sal/containerSite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
22 Commits 1 Branch 0 Tags
0435d06bbcb5b0f01813cc4fc1edaa99cb9096d6
Commit Graph

11 Commits

Author SHA1 Message Date
sal
0435d06bbc Fix cross-compartment crashes, add per-container vector settings 
- Replace Intl.DateTimeFormat and RTCPeerConnection constructor overrides
  with safe non-constructor approaches to fix Discord and other complex apps
- Add per-container vector toggles (gear icon in popup)
- Add per-container delete button in popup
- Fix Reset All not removing orphaned containers
- Popup now only shows managed containers
- Bump version to 0.5.3
 2026-03-04 22:40:08 -06:00
sal
464a570201 Fix Intl.DateTimeFormat cross-compartment crash and Connection API robustness 
OrigDateTimeFormat constructor called inside exportFunction callback failed
in Firefox compartment boundary. Moved construction to content-script-scope
helper. Also added addEventListener/removeEventListener to Connection override
to prevent crashes in real-time apps like Discord.
 2026-03-04 22:03:12 -06:00
sal
5df1a6cfa5 Remove DOM dimension noise and fix document.fonts to prevent site crashes 
DOM element dimension noise (offsetWidth/Height etc.) broke complex web apps
like Discord by returning fractional values where integers are expected.
Removed entirely — measureText noise is sufficient for font enumeration.

Changed document.fonts.check() to return true (uniform response) instead of
false, which caused font loading logic to hang in apps waiting for fonts.
 2026-03-04 21:34:12 -06:00
sal
d6dabb2646 Add GamepadAPI, WebGL readPixels noise, auto-prune, import/export, badge 
New fingerprint vectors:
- Gamepad API: getGamepads() returns empty (prevents controller fingerprinting)
- WebGL readPixels: seeded pixel noise on framebuffer reads

New features:
- Auto-prune: configurable automatic removal of inactive containers
- Import/export: backup and restore all settings from options page
- Toolbar badge: shows active container count
- CHANGELOG.md: version history

Bumped to v0.5.0 with 20 spoofed fingerprint vectors.
 2026-03-04 21:08:45 -06:00
sal
97464b7690 Skip all fingerprint overrides on Google auth domains 
Early return in inject.js bypasses all spoofing on accounts.google.com
and accounts.youtube.com. Google does comprehensive browser verification
beyond just UA — platform, languages, WebGL, screen all trigger rejection.
 2026-03-01 16:20:50 -06:00
sal
930814015b Skip User-Agent spoofing on Google auth domains to fix login rejection 
Google's login detects UA mismatches and blocks sign-in as "insecure."
Skip UA/Accept-Language header modification and JS navigator.userAgent
override on accounts.google.com and accounts.youtube.com. All other
fingerprint vectors (canvas, WebGL, screen, etc.) remain active.
 2026-03-01 16:13:18 -06:00
sal
b09a8248af Add font enumeration hardening, document.fonts protection, Client Hints stripping, and WebGL parameter normalization 
- Font enumeration: seeded noise on offsetWidth/Height, scrollWidth/Height, clientWidth/Height
- document.fonts: check() returns false, size returns 0, forEach is no-op
- Client Hints: strip Sec-CH-UA/Full-Version-List, override Platform/Mobile per container
- WebGL: merge PARAM_OVERRIDES into getParameter (MAX_TEXTURE_SIZE, attribs, etc.)
- Clean up dead code in WebGL extended section
- Test page: add Font DOM, document.fonts, and Client Hints test sections
- README: update vector table (18 vectors), add about:config and testing docs
 2026-03-01 15:49:40 -06:00
sal
ed9355ced6 Add HTTP header spoofing, fix timezone overrides, and expand fingerprint coverage 
- Spoof User-Agent and Accept-Language HTTP headers per container via
  webRequest.onBeforeSendHeaders, eliminating JS/HTTP header mismatch
- Wrap Intl.DateTimeFormat constructor to inject spoofed timezone
- Pre-create timezone formatters outside exportFunction callbacks to
  avoid cross-compartment issues with Date.toString/toTimeString
- Fix WebRTC relay-only config to use JSON serialization across
  Firefox compartment boundaries
- Add new fingerprint vector protections: speechSynthesis.getVoices(),
  matchMedia screen dimension queries, performance.now() precision
  reduction, navigator.storage.estimate(), WebGL extension normalization
- Add comprehensive fingerprint test page (test/fingerprint-test.html)
  covering all 17 vectors with per-container comparison support
 2026-03-01 15:22:21 -06:00
sal
264a401cef Add coherent device profiles and User-Agent spoofing 
Device archetypes ensure platform, GPU, resolution, and UA all match
(e.g. Linux profile gets Mesa renderers and X11 UA string). Spoofs
navigator.userAgent, appVersion, and oscpu per container.
 2026-03-01 00:50:30 -06:00
sal
ba6449c5b0 Add options page with vector controls, whitelist, and container management 
- Options page (open_in_tab) with 4 sections: fingerprint vector toggles,
  domain whitelist, container table with delete, and bulk actions
- Per-vector spoofing control: 12 independent toggles (canvas, WebGL,
  audio, navigator, screen, timezone, WebRTC, fonts, clientRects,
  plugins, battery, connection)
- Domain whitelist bypasses containerization entirely
- Delete individual containers from options UI
- Remove dead code (tabOrigins, getContainerDomain)
- Refactor profile registration into buildProfileAndRegister helper
 2026-02-28 23:43:12 -06:00
sal
a058d78c20 Initial release — per-site container isolation with unique device fingerprints 
Automatic per-domain containers with hardened fingerprint spoofing:
canvas, WebGL, audio, navigator, screen, timezone, WebRTC, fonts,
ClientRects, plugins, battery, and connection APIs.
 2026-02-28 22:59:46 -06:00