti-fingerprinting β overrides are disguised to pass native code checks used by real-world fingerprinting scripts.
- Cross-browser β Firefox, Chrome, Brave, Edge, and Safari. Single codebase, MV3.
Note: Use of this tool may violate the Terms of Service of certain websites. Use responsibly.
What This Does NOT Do
GeoSpoof is designed to work alongside a VPN, not replace one.
- Does NOT spoof your IP address (use a VPN for that)
- Does NOT change browser language or locale
- Does NOT bypass server-side detection (IP, payment info, account history)
- Does NOT track your browsing activity, collect telemetry, or store data on external servers. Some features (city search, VPN sync) call third-party APIs to function. See the Privacy Policy for exactly what's sent and to whom.
- Does NOT provide forensic-level anti-fingerprinting. Engine-level API tampering is also detectable by dedicated tools. For extreme threat models, use Tor Browser or Mullvad Browser instead.
Overridden APIs
When protection is enabled, GeoSpoof overrides browser APIs synchronously at document_start before any page JavaScript runs. Covered APIs include:
- Geolocation β
navigator.geolocation.getCurrentPosition/watchPosition,navigator.permissions.query - Date & Timezone β
Dateconstructor,Date.parse, allDate.prototypegetters and formatters,getTimezoneOffset - Intl β
Intl.DateTimeFormatconstructor andresolvedOptions - Temporal β
Temporal.Now.*(feature-detected) - XSLT / EXSLT β
XSLTProcessor.prototype.transformToFragment/transformToDocumentrewrite EXSLTdate:date-time()output (Firefox, where available) - Workers β
Worker,SharedWorker, andnavigator.serviceWorker.registerwrapped to propagate the spoofed timezone into worker scopes (URL-based worker coverage is the FirefoxwebRequest.filterResponseDatapath; inline/blob workers are covered on every engine) - WebRTC β via browser privacy API, no script injection needed
- Anti-fingerprinting β
Function.prototype.toStringreturns[native code]for all overrides; iframes patched on insertion - Engine-level Spoofing (Chrome/Chromium, opt-in) β an optional mode that drives the timezone override through the Chrome DevTools Protocol (
chrome.debuggerβEmulation.setTimezoneOverride) instead of page-world injection. It covers background/module/service workers and applies before a page's first script, closing the worker and cold-start timezone leaks the content-script path can't reach on Chromium MV3. Off by default; while on, Chrome shows a "started debugging this browser" notice. Geolocation stays on the injected path.
External Services
GeoSpoof runs no backend application and sends no data to the developer for collection or analytics. Some features β city search and the optional "Sync with VPN" β make requests directly from your device to third-party services. Timezone resolution downloads boundary data from the developer's own CDN (cdn.geospoof.com, hosted on AWS), which transmits your IP as part of that request. The developer does not use these requests for analytics, tracking, profiling, advertising, or user accounts, and stores no personal data from them. Exactly what is sent, when, and to whom (for both the Safari extension and the companion apps) is documented in the Privacy Policy.
Featured in
- Privacy Guides community forum β "GeoSpoof: a Firefox add-on for convenient geolocation privacy"
- Korben β "GeoSpoof - Le VPN cache votre IP mais le navigateur vous trahit" (FR)
Development
See CONTRIBUTING.md for setup, scripts, testing, and the release pipeline.
Legal
Using location spoofing may violate terms of service of streaming, financial, or e-commerce platforms. You are responsible for compliance. See PRIVACY_POLICY.md for full details.
License
The GeoSpoof browser extension and everything in this repository is open source (MIT) β see LICENSE. Use, modify, and redistribute freely, including commercially.
The native GeoSpoof GPS desktop core (the Rust/Swift device product) is developed separately as a closed-source product and is not part of this repository.
Trademarks: The MIT license covers the source code only, not the brand. GeoSpoofβ’ is a trademark of Anthony Sgro. You're free to use and fork the code under MIT, but the GeoSpoof name and logo aren't licensed with it β please don't brand a fork or derivative product as "GeoSpoof" in a way that could confuse users about its source.
Links
- Website β geospoof.com
- Verify your protection β geospoof.com/verify
- Community β r/GeoSpoof
- User Guide
- API Documentation
- VPN Sync & Auto-Resync
- How Browsers Track Location
- Privacy Policy
- Contributing
- Report Issues
- Buy me a coffee
Star History
Acknowledgments
- Nominatim for geocoding
- browser-geo-tz for timezone boundary-data lookup
- BrowserLeaks for testing tools
- arkenfox TZP for timezone/geolocation fingerprint testing
- CreepJS for fingerprint testing
- webbrowsertools for testing tools
Contributors
Thanks to everyone who has contributed to GeoSpoof.