How to: Surf the web from a fake location

By
How to: Surf the web from a fake location

Shut out of US-only websites and services? Darien Graham-Smith looks at ways to falsify your location on smartphones and PCs.

When you search Google for a place to eat, your top hit probably won’t be the world’s most famous restaurant – it’s likely to be somewhere in your hometown. When you go to the US portal of an online shopping website, you’ll typically be directed to the AU site. Post to Twitter from your smartphone, and your location will be appended to the tweet. Clearly, online services are aware of where you’re connecting from.

They have a few ways of working this out. If you’re using a smartphone, then your browser and apps can (with your permission) access your geographical location as determined by your GPS hardware. If GPS is turned off, cell-tower information can be used: by comparing the relative signal strengths of nearby mobile masts, the phone can estimate its own position to a reasonable degree of accuracy – typically within 100m, in an urban area with plenty of coverage. 

On PCs and laptops, which lack GPS and radio receivers, secondary information can be used to guess your location. One method is by looking at nearby wireless networks. Google and other location-service providers maintain geographical maps of service-set-identifier (SSID) and media-access-control (MAC) addresses, so if your laptop can see three or more recognised networks, it can work out its own location to a high degree of accuracy, and – again, with your permission – can pass this information on to a remote service.

Failing that, it’s always possible for a remote service to look up the registration details of the IP address from which you’re connecting. This is a rather blunt approach that can give inaccurate results if your ISP isn’t based in your hometown, but at worst it can normally be relied on to get the country right. Via all these methods, online services can easily adapt what they present to visitors, depending on the country from where they’re actually connecting.

The problem with geolocation
It can be convenient to have online content tailored to your location, but in some situations it can be annoying. Such an example might be if you’re trying to order provisions ahead of a foreign holiday: if an online shopping site recognises that you’re connecting from outside the country, it may present only international shipping options. Or you might want to access an online resource that has been geographically restricted – for example, you may want to download a smartphone app that hasn’t yet been released in your region.

As we’ll describe below, there are ways to get around this by “spoofing” your location. The technical measures are the same regardless of what you want to achieve, but some uses of location spoofing come with ethical questions attached. Accessing hidden shopping-delivery options is harmless enough, but if a software developer has consciously chosen not to make its creation available in your country, then it’s debatable whether you have the right to circumvent that.

Things become even more dubious when it comes to media streaming. One of the most common uses for location-spoofing measures is to access regional content on services such as YouTube and Netflix, but in these cases the content is usually restricted because the streaming service has the rights to provide it only within a specific region. By tricking the server into playing it from overseas, you’re putting the provider in breach of its agreement with the copyright-holder. 

In practice, this hasn’t so far been a problem, and we’ve yet to see any significant legal dispute arise over out-of-region streaming. What’s more, if you do use software to spoof your location, you’re unlikely to get into trouble yourself: it’s widely suspected that services such as Netflix unofficially tolerate the use of geo-spoofing tools. After all, the more content customers are able to access, the more likely they are to continue subscribing to it.

All the same, if you’re planning to fake your location in order to access products and services that aren’t available in your own country, be warned: this is morally questionable territory, and there may be consequences for you or the service you’re accessing.

Apps and proxies
If you’re using a smartphone, the simplest way to fake your location is to install a spoofing app. There are plenty of these available for Android and jailbroken iOS devices, with straightforward names such as Fake GPS and Location Mockup. Using them is simply a matter of turning off your real GPS and location services, then using the app to manually specify where in the world you want to appear to be. 

This approach works, so far as it goes. Your phone will happily believe you’ve abruptly moved thousands of miles, and the apps won’t demur: Twitter and Facebook posts made from your mobile device will be “stamped” with your chosen location. 

This trick won’t work for services such as YouTube and Netflix, however. These don’t rely on your phone to honestly report where in the world it is: they work it out for themselves, based on the particulars of your connection. 

A much more robust solution is to use a proxy server – that is, a computer in your target country that can make the connection on your behalf, then forward the data on to you. There are plenty of commercial services that do this, such as Hide My Ass and CyberGhost. There’s also a community-run proxy system called Tor that does much the same thing. If all you want is to trick websites into thinking you’re in a different country, however, this approach is overkill. Such services route all of your traffic through an international channel, often encrypting it en route, thus providing a virtual private network (VPN) service. This is helpful if, for example, you’re working with sensitive documents in an oppressive environment, since it lets you communicate with the outside world in a way that can’t be traced back to you.

For our purposes, however, encryption isn’t necessary – and routing every packet through one or more proxy servers slows things down enormously. Luckily, there is a way: just make a remote server communicate directly with an Australian IP address as if it were an American one.

DNS segmentation
We mentioned above that a remote server can work out which country you’re in by looking up your IP address, but doing so for every single visitor would mean a lot of extra work for the server, and extra load on the network.

A much more efficient approach is to tackle the problem at the DNS level – that is, by exploiting the Domain Name System that translates names such as “www.example.com” into the numeric addresses used by internet servers. DNS works via a global network of name servers that ordinarily all use the same lookup tables – so entering www.example.com will normally take you to the same address regardless of where in the world you’re connecting from. 

But it doesn’t have to be this way. It’s perfectly possible for a domain to provide different translation details to different name servers; for example, DNS servers in Canada and France might be configured to direct traffic for the same domain to different addresses. Since connection requests almost invariably go through their ISP’s local DNS service, this effectively causes people connecting from different locales to be routed to region-specific servers, without the overhead of looking up each visitor’s IP address. 

It’s a technique that can be used for various purposes. Content-distribution giant Akamai uses this approach for traffic management, so that (for example) someone in Australia trying to connect to www.microsoft.com can be directed to a nearby mirror, rather than having to talk directly to the main server halfway around the world. Some services, including Hulu and Pandora, use it to allow or deny access – only clients coming in via a US-based name server are directed to a working service. Netflix uses DNS to determine which shows and movies you’re allowed to watch.

All you need to do to fool these systems is hook into a DNS server in a different region – but this isn’t quite as simple as switching to a free US-based DNS service such as Google’s; although the service is administered from Santa Clara, to minimise latency it dynamically routes requests to a server near you, so you’ll still receive AU-specific content. Even if you can connect to a US-only DNS server, your ISP may “hijack” any attempt to connect to it, and route your requests back to its own servers. This is annoying, but from the ISP’s point of view it has benefits: using a local name server ensures a speedy service, lets your ISP keep a better record of what’s going on, and creates an opportunity to serve up customised content – possibly including adverts – if a lookup fails.

One popular tool to beat this is the Hola unblocker, which is offered as both a browser extension to Chrome and Firefox and a standalone application for Windows and Android. Media Hint is a well known alternative. 

Inevitably, there’s no such thing as a free lunch. Media Hint started out as a free service but recently started charging $4 per month for access; Hola charges only for its “premium” service, but free users may be used as peers, providing DNS services for someone else from a different country.

And there’s no guarantee these utilities will work forever. Netflix and other services have every right to block such location-spoofing tools, and conceivably the operators of Hola and Media Hint could be forced to discontinue their services entirely – so don’t take them for granted. 

TOR
Tor network that routes your traffic through a series of randomly chosen proxies.

The primary purpose of this is to support anonymous web browsing: since anybody, anywhere in the world can operate a Tor relay (and then stop operating it the next day) it’s extremely difficult to trace a connection back to its origin.

As a convenient side effect of the way Tor works, when you connect to a remote service via Tor, that service sees your location as that of the last proxy in the chain (your “exit node”, in Tor parlance). Thus, it’s possible to use Tor as an effective location-spoofing system.

There’s one big downside to Tor, however: as a result of the byzantine routing that characterises the network, connections tend to be extremely slow. It’s unlikely that Netflix would be watchable over a Tor connection. Indeed, since the proxies are all operated by volunteers sharing their own network connections, it would be antisocial and just poor form to even try to put that amount of traffic through them.

However, Tor is the perfect solution if you need to quickly access a single website that you can’t get to directly from your own PC.

It’s very easy to use, too: at www.torproject.org/projects/torbrowser.html.en you can download a customised browser (based on Firefox) that automatically routes all connections via Tor, so you can browse from a fake location without messing with your regular browser or network settings.

The only bit of configuration that’s required is to specify that you want to use exit nodes only in a particular country – otherwise you could end up anywhere in the world.
To do this, go into the Tor Browser\Data\Tor folder and open the configuration file “torrc” in a text editor such as Notepad.

To use only exit nodes in the US, add these two lines to the end of the configuration file:

StrictExitNodes 1
ExitNodes {US}

If you want to browse from France, enter {FR} instead, and so forth. Save the configuration file and restart Tor Browser to effect the change. Note that if you select an invalid country code, or a country where no exit nodes are available, Tor Browser won’t be able to connect to the internet. You can find out more about Tor, including details of OS X and Android clients, at www.torproject.org.

Copyright © PC & Tech Authority, nextmedia Pty Ltd Copyright © Alphr, Dennis Publishing
Tags:

Most Read Articles

Upgrading to Windows 10 is still free, if you use this loophole

Upgrading to Windows 10 is still free, if you use this loophole

Review: Dell XPS 15 laptop (2017 model)

Review: Dell XPS 15 laptop (2017 model)

Benchmarks and specs leak for upcoming Ryzen 5 2500U APU

Benchmarks and specs leak for upcoming Ryzen 5 2500U APU

What's new in iOS 11?

What's new in iOS 11?