v1.14.0

Anti-Fingerprinting

• Override Temporal.Now APIs (timeZoneId, plainDateTimeISO, plainDateISO, plainTimeISO, zonedDateTimeISO)
• Fix timezone offset hash split — all Date APIs now derive from a single resolution path per engine
• Use browser's native IANA tzdata via Intl.DateTimeFormat instead of custom offset arithmetic
• Fix Date constructor epoch for historical sub-minute LMT offsets
• Harden prototype detection resistance (method shorthand wrapping, stack trace cleanup, synchronous iframe patching)
• Strip console output from production builds (fixes extension name leak)

Internal

• Modularize injected script into 15 ES modules (still bundled as single IIFE)
• Expanded property-based test suite for fingerprint consistency

Other

• Lower minimum Firefox version to 140
• Add Waterfox build script and Chrome Web Store assets

v1.13.0
- Internal build system improvements to support cross-browser compatibility. No user-facing changes for Firefox

v1.12.0 — Manifest V3 Migration

• Migrated to Manifest V3 for Firefox 142+. No changes to functionality or permissions prompts.

v1.11.2
- XPI builds now available on GitHub Releases for sideloading on Gecko-based browsers (LibreWolf, Waterfox, Floorp, Pale Moon)
- Added automated release workflow for publishing .xpi and source bundles on version tags
- Updated README with sideloading installation instructions

v1.11.1 - fix: close Date API fingerprinting gaps (toDateString, toString, toTimeString)
- Add toDateString override to prevent timezone leak near midnight UTC
- Rewrite toString/toTimeString to produce Firefox-native GMT±HHMM format

v1.11.0

New Features

• VPN Region Sync — New "Sync with VPN" toggle that detects your public IP, geolocates your VPN exit region, and sets your spoofed location to match. One click, no manual coordinates needed.
• Re-sync — After syncing, a Re-sync button lets you update your spoofed location if you switch VPN servers.
• Info tooltip — ⓘ icon next to the VPN sync toggle explains that it's a one-time sync (not auto-updating) and that Re-sync is needed after changing VPN servers.
• Clear location — New × button on the current location display to quickly clear your spoofed location.

Improvements

• Settings deferral hardening — Geolocation and permissions queries are now deferred until settings arrive from the background script, preventing real location leaks on slow startups.

Documentation

• Rewrote the Development section in README with a clear "two terminals" workflow and a scripts reference table.
• Added package:source to the scripts table.
• Updated Android testing instructions.
• Updated Privacy Policy with VPN sync data disclosure (ipify + FreeIPAPI).

Housekeeping

• Removed unused build:ext / zip script (redundant with package).

v1.10.0

Bug Fixes

• Fixed false orange "!" badge appearing on nearly every page load due to a race condition between the background script and content script initialization
• Badge now retries injection checks with backoff (500ms, 1s, 2s) instead of failing immediately
• Badge automatically recovers to green "✓" when the content script confirms it's active
• Popup injection warning now uses a live PING check instead of reading potentially stale badge text, reducing false warnings on SPA navigations (e.g., YouTube)

v1.9.0
- Android support — GeoSpoof now works on Firefox for Android (120+)
- Responsive popup UI that adapts to mobile screen sizes
- Search results dropdown now opens above the input, improving usability on both desktop and mobile
- Integrated web-ext tooling for building, linting, and packaging
- Note: WebRTC protection toggle is visible on Android but may not be functional due to some platform API limitations

v1.8.0

Changed
- Details tab now shows complete list of overridden APIs grouped by Geolocation, Timezone, and WebRTC
- README rewritten to focus on what APIs get spoofed and how protection works
- Added links to Nominatim and browser-geo-tz in README and privacy policy

v1.7.0

Added
- Timezone resolution using browser-geo-tz geographic boundary data, replacing the GeoNames API
- Longitude-based fallback when timezone data can't be loaded

Removed
- GeoNames API dependency and free-tier account requirement

Improved
- Timezone lookup reliability — no more rate limiting or API downtime issues
- Privacy policy and README updated to reflect new timezone data source

v1.6.0:
- Just a new icon :)

v1.5.0
New: Permissions API Spoofing
- navigator.permissions.query() now returns "granted" for geolocation when spoofing is active, closing a fingerprinting gap where websites could detect spoofed location by checking the permission state.
- Non-geolocation permission queries and all queries when spoofing is disabled pass through to the browser normally.
- The spoofed PermissionStatus object matches the real browser API surface (read-only state, EventTarget support).
- No additional browser permissions required.

Fixes
- Fixed popup Details view not rendering line breaks in the Overridden APIs and other detail sections.
- Package script now auto-formats manifest.json after build.

v1.4.0 — Reliability & correctness improvements

Fixed timezone spoofing for regions that don't observe DST (e.g. Asia/Tokyo, America/Phoenix). Offsets are now resolved using the browser's Intl API instead of heuristics.
Fixed a race condition where geolocation overrides could be installed after page scripts had already run, briefly exposing your real location.
Fixed async message handling to use Firefox's native Promise-based pattern, improving reliability of settings delivery between components.
Internal settings like your GeoNames username are no longer sent to content scripts — only the fields needed for spoofing are broadcast.
Build system now automatically syncs the version between package.json and manifest.json.