docs: changelog 2026-03-09, canvas noise rewrite, stack depth control, network info privacy, CPU core scaling

Author: MSTU0

ADVANCED_FEATURES.md

@@ -256,10 +256,22 @@ Comprehensive hardware emulation and fingerprint management.
 
 <a id="performance-timing-protection"></a>
 
-**Performance Timing Protection** (ENT Tier2): Every device has a unique "speed signature": how fast it renders a Canvas path, compiles a WebGL shader, or measures a font. Tracking systems collect these execution times to build a hardware-level fingerprint. When multiple browser instances share the same hardware, their timing profiles are identical, making them vulnerable to correlation. [`--bot-time-seed=<integer>`](CLI_FLAGS.md#behavior--protection-toggles) (valid range: 1–UINT32_MAX, `0` = disabled) protects each instance with its own stable performance profile across 27 browser operations.
+**Performance Timing Protection** (ENT Tier2): Every device has a unique "speed signature": how fast it renders a Canvas path, compiles a WebGL shader, or measures a font. Tracking systems collect these execution times to build a hardware-level fingerprint. When multiple browser instances share the same hardware, their timing profiles are identical, making them vulnerable to correlation. [`--bot-time-seed=<integer>`](CLI_FLAGS.md#behavior--protection-toggles) (valid range: 1–UINT32_MAX, `0` = disabled) protects each instance with its own stable performance profile across 27 browser operations. This also covers `performance.getEntries()`, `performance.getEntriesByType("navigation")`, and `performance.timing` with authentic per-session redistribution of resource and navigation timing values.
 
 > `--bot-time-seed` varies actual operation execution speeds (the workload). `--bot-time-scale` compresses `performance.now()` intervals globally (the clock). They protect against different tracking vectors and can be used together.
 
+<a id="stack-depth-control"></a>
+
+**Stack Depth Fingerprint Control** (ENT Tier2): JavaScript engines expose a measurable recursive call stack depth that varies by browser build, platform, and architecture. Tracking systems use this as a stable fingerprint signal. [`--bot-stack-seed`](CLI_FLAGS.md#behavior--protection-toggles) controls stack depth across main thread, Worker, and WASM contexts. Accepts `profile` (match profile's exact depth), `real` (use native depth), or a positive integer seed (1–UINT32_MAX) for per-session depth variation.
+
+<a id="network-info-privacy"></a>
+
+**Network Information Privacy**: `navigator.connection` properties (`rtt`, `downlink`, `effectiveType`, `saveData`) and corresponding Client Hints headers can reveal server-side network characteristics that contradict the profile's geographic identity. Enable [`--bot-network-info-override`](CLI_FLAGS.md#behavior--protection-toggles) or `configs.networkInfoOverride` to return profile-defined values.
+
+<a id="cpu-core-scaling"></a>
+
+**CPU Core Scaling Protection**: When `navigator.hardwareConcurrency` is set by the profile, Worker threads are automatically constrained to match the claimed core count via CPU affinity on Linux and Windows. This ensures parallel computation scaling curves align with the claimed value.
+
 <details>
 <summary><strong>Full details: Deep System Integration</strong></summary>
 
@@ -276,9 +288,12 @@ Comprehensive hardware emulation and fingerprint management.
 - Realistic memory allocation patterns and garbage collection timing
 - IndexedDB, localStorage, and Cache API response timing
 - JavaScript execution timing and WebAssembly performance simulation
-- Deterministic noise seeds via [`--bot-noise-seed`](CLI_FLAGS.md#behavior--protection-toggles) (ENT Tier2) to stabilize noise distributions across sessions
-- Performance timing protection via [`--bot-time-seed`](CLI_FLAGS.md#behavior--protection-toggles) (ENT Tier2): deterministic execution timing diversity across 27 browser operations (see above)
+- Deterministic noise seeds via [`--bot-noise-seed`](CLI_FLAGS.md#behavior--protection-toggles) (ENT Tier2, 1–UINT32_MAX) to stabilize noise distributions across sessions
+- Performance timing protection via [`--bot-time-seed`](CLI_FLAGS.md#behavior--protection-toggles) (ENT Tier2): deterministic execution timing diversity across 27 browser operations, plus resource and navigation timing redistribution (see above)
+- Stack depth control via [`--bot-stack-seed`](CLI_FLAGS.md#behavior--protection-toggles) (ENT Tier2): `profile`, `real`, or integer seed for stack depth across main thread, Worker, and WASM contexts
 - Runtime timing scaling via [`--bot-time-scale`](CLI_FLAGS.md#behavior--protection-toggles) (ENT Tier2) to compress `performance.now()` deltas
+- Network information privacy via [`--bot-network-info-override`](CLI_FLAGS.md#behavior--protection-toggles): profile-defined `navigator.connection` values and Client Hints headers
+- CPU core scaling: Worker threads automatically constrained to match `navigator.hardwareConcurrency` on Linux and Windows
 
 ### Extended Media Types & WebCodecs APIs
 

CHANGELOG.md

@@ -3,6 +3,28 @@
 > **Research scope:** Entries in this changelog describe features evaluated in authorized labs and defensive benchmarking programs. Follow the [Legal Disclaimer](DISCLAIMER.md) and [Responsible Use Guidelines](RESPONSIBLE_USE.md). We work with security vendors to investigate any misuse, so report concerns to [support@botbrowser.io](mailto:support@botbrowser.io).
 
 
+## [2026-03-09]
+### Major
+- **Chromium Core → 146.0.7680.66**: Updated to Chrome 146 stable (146.0.7680.66). Web Platform consistency, rendering accuracy, and security patches stay aligned with upstream Chrome.
+
+### New
+- **Resource and Navigation Timing Protection**: `performance.getEntries()`, `performance.getEntriesByType("navigation")`, and `performance.timing` now return authentic, per-session timing values consistent with natural browser behavior.
+
+- **Network Information Privacy**: `navigator.connection` properties (`rtt`, `downlink`, `effectiveType`, `saveData`) and corresponding Client Hints headers now return profile-defined values. Enable via `--bot-network-info-override` or `configs.networkInfoOverride`.
+
+- **Stack Depth Fingerprint Control** (ENT Tier2): JavaScript recursive call stack depth now matches the target profile across main thread, Worker, and WASM contexts. `--bot-stack-seed` accepts `profile` (match exact depth), `real` (native depth), or a positive integer seed (1–UINT32_MAX) for per-session variation.
+
+- **CPU Core Scaling Protection**: Worker threads are automatically constrained to match `navigator.hardwareConcurrency`, ensuring consistent parallel computation behavior on Linux and Windows.
+
+### Improvements
+- **Canvas 2D Noise System**: Complete rewrite with per-operation noise direction, DPR-aware adjustments for consistent results across all display densities, and expanded `--bot-noise-seed` range (1–UINT32_MAX) for greater fingerprint diversity.
+
+- **Performance Timing Calibration**: Refined `--bot-time-seed` delay ranges to better align with real-world hardware variance across all browser operations.
+
+### Fixes
+- **DNS Prefetch Privacy**: HTML `<link rel="dns-prefetch">` no longer triggers local DNS queries when a proxy is configured, preventing unintended DNS exposure.
+
+
 ## [2026-03-04]
 ### New
 - **Performance Timing Protection (`--bot-time-seed`)** (ENT Tier2): Protects against performance fingerprinting and timing-based tracking. `--bot-time-seed=<integer>` (1–UINT32_MAX, `0` = disabled) produces authentic, deterministic timing diversity across 27 browser operations (Canvas, WebGL, Audio, Font, DOM, and more), giving each instance a unique and stable performance profile.

CLI_FLAGS.md

@@ -395,10 +395,12 @@ Runtime toggles that don’t rely on profile `configs` but still override behavi
 - `--bot-inject-random-history` (PRO): Add synthetic browsing history for session authenticity
 - `--bot-always-active` (PRO, default true): Keep windows/tabs active even when unfocused. See [Active Window Emulation](ADVANCED_FEATURES.md#active-window-emulation)
 - `--bot-webrtc-ice=google` (ENT Tier1): Override STUN/TURN endpoints observed by JavaScript/WebRTC to control ICE signaling; accepts presets (`google`) or `custom:stun:...,turn:...`. See [WebRTC Leak Protection](ADVANCED_FEATURES.md#webrtc-leak-protection)
-- `--bot-noise-seed` (ENT Tier2): Float seed (1.0–1.2) for the deterministic noise RNG; each seed augments privacy variance across Canvas 2D/WebGL/WebGPU images, text metrics, HarfBuzz layout, ClientRect measurements, and offline audio hashes so you can treat a seed as a reproducible fingerprint ID per tenant while keeping runs stable.
+- `--bot-noise-seed` (ENT Tier2): Integer seed (1–UINT32_MAX) for the deterministic noise RNG; each seed augments privacy variance across Canvas 2D/WebGL/WebGPU images, text metrics, HarfBuzz layout, ClientRect measurements, and offline audio hashes so you can treat a seed as a reproducible fingerprint ID per tenant while keeping runs stable. `0` keeps noise active with profile defaults.
 - `--bot-fps` (ENT Tier2): Control frame rate behavior at runtime. Accepts `profile` (use profile data, default when capable), `real` (use native frame rate), or a number (e.g., `60`).
 - `--bot-time-scale` (ENT Tier2): Float < 1.0; scales down `performance.now()` intervals to emulate lower load and reduce timing skew signals (typical range 0.80–0.99)
-- `--bot-time-seed` (ENT Tier2): Integer seed (1–UINT32_MAX) for deterministic execution timing diversity across 27 browser operations (Canvas, WebGL, Audio, Font, DOM, and more). `0` disables the feature (default). Each seed produces a unique, stable performance profile that protects against timing-based tracking.
+- `--bot-time-seed` (ENT Tier2): Integer seed (1–UINT32_MAX) for deterministic execution timing diversity across 27 browser operations (Canvas, WebGL, Audio, Font, DOM, and more). `0` disables the feature (default). Each seed produces a unique, stable performance profile that protects against timing-based tracking. Also covers `performance.getEntries()`, `performance.getEntriesByType("navigation")`, and `performance.timing` with authentic per-session redistribution.
+- `--bot-stack-seed` (ENT Tier2): Controls JavaScript recursive call stack depth across main thread, Worker, and WASM contexts. Accepts `profile` (match profile's exact depth), `real` (use native depth), or a positive integer seed (1–UINT32_MAX) for per-session depth variation.
+- `--bot-network-info-override`: Enable profile-defined `navigator.connection` values (`rtt`, `downlink`, `effectiveType`, `saveData`) and corresponding Client Hints headers (`RTT`, `Downlink`, `ECT`, `Save-Data`). Disabled by default.
 
 Example tracking probe BotBrowser avoids when console forwarding stays disabled:
 
@@ -501,7 +503,8 @@ chromium-browser \
   --bot-profile="/absolute/path/to/profile.enc" \
   --bot-time-scale=0.92 \  # ENT Tier2 feature
   --bot-time-seed=42 \     # ENT Tier2 feature, deterministic timing diversity
-  --bot-noise-seed=1.07    # ENT Tier2 feature
+  --bot-stack-seed=profile \  # ENT Tier2 feature: "profile", "real", or integer seed
+  --bot-noise-seed=42      # ENT Tier2 feature, deterministic canvas/audio noise
 ```
 
 ### Custom User-Agent with WebView (ENT Tier3)

PER_CONTEXT_FINGERPRINT.md

@@ -298,7 +298,8 @@ Most `--bot-*` flags from [CLI_FLAGS.md](CLI_FLAGS.md) work with per-context con
 |----------|---------------|
 | Profile | `--bot-profile` (load a completely different profile per context) |
 | Noise Seed | [`--bot-noise-seed`](CLI_FLAGS.md#behavior--protection-toggles) for deterministic fingerprint variance |
-| Timing | [`--bot-time-scale`](CLI_FLAGS.md#behavior--protection-toggles) for performance timing control, [`--bot-time-seed`](ADVANCED_FEATURES.md#performance-timing-protection) for deterministic timing diversity, [`--bot-fps`](CLI_FLAGS.md#behavior--protection-toggles) for frame rate control |
+| Timing | [`--bot-time-scale`](CLI_FLAGS.md#behavior--protection-toggles) for performance timing control, [`--bot-time-seed`](ADVANCED_FEATURES.md#performance-timing-protection) for deterministic timing diversity, [`--bot-stack-seed`](ADVANCED_FEATURES.md#stack-depth-control) for stack depth variation, [`--bot-fps`](CLI_FLAGS.md#behavior--protection-toggles) for frame rate control |
+| Network | [`--bot-network-info-override`](ADVANCED_FEATURES.md#network-info-privacy) for profile-defined `navigator.connection` values |
 | WebRTC | [`--bot-webrtc-ice`](ADVANCED_FEATURES.md#webrtc-leak-protection) for ICE endpoint control |
 | Window | [`--bot-always-active`](ADVANCED_FEATURES.md#active-window-emulation) to maintain active window state |
 | Session | `--bot-inject-random-history` for session authenticity |

README.md

@@ -139,6 +139,9 @@ Examples: [Playwright](examples/playwright/) • [Puppeteer](examples/puppeteer/
 | Text metrics & ClientRects noise | [Multi-Layer Noise](ADVANCED_FEATURES.md#multi-layer-fingerprint-noise) |
 | Deterministic noise seeds (reproducible per-tenant) | [--bot-noise-seed](CLI_FLAGS.md#behavior--protection-toggles) |
 | Performance timing protection (27 browser operations) | [Performance Timing Protection](ADVANCED_FEATURES.md#performance-timing-protection) |
+| Stack depth fingerprint control (main/Worker/WASM) | [Stack Depth Control](ADVANCED_FEATURES.md#stack-depth-control) |
+| Network information privacy (rtt/downlink/effectiveType) | [Network Info Privacy](ADVANCED_FEATURES.md#network-info-privacy) |
+| CPU core scaling protection | [CPU Core Scaling](ADVANCED_FEATURES.md#cpu-core-scaling) |
 | Cross-platform font engine (Win/Mac/Android) | [Font Engine](ADVANCED_FEATURES.md#cross-platform-font-engine) |
 | GPU simulation on headless servers | [Headless Compatibility](ADVANCED_FEATURES.md#headless-incognito-compatibility) |
 

profiles/PROFILE_CONFIGS.md

@@ -179,8 +179,10 @@ These fields work together with `--user-agent` CLI flag. BotBrowser auto-generat
 | ----- | ----------- | ------- |
 | `fps` (ENT Tier2 feature) | Control frame rate behavior: `profile` (use profile data, default when capable), `real` (use native frame rate), or a number (e.g., `60`). | `profile` |
 | `timeScale` (ENT Tier2 feature) | Fractional scalar applied to `performance.now()` deltas to emulate lower CPU load and shorten observable intervals. Valid range `0 < value < 1`. | `1.0` |
-| `noiseSeed` (ENT Tier2 feature) | Floating seed (1.0–1.2) that deterministically shapes the noise applied to Canvas 2D/WebGL/WebGPU images, text metrics, HarfBuzz layout, ClientRects, and offline audio hashes so you can assign reproducible yet distinct fingerprints per tenant. | `auto` |
+| `noiseSeed` (ENT Tier2 feature) | Integer seed (1–UINT32_MAX) that deterministically shapes the noise applied to Canvas 2D/WebGL/WebGPU images, text metrics, HarfBuzz layout, ClientRects, and offline audio hashes so you can assign reproducible yet distinct fingerprints per tenant. `0` keeps noise active with profile defaults. | `auto` |
 | `timeSeed` (ENT Tier2 feature) | Integer seed (1–UINT32_MAX) for deterministic execution timing diversity across 27 browser operations (Canvas, WebGL, Audio, Font, DOM, etc.). `0` disables the feature. Each seed produces a unique, stable performance profile that protects against timing-based tracking. See [Performance Timing Protection](../ADVANCED_FEATURES.md#performance-timing-protection). | `0` (disabled) |
+| `stackSeed` (ENT Tier2 feature) | Controls JavaScript recursive call stack depth across main thread, Worker, and WASM contexts. Accepts `profile` (match profile's exact depth), `real` (use native depth), or a positive integer seed (1–UINT32_MAX) for per-session depth variation. See [Stack Depth Control](../ADVANCED_FEATURES.md#stack-depth-control). | `real` |
+| `networkInfoOverride` | Enable profile-defined `navigator.connection` values (`rtt`, `downlink`, `effectiveType`, `saveData`) and corresponding Client Hints headers. | `false` |
 
 ---
 
@@ -298,6 +300,12 @@ These fields work together with `--user-agent` CLI flag. BotBrowser auto-generat
     // timeSeed (ENT Tier2): deterministic execution timing diversity
     "timeSeed": 42,
 
+    // stackSeed (ENT Tier2): "profile", "real", or positive integer seed
+    "stackSeed": "profile",
+
+    // networkInfoOverride: use profile-defined navigator.connection values
+    "networkInfoOverride": true,
+
     // fps (ENT Tier2): frame rate control: "profile", "real", or a number (e.g., 60)
     "fps": "profile"
   }