Development Changelog

Fixed

• navigator.platform Regression: Re-introduced platform spoofing to "Win32" was removed again.
• Cosmetic CSS Not Removed on Toggle: Turning off "Block trackers" or disabling protection for a site via the live toggle no longer leaves the cosmetic <style> block injected.
• getBattery Override on Instance: The hook is now applied to Navigator.prototype.getBattery so it is universally enforced across all frames.
• updateContentScripts Missing matches Field: The script's match list updates properly, preventing the spoofing payload from failing on new pages.
• Blocked Counter Not Resetting to Zero: Fixed popup counter displaying permanently stuck values on page navigation.
• Duplicate Cosmetic CSS Selector: Removed a duplicate selector from the cosmetic CSS injection block.
• offsetHeight Hook Registration Not Guarded: Uses a guarded property descriptor call to prevent silent TypeErrors.

Added

• Deep User-Agent & Header Masking: Forcefully rewrites User-Agent, Sec-CH-UA, and Accept-Language network headers.
• Active Ad Wrapper Collapser: Seeks out parent wrappers surrounding blocked ad iframes and completely collapses them to prevent unsightly whitespace.
• Network-Level Script Blocking: Generates dynamic DNR rules to block 30+ known tracking/analytics script domains before they execute.
• Cookie Consent Banner Eradication: Expanded cosmetic engine instantly eradicates over 90% of "We value your privacy" popups without requiring you to click "Reject All".
• Hardware Media Device Protection: Intercepts navigator.mediaDevices.enumerateDevices() to prevent building hardware profiles out of connected microphones and webcams.
• Native Cosmetic CSS Engine: Replaced legacy JS-based loop with a native C++ CSS injection engine for zero CPU overhead.
• Font Fingerprinting Protection & Randomizer: Intercepts canvas text measurements and injects microscopic dynamic floating-point noise based on deterministic text hashing.

Fixed

• Live Tracker UI Desync: Fixed a performance optimization regression that severed the link between the content scanner and the popup UI.
• Settings Merge Corruption: Rewrote the extension version update mechanism to safely merge custom legacy user settings.
• Chrome Privacy 100+ Counter Limit: Implemented a smart UX workaround for Chrome's native privacy restriction (capped at 100).
• Canvas Context WebGL Corruption: Fixed a subtle bug where the anti-fingerprinting script locked WebGL canvases into a 2d mode.
• Whitelist Enforcement Bypass (Cookies): Fixed a logic bug where the extension aggressively deleted analytics cookies on whitelisted pages.
• OS Fingerprint Anomaly (Bot Detection): Removed a vulnerability where spoofed navigator.platform caused severe OS mismatch for Mac and Linux users.
• Extension Fingerprint Leak: Removed a dangerous privacy vulnerability where the manifest.json publicly exposed internal files to the internet.
• DNR Domain Filter Over-Blocking: Fixed a massive collateral damage bug causing the browser to block any URL containing an ad network's name in the query string.
• Global Settings Bypass: Fixed a critical logic flaw where dynamic script injection evaluated only site-specific whitelists.
• CPU Leak on Whitelisted Domains: Fixed a bottleneck where the content scanner's MutationObserver remained attached to the webpage DOM on trusted domains.
• DOM Event Hijacking (Protection Bypass): Patched a zero-day vulnerability where malicious scripts could forge the UbiquiShieldDisable DOM event.
• Shadow DOM Tracker Evasion: Natively hooks into window.performance.getEntriesByType("resource") to bypass the DOM entirely.
• Whitelist Restoration Dead Code: Fixed a major bug where whitelisting a site would fail to turn off the fingerprinting protection.
• SPA Tracker Accumulation Regression: Fixed a regression where Single Page Applications would endlessly accumulate trackers across virtual page loads.
• Mathematically Invalid DOMRect Spoofing: Overhauled the Font Fingerprinting algorithm to fix an impossible box spoofing anomaly.
• Destructive WebRTC Override Removal: Safe reliance entirely on Chrome's native privacy API to prevent IP leaks at the browser level.
• Iframe Top-Level Domain Whitelist Check: Dynamically query the top-most parent domain, ensuring whitelist intent is respected across nested frames.
• Audio API Whitelist Restoration Crash: Fixed a fatal ReferenceError exception in the spoofing restoration sequence.
• Iframe Tracker Evasion: Enforces all_frames: true and match_about_blank: true across all MV3 content scripts.
• Cross-Tab Telemetry Bleed: Strictly verifies that a tab is actively focused in the current window before pushing its telemetry to the UI.
• Async Injection Delay: injected.js is now executed synchronously at document_start directly via manifest.json.
• Screen Anomaly Detection: The screen bounds are now dynamically calculated to never fall below the browser's physical outer boundaries.
• HTTPS Upgrade Rule Activation: Dynamically enforces an upgradeScheme network rule for all http:// traffic whenever the setting is enabled.
• Audio Fingerprinting Hole: Safely hooks getFloatFrequencyData and getByteFrequencyData to inject real-time mathematical noise.
• Screen Resolution Fingerprinting: Actively intercepts and standardizes the window.screen object to prevent unique hardware dimension tracking.
• SPA Tracker Bleed: Fixed a logic flaw where SPAs would push history states without triggering a "loading" event.
• Whitelist Visual Flicker: Patched an initial load race condition where the extension would aggressively block trackers before verifying if the shield was disabled.
• Timezone Offset Fingerprinting: Hook the native Date prototype to strictly return 0 (offset), ensuring consistency.
• 2D Canvas getImageData Fingerprinting Hole: Intercepts getImageData and injects cryptographic noise directly into the pixel array.
• Sub-Pixel Font Fingerprinting Hole: Safely intercepts getBoundingClientRect and getClientRects to inject sub-pixel variance.
• Fatal UI ReferenceError Crash: Fixed a critical regression in the React popup breaking the "Shields Down" toggle syncing.

Added & Improved

• Massive Ad Blocker Engine Upgrade: Expanded the network blocklist from 23 to over 3,500 active tracking and advertising domains.
• Font Fingerprinting Protection: Spoofs offsetWidth and offsetHeight for hidden tags.
• WebRTC IP Leak Protection: Configured Chrome privacy network policy to hide local IP addresses.
• Network Spoofing: Simulates a generic 4G connection profile via navigator.connection.
• WebGL Fingerprinting Protection: Injects subtle noise into the pixel data buffer of WebGLRenderingContext.readPixels.

Fixed

• Counter Synchronization Issue: The popup now polls the background script while open to ensure the counter updates in real-time.
• Tab Switch Reset Bug: Fixed an issue where switching between tabs would incorrectly wipe the tracking history for the tab.

Fixed & Removed

• Fixed multiple React popup crash issues and undefined variable ReferenceErrors across UI components.
• Fixed a storage key mismatch that prevented the tracker list from loading.
• Fixed the "Shields Up" toggle failing to sync state when opening the popup.
• Fixed a global variable bug causing request counts to reset on tab switch.
• Added strict guards around cosmetic filtering logic.
• Cleaned up duplicate React StrictMode listeners causing memory leaks.
• Fixed Canvas fingerprint protection interfering with 3D WebGL canvases.
• Removed unused and dead extension setting scripts to improve payload size.

Added & Improved

• WebGL2 fingerprint protection via overriding prototype methods.
• 15 new high-impact Declarative Net Request rules added to the network engine.
• Dynamic loading of tracker database via chrome.runtime.getURL().
• Per-site protection toggle support in content scripts for skipping injections on whitelisted sites.
• Replaced overly broad cosmetic filtering CSS selectors with safe hyphen-bounded patterns.

Fixed

• Malformed JSON syntax bug in trackers.json cleaned up.
• Fixed missing content script declarations preventing load.
• Removed dead MV2-only permissions preventing successful modern MV3 security audit.
• Fixed declarative net request rules failing to register due to rule ID gaps.

• Added: Advanced fingerprint protection (Canvas, WebGL, Hardware concurrency, Device memory, Platform).
• Improved: Website compatibility, protection engine stability, and privacy controls.
• Fixed: LinkedIn & YouTube loading issues, extension conflicts.

• Features: Tracker blocking, Ad blocking, HTTPS upgrade, Script blocking, Third-party cookie cleanup, and Per-site controls.