Your VPN routes your traffic through another country and your IP address says Tokyo. But open Google Maps in a browser tab and it still shows your real home coordinates. The reason: browsers have their own independent geolocation system — WiFi BSSID lookups, GPS access, and nearby cell towers — that VPNs do not touch. Still, most people never notice this gap. But for anyone who uses a VPN for privacy, it is a quiet leak that defeats the purpose. And if you are serious about browser privacy, choosing a VPN that covers all the bases matters — we broke that down in our VPN buyer’s guide.
So GeoSpoof is a free, open-source browser extension that plugs that gap. And it intercepts your browser’s geolocation, timezone, and sensor APIs and feeds them data matching your VPN’s exit node. We tested it on Firefox and Chrome with active VPN connections. Here is what we found.
What GeoSpoof Does
So GeoSpoof is a TypeScript extension (MIT license, 71★ on GitHub, 30 releases in three months) that hooks into three browser APIs that websites use to determine your real location:
- Geolocation API (
navigator.geolocation.getCurrentPosition()) — The one Google Maps, weather services, and region-locked sites call. GeoSpoof intercepts the response and replaces coordinates with the VPN exit node’s latitude and longitude. - Timezone API (
Intl.DateTimeFormat().resolvedOptions().timeZone) — Many websites infer your region from the browser-reported timezone without even asking for location permissions. GeoSpoof updates this to match the VPN server’s timezone. - Sensors API — Less commonly checked, but some sites read accelerometer and gyroscope data for location heuristics. GeoSpoof spoofs these too.
And the auto-sync mechanism is the standout feature. When the extension detects a VPN connection change, it queries ip-api.com for the new exit node’s geographic data and updates all three API responses within seconds. No manual picker, no restart.
How GeoSpoof Compares to Other Options
| Feature | GeoSpoof | Location Guard | Manual Spoof (Android) |
|---|---|---|---|
| Open source | ✅ MIT | ❌ Closed | — |
| Cross-browser | 6+ (FF/Chrome/Edge/Brave/Opera/Safari) | 2 (FF/Chrome) | 0 (Android only) |
| VPN auto-sync | ✅ Automatic | ❌ Fixed coords | ❌ Manual |
| Timezone spoofing | ✅ Yes | ❌ No | ❌ No |
| Sensors API | ✅ Yes | ❌ No | ❌ No |
| Price | Free | Free | Free |
Testing GeoSpoof: Real-World Results
So we installed GeoSpoof on Firefox 128 (Windows) and Chrome 126. And the download took under 20 seconds from the GitHub releases page — grab the zip, load it as an unpacked extension in developer mode, and toggle it on.
With NordVPN connected to a Netherlands server, we opened the browser console and ran navigator.geolocation.getCurrentPosition(). Without GeoSpoof, the browser returned coordinates matching our physical location. With GeoSpoof active, it returned a location near Amsterdam — verified against the VPN server’s IP geolocation. The delta was roughly 5,800 kilometers. That is the gap most VPN users do not know exists.
Then we checked Intl.DateTimeFormat().resolvedOptions().timeZone. Before: America/New_York. After: Europe/Amsterdam. And the timezone update is immediate — no page reload needed.
Then switching the VPN to a UK server triggered an automatic re-sync within about 15 seconds. And GeoSpoof queried ip-api.com again — both the geolocation and timezone updated to London without any manual intervention. That smooth auto-sync is what makes this extension genuinely useful — set it once and forget it.
GeoSpoof Limitations & Risks
Still, GeoSpoof is not a complete privacy shield. Three limitations stood out in our review:
WebRTC is not blocked. But the extension does not intercept WebRTC, which can still expose your real IP address. So users who need full browser privacy should pair GeoSpoof with a dedicated WebRTC leak shield extension.
ip-api.com rate limits. But the free tier of ip-api.com has usage caps. Heavy VPN users who switch servers dozens of times a day may hit delays or failures in the auto-sync. The extension settings allow disabling automatic detection — but that defeats the main selling point.
Extended trust model. By installing GeoSpoof, you are trusting the extension author (anthonysgro) with your browser’s location data, on top of trusting your VPN provider. The MIT license and 450+ public commits make the code auditable, but the audit burden is on you. Users who want maximum control can review the source on GitHub before installing.
iOS Safari limitations. The extension works on iOS and iPadOS, but Apple’s sandboxing restricts some API interception compared to the desktop browser versions.
GeoSpoof: The Bottom Line
Still, GeoSpoof fills a real privacy gap that most VPN users — and most VPN reviews — do not talk about. Your VPN encrypts your traffic and changes your IP, but your browser leaks your physical location through a side channel most people never knew existed. So at 71 GitHub stars, this is a young project, but the code is open, the releases are frequent (30 in three months), and the core auto-sync functionality works as tested.
For the encryption layer, pairing GeoSpoof with a reliable VPN is essential. NordVPN and ProtonVPN are both tested to work with the auto-sync feature — check our NordVPN vs CyberGhost comparison for a deeper look at what each provider offers. And this is one of those tools that seems niche — until you realize your browser has been telling websites exactly where you live this entire time.
Disclosure: Some links below are affiliate links. If you sign up through them, I may earn a commission at no extra cost to you.
- NordVPN — tested with GeoSpoof auto-sync in this review