docs: add --bot-time-seed documentation, changelog 2026-03-04, value range and per-context cross-links

Author: MSTU0

ADVANCED_FEATURES.md

@@ -254,23 +254,31 @@ Comprehensive hardware emulation and fingerprint management.
 
 ## Deep System Integration
 
+<a id="performance-timing-protection"></a>
+
+**Performance Timing Protection** (ENT Tier2): Every device has a unique "speed signature": how fast it renders a Canvas path, compiles a WebGL shader, or measures a font. Tracking systems collect these execution times to build a hardware-level fingerprint. When multiple browser instances share the same hardware, their timing profiles are identical, making them vulnerable to correlation. [`--bot-time-seed=<integer>`](CLI_FLAGS.md#behavior--protection-toggles) (valid range: 1–UINT32_MAX, `0` = disabled) protects each instance with its own stable performance profile across 27 browser operations.
+
+> `--bot-time-seed` varies actual operation execution speeds (the workload). `--bot-time-scale` compresses `performance.now()` intervals globally (the clock). They protect against different tracking vectors and can be used together.
+
 <details>
 <summary><strong>Full details: Deep System Integration</strong></summary>
 
 ### Precise FPS Simulation (ENT Tier2)
 
+- Frame rate control via [`--bot-fps`](CLI_FLAGS.md#behavior--protection-toggles): `profile` (use profile data), `real` (native rate), or a number (e.g., `60`)
 - requestAnimationFrame delay matching target FPS
 - Emulate target refresh rates (60Hz, 120Hz, 144Hz, etc.)
 - Simulate high-FPS macOS behavior on Ubuntu hosts (Ubuntu requires ENT Tier1)
 - Authentic vsync and frame timing patterns
-- Runtime timing scaling via [`--bot-time-scale`](CLI_FLAGS.md#behavior--protection-toggles) to compress `performance.now()` deltas
 
 ### Performance Fingerprint Controls
 
 - Realistic memory allocation patterns and garbage collection timing
 - IndexedDB, localStorage, and Cache API response timing
 - JavaScript execution timing and WebAssembly performance simulation
 - Deterministic noise seeds via [`--bot-noise-seed`](CLI_FLAGS.md#behavior--protection-toggles) (ENT Tier2) to stabilize noise distributions across sessions
+- Performance timing protection via [`--bot-time-seed`](CLI_FLAGS.md#behavior--protection-toggles) (ENT Tier2): deterministic execution timing diversity across 27 browser operations (see above)
+- Runtime timing scaling via [`--bot-time-scale`](CLI_FLAGS.md#behavior--protection-toggles) (ENT Tier2) to compress `performance.now()` deltas
 
 ### Extended Media Types & WebCodecs APIs
 

CHANGELOG.md

@@ -3,6 +3,17 @@
 > **Research scope:** Entries in this changelog describe features evaluated in authorized labs and defensive benchmarking programs. Follow the [Legal Disclaimer](DISCLAIMER.md) and [Responsible Use Guidelines](RESPONSIBLE_USE.md). We work with security vendors to investigate any misuse, so report concerns to [support@botbrowser.io](mailto:support@botbrowser.io).
 
 
+## [2026-03-04]
+### New
+- **Performance Timing Protection (`--bot-time-seed`)** (ENT Tier2): Protects against performance fingerprinting and timing-based tracking. `--bot-time-seed=<integer>` (1–UINT32_MAX, `0` = disabled) produces authentic, deterministic timing diversity across 27 browser operations (Canvas, WebGL, Audio, Font, DOM, and more), giving each instance a unique and stable performance profile.
+
+### Improvements
+- **Startup Performance**: Faster browser startup and profile loading, especially on lower-spec machines.
+
+### Fixes
+- **Sub-Pixel Border Rendering Consistency**: Sub-pixel border measurements now return correct `offsetHeight` values matching the target profile's display density, including Retina and high-DPI configurations across all host environments.
+
+
 ## [2026-03-01]
 ### Major
 - **Chromium Core → 146.0.7680.31**: Updated the engine to Chrome 146 early release (146.0.7680.31) to stay ahead with the latest Chrome development. This maintains Web Platform parity, rendering consistency, and security patches with upstream.

CLI_FLAGS.md

@@ -398,6 +398,7 @@ Runtime toggles that don’t rely on profile `configs` but still override behavi
 - `--bot-noise-seed` (ENT Tier2): Float seed (1.0–1.2) for the deterministic noise RNG; each seed augments privacy variance across Canvas 2D/WebGL/WebGPU images, text metrics, HarfBuzz layout, ClientRect measurements, and offline audio hashes so you can treat a seed as a reproducible fingerprint ID per tenant while keeping runs stable.
 - `--bot-fps` (ENT Tier2): Control frame rate behavior at runtime. Accepts `profile` (use profile data, default when capable), `real` (use native frame rate), or a number (e.g., `60`).
 - `--bot-time-scale` (ENT Tier2): Float < 1.0; scales down `performance.now()` intervals to emulate lower load and reduce timing skew signals (typical range 0.80–0.99)
+- `--bot-time-seed` (ENT Tier2): Integer seed (1–UINT32_MAX) for deterministic execution timing diversity across 27 browser operations (Canvas, WebGL, Audio, Font, DOM, and more). `0` disables the feature (default). Each seed produces a unique, stable performance profile that protects against timing-based tracking.
 
 Example tracking probe BotBrowser avoids when console forwarding stays disabled:
 
@@ -499,7 +500,8 @@ chromium-browser \
 chromium-browser \
   --bot-profile="/absolute/path/to/profile.enc" \
   --bot-time-scale=0.92 \  # ENT Tier2 feature
-  --bot-noise-seed=1.07   # ENT Tier2 feature
+  --bot-time-seed=42 \     # ENT Tier2 feature, deterministic timing diversity
+  --bot-noise-seed=1.07    # ENT Tier2 feature
 ```
 
 ### Custom User-Agent with WebView (ENT Tier3)

PER_CONTEXT_FINGERPRINT.md

@@ -298,7 +298,7 @@ Most `--bot-*` flags from [CLI_FLAGS.md](CLI_FLAGS.md) work with per-context con
 |----------|---------------|
 | Profile | `--bot-profile` (load a completely different profile per context) |
 | Noise Seed | [`--bot-noise-seed`](CLI_FLAGS.md#behavior--protection-toggles) for deterministic fingerprint variance |
-| Timing | [`--bot-time-scale`](CLI_FLAGS.md#behavior--protection-toggles) for performance timing control, [`--bot-fps`](CLI_FLAGS.md#behavior--protection-toggles) for frame rate control |
+| Timing | [`--bot-time-scale`](CLI_FLAGS.md#behavior--protection-toggles) for performance timing control, [`--bot-time-seed`](ADVANCED_FEATURES.md#performance-timing-protection) for deterministic timing diversity, [`--bot-fps`](CLI_FLAGS.md#behavior--protection-toggles) for frame rate control |
 | WebRTC | [`--bot-webrtc-ice`](ADVANCED_FEATURES.md#webrtc-leak-protection) for ICE endpoint control |
 | Window | [`--bot-always-active`](ADVANCED_FEATURES.md#active-window-emulation) to maintain active window state |
 | Session | `--bot-inject-random-history` for session authenticity |

README.md

@@ -138,6 +138,7 @@ Examples: [Playwright](examples/playwright/) • [Puppeteer](examples/puppeteer/
 | AudioContext noise calibration | [Multi-Layer Noise](ADVANCED_FEATURES.md#multi-layer-fingerprint-noise) |
 | Text metrics & ClientRects noise | [Multi-Layer Noise](ADVANCED_FEATURES.md#multi-layer-fingerprint-noise) |
 | Deterministic noise seeds (reproducible per-tenant) | [--bot-noise-seed](CLI_FLAGS.md#behavior--protection-toggles) |
+| Performance timing protection (27 browser operations) | [Performance Timing Protection](ADVANCED_FEATURES.md#performance-timing-protection) |
 | Cross-platform font engine (Win/Mac/Android) | [Font Engine](ADVANCED_FEATURES.md#cross-platform-font-engine) |
 | GPU simulation on headless servers | [Headless Compatibility](ADVANCED_FEATURES.md#headless-incognito-compatibility) |
 

profiles/PROFILE_CONFIGS.md

@@ -180,6 +180,7 @@ These fields work together with `--user-agent` CLI flag. BotBrowser auto-generat
 | `fps` (ENT Tier2 feature) | Control frame rate behavior: `profile` (use profile data, default when capable), `real` (use native frame rate), or a number (e.g., `60`). | `profile` |
 | `timeScale` (ENT Tier2 feature) | Fractional scalar applied to `performance.now()` deltas to emulate lower CPU load and shorten observable intervals. Valid range `0 < value < 1`. | `1.0` |
 | `noiseSeed` (ENT Tier2 feature) | Floating seed (1.0–1.2) that deterministically shapes the noise applied to Canvas 2D/WebGL/WebGPU images, text metrics, HarfBuzz layout, ClientRects, and offline audio hashes so you can assign reproducible yet distinct fingerprints per tenant. | `auto` |
+| `timeSeed` (ENT Tier2 feature) | Integer seed (1–UINT32_MAX) for deterministic execution timing diversity across 27 browser operations (Canvas, WebGL, Audio, Font, DOM, etc.). `0` disables the feature. Each seed produces a unique, stable performance profile that protects against timing-based tracking. See [Performance Timing Protection](../ADVANCED_FEATURES.md#performance-timing-protection). | `0` (disabled) |
 
 ---
 
@@ -294,6 +295,9 @@ These fields work together with `--user-agent` CLI flag. BotBrowser auto-generat
       "X-Custom-Header": "value"
     },
 
+    // timeSeed (ENT Tier2): deterministic execution timing diversity
+    "timeSeed": 42,
+
     // fps (ENT Tier2): frame rate control: "profile", "real", or a number (e.g., 60)
     "fps": "profile"
   }