How does Amazon/Audible know my country with VPN and private browsing on? - eviltoast

Title.

Trying to buy an audiobook with my US account from Australia. Am using a VPN and a fresh log in using a private browsing window. Still getting the “not for sale in this country…”

How does Amazon/Audible still know my country?!

EDIT: Thank you everyone for your suggestions, but I feel like we’re no closer to figuring out how Amazon is detecting my physical country. If they have some new “trick” surely this is a privacy issue as well?!

EDIT 2: Important details, this is on my iPhone using both the Amazon and Audible apps, and via the web with Safari (mentioned below). Doesn’t work.

I gave up and went to my desktop and was able to complete the purchase following the same steps without issue. So 🤷‍♂️ ?!

Clearly Amazon is scraping some information from the phone to region lock the purchase. Still would love to know given VPN isn’t masking my location apparently.

  • kadu@lemmy.world
    link
    fedilink
    arrow-up
    23
    arrow-down
    1
    ·
    1 year ago

    On what device? Android, iOS and Windows have a Region option where you select your country, the browser and any apps can read this trivially.

      • ddnomad@infosec.pub
        link
        fedilink
        arrow-up
        7
        ·
        edit-2
        1 year ago
        • Settings -> General -> Language & Region -> Region
        • Settings -> YOUR NAME -> Media & Purchases -> Account Settings -> Country/Region

        Both must be changed to a different region to fully switch. Requires a valid payment method from that region (e.g. a debit card from that region). There are consequences to changing regions too, so be careful.

        From my experience, sometimes you also need to contact Apple support to finish the change process. Otherwise it may just revert back.

        Overall, Amazon surely knows where you are now and it will be set in your Amazon account, I suspect there is nothing you can do.

        The best way to achieve what you want is to boot something like TailsOS and create a new account while under the VPN in that region. With a payment method from that region.

        VPNs are not magic. Most big companies nowadays have means of detecting actual user locations, which is pretty trivial if you use an app or an operating system that leaks data when under the VPN.

        • supercheesecake@aussie.zoneOP
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          Neither Amazon or Audible apps have any location services permissions.

          Regardless, disabled it system-wide and didn’t make a difference. Thanks though.

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            4
            ·
            1 year ago

            If you’re using apps they could be leaking your information from local Wi-Fi information, Bluetooth information, DNS if it’s not routed through your VPN properly.

            I’m not sure about the internals of iOS itself but they certainly may have tattletales built in available to apps

            • supercheesecake@aussie.zoneOP
              link
              fedilink
              arrow-up
              3
              ·
              1 year ago

              Yeah I wouldn’t be surprised if both apps and webpages have access to the phone date/time for logs and to time stamp purchases etc. And Amazon use that to decide you’re not in the place your VPN is telling them.

    • gerbler@lemmy.world
      link
      fedilink
      arrow-up
      3
      arrow-down
      2
      ·
      1 year ago

      It’s definitely this. I often forget that my Amazon account is tied to Canada (even with a .com.au email address) and it’s only when I see how cheap shit is that I realise I’m actually on amazon.com not amazon.ca

  • the-d0c-is-in@lemmy.ml
    link
    fedilink
    arrow-up
    9
    ·
    1 year ago

    Your vpn provider is only working with ipv4. Your phone has both ipv4 as well as ipv6 addresses. That’s how…

    • supercheesecake@aussie.zoneOP
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      This might be it. I gave up and purchased from my desktop and the same steps worked straight away without issue. Maybe Amazon has access to phone info that I’m unaware of.

    • supercheesecake@aussie.zoneOP
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      Open private browsing window, make sure I’m fully logged out of Amazon. Then log in.

      Ie wasn’t previously logged in before the VPN started or private window was opened.

        • supercheesecake@aussie.zoneOP
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          1 year ago

          I have a US Amazon account linked to a US home address and credit card. But I now live in Oz.

          Audible uses your Amazon account. And regardless, I’m using an Audible credit for this purchase, so no actual payment anyway.

          EDIT: and just to clarify, this is my US Amazon account I’ve had for years

  • Onihikage@beehaw.org
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    iOS up to at least version 16 has leaked VPN traffic for years. If you only turned on the VPN to make the purchase, that might be how Amazon still knew where you were. The only workaround (always-on VPN mode) apparently is an enterprise feature in iOS that most users don’t have access to.

    Alternatively, since it worked on a desktop, your VPN’s mobile version or iOS support may be flawed. The ones I hear the most about from privacy advocates are Mullvad VPN, IVPN, and Proton VPN. If it’s a free VPN, well, you get what you pay for. If it’s one of the ones I mentioned, they might be interested to work with you to figure out how Amazon was bypassing them, if the issue can still be replicated, or they might already know.

    • supercheesecake@aussie.zoneOP
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Cheers, thanks for the very helpful info.

      We paid for Nord quite a while ago with some special deal. I haven’t heard great things about them since though so might be time to ditch and pay for something better. I’ve heard Proton is good as well.

      • tm404@lemmy.ml
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        1 year ago

        Full disclosure, I don’t use Nord so I am not an authority. The following is just what I have been told. Take from it what you will, and research what you like. I believe Nord has a somewhat checkered history, including a security mishap that caused privacy concerns amongst users, making it harder than necessary to delete your account, and even charging for renewal after canceling the sub because they kept the card on file (happened to a mate from work). They opted to leave Nord a while back when their split tunneling broke or something like that. I also heard Nord was purchased by a company (name escapes me atm) that was buying up other VPN services and also had their hands in selling targeted ads. 🤷

        Proton or Mullvad are typically my 2 recommendations. If you also have a desire for an entire ecosystem, Proton will provide that as well for marginally more than the price of just their VPN (mail, cloud storage, calendar, password manager, email aliasing). I have also had nothing but good experiences with Mullvad VPN and they come at a consistent price of $5/mo.

        Helped my coworker (mentioned above) make the leap from Nord to Mullvad and they seem very pleased with it. Easy to use and very affordable. Mullvad also has a very functional Linux client if interested. Proton’s Linux GUI is very lackluster, but their CLI is reliable if I remember correctly.

        Hope this helps! 🍻

        Edits: spelling and links.

      • VPNs don’t guarantee anonymity. There’s no reason they cannot sell your data. Last I heard there isn’t any contractual obligation. Organizations like nord and surfshark are fully capable of saving your data, as well as selling it off to the highest bidder, if they choose to do so. Only services like Mullvad can guarantee anonymity because even they don’t know what you’re doing with their service.

  • Pika@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    As someone who jumps between the US and Canada (since on the border) I’ve found that, Amazon will block purchases from Canada to the US and visa versa, it doesn’t care about ip, it uses your accounts region, Canada and US have seperate regions in your account settings that you need to do. Sadly this means you would need two different accounts. One for CA and one for US. It’s likely the same deal with audible

    • Dr Pen@mastodon.social
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      @Pika @supercheesecake dont wanna butt in but in case this is relevant: I use at least 3 Amazon regional accounts here in Europe: UK, Germany and Italy (I live in another EU country). I sign in with the same username/password. Currency of products changes for UK from EUR to GBP, and often different ranges of products can show up. I have multiple addresses listed for delivery and just select the one I want.

      • Pika@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        that’s similar to how I do it, change the region and then pay, but some items I’ve noticed block sale if the originating payment method is in a different region

        • Dr Pen@mastodon.social
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          @Pika Id have to log into the new region from he start, go find the same product, then order. I dont think it would work if I change region half way through a purchase.

          • Pika@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            oh sorry if I was unclear, yea since it’s still a different account I would need to login when I change regions as well, I can’t change halfway through.

      • newpuritan@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        How are you setting up new accounts? I just tried to create a new one using a VPN but can’t because it asks for my phone number for verification which has already been used.

    • supercheesecake@aussie.zoneOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Audible and Amazon accounts are the same. I have an AU account and a US account. But I’m only using the US account to buy the audiobook in the US store, using VPN and private browsing. No CC or similar involved.

      But from Australia. So how does Amazon know I’m in Australia?!

      From a privacy point-of-view I thought VPN masks such things. I’m trying to understand how Amazon is detecting my physical country.

      • Pika@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Aside from device ID, or maybe if you’re using a billing address as something from Australia, I can’t see how they would be, you’ve stated location services are off, VPN will mask the ip.

        I didn’t even need to use a VPN in my cases between Canada and the US, changing to an account that was in the region that allowed the purchase was all I had to do.

        That being said if I changed my Canada account to use the billing address of my US residence instead of my Canadian residence when on the Canadian region, I would get region locked I found, so if you have a primary payment method on file using your AU address you could try temporarily removing or modifying it to have a different address

        • supercheesecake@aussie.zoneOP
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          1 year ago

          Nah the CC and billing address for my US account are fully local there. My AU and US accounts are totally seperate and everything is local for each.

          I’ve tried both using their apps on my phone and the browser (Safari with privacy relay) with the same result (with VPN etc etc).

          I agree, I can’t se how they’re doing this. Must be something I’ve overlooked. Or some new internet black magic they’re employing.

          EDIT: Or the search result for the book I want isn’t actually available in the USA and they’ve just messed that up (since I’m searching from the US as far as they can see). I guess I could try buying a different book

          • Pika@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            yea that was my next question, if the title was actually available in the country selected, I had that issue with Netflix searches constantly

  • mishamouse@artemis.camp
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    i didn’t see if anyone else asked already; was your phone connected to the internet via wifi? or cell data?

      • mishamouse@artemis.camp
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        which one though? i was wondering, if you are connected to a cell tower, if that tower still reported the region or carrier network.

        • supercheesecake@aussie.zoneOP
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Aah I see. Both. Didn’t think to disconnect from either and try separately.

          I’ve already got the book now. But will remember this if I have the problem again in the future. Thanks.

  • Kissaki@feddit.de
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    To verify assumptions, are you sure it’s available in your impersonated country? “in your country” isn’t specific and can apply to both.

    with my US account

    Isn’t that the reason they deny?

    Did you not change your accounts and browser sessions country?

    • supercheesecake@aussie.zoneOP
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      It’s the version that comes up from a search for that book when using the USA Amazon or Audible site from my USA account plus with a USA VPN on. So I’m assuming the search results are for USA available titles.

      As far as I know, Amazon should see me as being in the USA. Hence why I’m confused.

      Appreciate the suggestions though.

  • Mikelius@beehaw.org
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    If you have geolocation enabled or don’t block location requests, that could be another way. VPN can’t protect you from geolocation.