diff --git a/browse/src/browser-manager.ts b/browse/src/browser-manager.ts index 2a81742e7..05178dc1e 100644 --- a/browse/src/browser-manager.ts +++ b/browse/src/browser-manager.ts @@ -407,10 +407,11 @@ export class BrowserManager { await this.context.setExtraHTTPHeaders(this.extraHeaders); } - // D7: mask navigator.webdriver only. The other 3 wintermute patches - // (plugins, languages, chrome.runtime) are intentionally NOT applied — - // faking them to fixed values can flag more bot-like to modern - // fingerprinters, not less. + // Apply Layer C stealth (applyStealth): masks navigator.webdriver, + // restores window.chrome.* shape, aligns Notification.permission, sets + // per-install hardware, and strips automation globals + the Permissions + // notifications tell. We still do NOT fake navigator.plugins/languages — + // faking those to fixed values flags more bot-like, not less (D7). const { applyStealth } = await import('./stealth'); await applyStealth(this.context); diff --git a/browse/src/stealth.ts b/browse/src/stealth.ts index 01569d28f..5fc10a6ef 100644 --- a/browse/src/stealth.ts +++ b/browse/src/stealth.ts @@ -1,11 +1,15 @@ /** * Stealth init script — Layer C of GBrowser's anti-detection plan. * - * D7 (codex correction, kept): we DON'T fake navigator.plugins or + * D7 (codex correction, kept): Layer C (the always-on default built by + * buildStealthScript) does NOT fake navigator.plugins or * navigator.languages — modern fingerprinters cross-check those against * userAgent / platform / OS, and synthesizing fixed values flags MORE * bot-like, not less. Plugins and languages surface their native - * Chromium values. + * Chromium values. The opt-in EXTENDED_STEALTH_SCRIPT below (gated on + * GSTACK_STEALTH=extended, off by default) DOES fake plugins — that mode + * is the documented "actively lies, may break sites" escape hatch, not + * the default posture. * * What this script DOES do (the new additions for Phase 1): * 1. Mask navigator.webdriver (the canonical headless tell).