- Replace Intl.DateTimeFormat and RTCPeerConnection constructor overrides
with safe non-constructor approaches to fix Discord and other complex apps
- Add per-container vector toggles (gear icon in popup)
- Add per-container delete button in popup
- Fix Reset All not removing orphaned containers
- Popup now only shows managed containers
- Bump version to 0.5.3
OrigDateTimeFormat constructor called inside exportFunction callback failed
in Firefox compartment boundary. Moved construction to content-script-scope
helper. Also added addEventListener/removeEventListener to Connection override
to prevent crashes in real-time apps like Discord.
DOM element dimension noise (offsetWidth/Height etc.) broke complex web apps
like Discord by returning fractional values where integers are expected.
Removed entirely — measureText noise is sufficient for font enumeration.
Changed document.fonts.check() to return true (uniform response) instead of
false, which caused font loading logic to hang in apps waiting for fonts.
New fingerprint vectors:
- Gamepad API: getGamepads() returns empty (prevents controller fingerprinting)
- WebGL readPixels: seeded pixel noise on framebuffer reads
New features:
- Auto-prune: configurable automatic removal of inactive containers
- Import/export: backup and restore all settings from options page
- Toolbar badge: shows active container count
- CHANGELOG.md: version history
Bumped to v0.5.0 with 20 spoofed fingerprint vectors.
When a tab in a managed container navigates to an auth provider
(accounts.google.com), keep it in the current container instead of
reassigning. This ensures YouTube's Google login cookies stay in the
youtube.com container and aren't visible to drive.google.com.
Early return in inject.js bypasses all spoofing on accounts.google.com
and accounts.youtube.com. Google does comprehensive browser verification
beyond just UA — platform, languages, WebGL, screen all trigger rejection.
Google's login detects UA mismatches and blocks sign-in as "insecure."
Skip UA/Accept-Language header modification and JS navigator.userAgent
override on accounts.google.com and accounts.youtube.com. All other
fingerprint vectors (canvas, WebGL, screen, etc.) remain active.
Device archetypes ensure platform, GPU, resolution, and UA all match
(e.g. Linux profile gets Mesa renderers and X11 UA string). Spoofs
navigator.userAgent, appVersion, and oscpu per container.
Tabs now switch to the correct container when navigating to a different
domain (e.g. clicking a search result on DDG). User-created containers
outside ContainSite are left alone.
