Timezone Spoofing when Using a VPN

[CaptHaddock]

4 minutes ago, suzannegoh said:

 

What options did they give you when they shut your account? Could you have left your money there and just not be able to buy any more shares in mutual funds?

If I recall correctly they weren't threatening to close the accounts outright, but would not let me execute any trades of any kind including reinvestment of dividends.  So, I transferred the assets elsewhere and closed the accounts.  I had had accounts at Fidelity, including corporate 401(k) accounts for over twenty-five years at that point.  Corporations don't get sentimental about things like account longevity.

[suzannegoh]

12 hours ago, TallGuyJohninBKK said:

 

Hmm.... when I connect direct to the whoer.net site, of course it shows here for both location & time.

 

But when I connect to my U.S. VPN and then re-try the same site, it times out with a "secure connection failed" error.

 

That said, I've done a lot of banking interactions thru the years, and for those I've done, the VPN alone always seemed to be enough. I've never been questioned beyond that.

 

This site also checks for timezone discrepancies:
http://www.doileak.com/

[mtls2005]

I'm not sure which financial institutions are involved, nor how "strict" they can be, but surely customers are allowed to travel, and utilize on-line banking when traveling?

 

I assume you are maintaining some sort of residential address in the U.S.? And paying appropriate state and federal taxes?

 

I've never been challenged and even had new credit cards mailed to me here in Thailand. I use their VISA ATM cards and credit cards here all the time.

 

I think financial institutions probably have the most robust fraud detection utilities - save for Netflix - and I'm not certain it's possible to guarantee spoofing save remote access/controlling a device physically located within the U.S.?

 

Now, I did run into an issue freezing one of the credit reporting companies (Experian) based on my perceived location - have yet to sort that out as they require a ton of documentation including a utility bill.

 

 

[CaptHaddock]

23 minutes ago, mtls2005 said:

I'm not sure which financial institutions are involved, nor how "strict" they can be, but surely customers are allowed to travel, and utilize on-line banking when traveling?

 

I assume you are maintaining some sort of residential address in the U.S.? And paying appropriate state and federal taxes?

 

I've never been challenged and even had new credit cards mailed to me here in Thailand. I use their VISA ATM cards and credit cards here all the time.

 

Only a fool would pay state and local income tax after expatting.  Americans are not required to be residents of a state and are not required to pay state income tax unless they retain tax domicile in that state.   As long as you do not inadvertently maintain tax domicile in your former state out of ignorance of that state's domicile requirements, you are not liable for state taxes.  Use of a forwarding address does not by itself establish tax domicile.

 

The I've-never-had-a-problem response overlooks that possibility that you may have been establishing a history that the financial institution can use in the future as a basis to deny you service.  For instance, a bank may be willing to send your replacement credit card to your Thailand address, but perhaps after the next 9/11 type incident bank practices tighten up considerably and they close your account unless you produce an American utility bill with your name on it.  Then you are SOL, because you have been documenting your foreign residence which you cannot deny.  Far better to use a US mail forwarder to receive your credit card and ship it to you so the bank sees only the US address.

Edited November 1, 2017 by CaptHaddock

[suzannegoh]

I'm not sure which financial institutions are involved, nor how "strict" they can be, but surely customers are allowed to travel, and utilize on-line banking when traveling?
 
I assume you are maintaining some sort of residential address in the U.S.? And paying appropriate state and federal taxes?
 
I've never been challenged and even had new credit cards mailed to me here in Thailand. I use their VISA ATM cards and credit cards here all the time.
 
I think financial institutions probably have the most robust fraud detection utilities - save for Netflix - and I'm not certain it's possible to guarantee spoofing save remote access/controlling a device physically located within the U.S.?
 
Now, I did run into an issue freezing one of the credit reporting companies (Experian) based on my perceived location - have yet to sort that out as they require a ton of documentation including a utility bill.
 
 

You can travel and access your accounts from abroad, that's not an issue. Where the problems arise is when your legal residence is outside of the US. There have frequently been reports in the "Business in Thailand" forum of this website about Fidelity, Scott Trade, and maybe others closing or restricting accounts because of that. The issue typically arises for people who opened their accounts while living in the US and later moved abroad.

[suzannegoh]

But back to the original topic….
 

It seems like the only reliable method in Windows to avoid the problem of being in the “wrong” timezone is to actually change the system timezone on your computers.  And while it at first appears that Firefox doesn’t “see” system timezone changes except when it starts, that’s not actually at the case, it’s just that it’s not predictable when Firefox will notice the timezone change except when the browser first starts.  If you launch Firefox, and change the timezone while Firefox is running, Firefox won’t switch timezones immediately but it will eventually.

So for now my workaround is just to change the timezone before starting Firefox.
 

FWIW, a quick way to change timezones in Windows without poking through dropdown menus is to either issue one of the following commands at a commandline or to put them in a *.bat file:
 

To change to US East Coast timezone:
tzutil /s "Eastern Standard Time"
 

To change to Thailand’s timezone:
tzutil /s "SE Asia Standard Time"
 

To see what timezone your system is currently set to:
tzutil /g
 

To get a list of all valid timezones:
tzutil /l
 

Edited November 2, 2017 by suzannegoh

[CaptHaddock]

5 minutes ago, suzannegoh said:

But back to the original topic….
 

It seems like the only reliable method in Windows to avoid the problem of being in the “wrong” timezone is to actually change the system timezone on your computers.  And while it at first appears that Firefox doesn’t “see” system timezone changes except when it starts, that’s not actually at the case, it’s just that it’s not predictable when Firefox will notice the timezone change except when the browser first starts.  If you launch Firefox, and change the timezone while Firefox is running, Firefox won’t switch timezones immediately but it will eventually.

So for now my workaround is just to change the timezone before starting Firefox.
 

FWIW, a quick way to change timezones in Windows without poking through dropdown menus is to either issue one of the following commands at a commandline or to put them in a *.bat file:
 

To change to US East Coast timezone:
tzutil /s "Eastern Standard Time"
 

To change to Thailand’s timezone:
tzutil /s "SE Asia Standard Time"
 

To see what timezone your system is currently set to:
tzutil /g
 

To get a list of all valid timezones:
tzutil /l
 

And this passes the whoer.net test?  You get a 100% anonymity rating?

[suzannegoh]

And this passes the whoer.net test?  You get a 100% anonymity rating?

I get a 90 percent rating by that test. I think that to get 100% by that test you need to turn off Javascript and Flash.

[suzannegoh]

 

I get a 90 percent rating by that test. I think that to get 100% by that test you need to turn off Javascript and Flash.

 

However the reason for it being less than 100% does not appear to be anything related to timezones, it's because whoever runs whoer.net considers Javascript and Flash to be a security risk in and of themselves. The catch is that you can't logon to Fidelity's website with those disabled.

 

 

 

[CaptHaddock]

5 minutes ago, suzannegoh said:

 

However the reason for it being less than 100% does not appear to be anything related to timezones, it's because whoever runs whoer.net considers Javascript and Flash to be a security risk in and of themselves. The catch is that you can't logon to Fidelity's website with those disabled.

 

 

 

Doesn't appear to be true.  I get 100% from whoer.net and can login to Fidelity.  (Although I did close most of my accounts there as I related, I do still have one category of account that was not included in Fidelity's restrictions.)

[suzannegoh]

14 minutes ago, CaptHaddock said:

Doesn't appear to be true.  I get 100% from whoer.net and can login to Fidelity.  (Although I did close most of my accounts there as I related, I do still have one category of account that was not included in Fidelity's restrictions.)

Do you mean that you can logon to Fidelity with JavaScript disabled or that you are able to get a 100% rating on whoer.net without disabling JavaScript?  When I disable JavaScript Fidelity's logon page doesn't even display the boxes in which to enter your password and username.

[CaptHaddock]

Just now, suzannegoh said:

Do you mean that you can logon to Fidelity with JavaScript disabled or that you are able to get a 100% rating on whoer.net without disabling JavaScript?  When I disable JavaScript Fidelity's logon page doesn't even display the boxes in which to enter your password and username.

I get 100% from whoer and I see everything I expect to see when logged in to Fido.  Java, webRTC, and all those other offending programs are disabled.  This is Firefox 56.0.2.

[suzannegoh]

8 minutes ago, CaptHaddock said:

I get 100% from whoer and I see everything I expect to see when logged in to Fido.  Java, webRTC, and all those other offending programs are disabled.  This is Firefox 56.0.2.

Is that on Windows or Linux?

Below are the things that whoer.net says are preventing me from getting a 100% rating.  This is with 64bit Firefox 56.02 on Windows 10.  And when I disable Javascript, Fidelity doesn't fly.

 

Edited November 2, 2017 by suzannegoh

[suzannegoh]

Maybe I see what it is.  By any chance, do you have Java disabled but Javascript enabled?  That test is deducting 10 points for Flash being enabled (which Fidelity doesn't need) but deducts nothing for Javascipt being enabled.

[CaptHaddock]

Just now, suzannegoh said:

Maybe I see what it is.  By any chance, do you have Java disabled but Javascript enabled?  That test is deducting 10 points for Flash being enabled (which Fidelity doesn't need) but deducts nothing for Javascipt being enabled.

Yes, that's it.  Javascript is enabled, but whoer doesn't consider it a threat.

[bendejo]

On 10/29/2017 at 8:37 AM, suzannegoh said:

I’ve long been using a VPN

 

I appreciate this thread, it caused me to re-eval my VPN security.  I too use PIA. 

 

Once I tried to log into eTrade from Lao, and got locked out until I called in; it was a timed sell and it blew my opportunity so I waited until I got back to Thailand to clear it up, took about an hour on the phone.  Turns out I wasn't the only one, lot's of angry people on the net at that time vowing to close their eTrade accounts for this.  It cost me, and I was sorely miffed as well.  That was the only time I had trouble logging in to any US financial institutions from abroad.  

 

I'm also a long-time Firefox user, I'm still on 54 because I like the status bar.  (If interested search for a thread I started on this a few months ago.)  It let
me install Random Agent Spoofer but I haven't put it through its paces yet.

 

For more info on this kind of security search for the thread

How to fix IP being revealed when using VPN

 

Rumor has it the fellow who started that thread was eaten by cannibals while on holiday in Fiji 

 

 

[suzannegoh]

5 hours ago, bendejo said:

 

I appreciate this thread, it caused me to re-eval my VPN security.  I too use PIA. 

 

Once I tried to log into eTrade from Lao, and got locked out until I called in; it was a timed sell and it blew my opportunity so I waited until I got back to Thailand to clear it up, took about an hour on the phone.  Turns out I wasn't the only one, lot's of angry people on the net at that time vowing to close their eTrade accounts for this.  It cost me, and I was sorely miffed as well.  That was the only time I had trouble logging in to any US financial institutions from abroad.  

 

I'm also a long-time Firefox user, I'm still on 54 because I like the status bar.  (If interested search for a thread I started on this a few months ago.)  It let
me install Random Agent Spoofer but I haven't put it through its paces yet.

 

For more info on this kind of security search for the thread

How to fix IP being revealed when using VPN

 

Rumor has it the fellow who started that thread was eaten by cannibals while on holiday in Fiji 

 

 

Here are some other links that are useful for diagnosing certain types of VPN leaks.  One note for the cautious though – it's a possibility that some of these sites might be run by people who are harvesting information from people’s PCs for purposes of their own:
 

https://ipleak.net
https://dnsleaktest.com
https://dns-leak.com
https://hidester.com/dns-leak-test
https://www.iplocation.net
https://whoer.net
https://www.doileak.com

 

Edited November 3, 2017 by suzannegoh

[suzannegoh]

duplicate post

Edited November 3, 2017 by suzannegoh
dupicate post