v1.10.0

Bug Fixes

• Fixed false orange "!" badge appearing on nearly every page load due to a race condition between the background script and content script initialization
• Badge now retries injection checks with backoff (500ms, 1s, 2s) instead of failing immediately
• Badge automatically recovers to green "✓" when the content script confirms it's active
• Popup injection warning now uses a live PING check instead of reading potentially stale badge text, reducing false warnings on SPA navigations (e.g., YouTube)

v1.9.0
- Android support — GeoSpoof now works on Firefox for Android (120+)
- Responsive popup UI that adapts to mobile screen sizes
- Search results dropdown now opens above the input, improving usability on both desktop and mobile
- Integrated web-ext tooling for building, linting, and packaging
- Note: WebRTC protection toggle is visible on Android but may not be functional due to some platform API limitations

v1.8.0

Changed
- Details tab now shows complete list of overridden APIs grouped by Geolocation, Timezone, and WebRTC
- README rewritten to focus on what APIs get spoofed and how protection works
- Added links to Nominatim and browser-geo-tz in README and privacy policy

v1.7.0

Added
- Timezone resolution using browser-geo-tz geographic boundary data, replacing the GeoNames API
- Longitude-based fallback when timezone data can't be loaded

Removed
- GeoNames API dependency and free-tier account requirement

Improved
- Timezone lookup reliability — no more rate limiting or API downtime issues
- Privacy policy and README updated to reflect new timezone data source

v1.6.0:
- Just a new icon :)

v1.5.0
New: Permissions API Spoofing
- navigator.permissions.query() now returns "granted" for geolocation when spoofing is active, closing a fingerprinting gap where websites could detect spoofed location by checking the permission state.
- Non-geolocation permission queries and all queries when spoofing is disabled pass through to the browser normally.
- The spoofed PermissionStatus object matches the real browser API surface (read-only state, EventTarget support).
- No additional browser permissions required.

Fixes
- Fixed popup Details view not rendering line breaks in the Overridden APIs and other detail sections.
- Package script now auto-formats manifest.json after build.

v1.4.0 — Reliability & correctness improvements

Fixed timezone spoofing for regions that don't observe DST (e.g. Asia/Tokyo, America/Phoenix). Offsets are now resolved using the browser's Intl API instead of heuristics.
Fixed a race condition where geolocation overrides could be installed after page scripts had already run, briefly exposing your real location.
Fixed async message handling to use Firefox's native Promise-based pattern, improving reliability of settings delivery between components.
Internal settings like your GeoNames username are no longer sent to content scripts — only the fields needed for spoofing are broadcast.
Build system now automatically syncs the version between package.json and manifest.json.