algoblocker

Anti-fingerprinting defense for Chromium — browser, hardware, canvas, audio, WebGL, fonts, timezone, WebRTC, clock.

Protection

Toggles JS API overrides + HTTP header spoofing. Per-tab badge shows probe count.

Coverage

Protected: Not protected (see docs/LIMITS.md):

Behavioral biometrics (Tier B, opt-in)

Downsamples mousemove/pointermove/wheel/touchmove listeners to 20 Hz with 2-pixel coordinate quantization. Breaks smooth drag and drawing apps; raises mouse-dynamics fingerprinting cost 5–10×. Keystroke jitter + event metadata quantization (Tier A) are always on and not toggleable. See LIMITS.md for the structural leaks (isTrusted, CSS timing, etc.).

Graph tracer — surveillance functions detected on current origin

On every counterintel probe hit, the graph tracer captures the JavaScript stack and builds a call-graph over the page's code. Functions that touch multiple unrelated fingerprint surfaces but have low in/out connectivity are classified as spokes — dedicated surveillance code rather than framework utilities. When one of these spokes is the immediate caller of a subsequent probe, the null-op escalates: isTrusted→inverted, MutationObserver→silenced, getBoundingClientRect→zero-rect, performance.now→literal 0, listener throttle→never-invoke. Non-spoke callers keep the default null-op.

(no tab selected)
Location Fn Score Visits In / Out Traps touched

Counterintelligence — behavioral fingerprinting attempts observed

Some fingerprinting techniques cannot be blocked from an extension — they use standard DOM APIs in patterns that we can only observe, not interdict. This table shows every origin that has tripped one or more counterintel sensors, highest score first. The sensors: isTrusted reads, MutationObserver style/class watches, PerformanceObserver event entries, getBoundingClientRect polling rate, CSS scroll-timeline, descriptor enumeration, listener density, timing probes, and vendor script URLs.

Origin Max Severity Top indicators Last seen

VPN (Cloudflare WARP + audit Worker)

Pair algoblocker with Cloudflare WARP and an audit Worker to close the TLS/IP/ASN fingerprint surfaces the extension can't touch. See deploy/cloudflare/ARCHITECTURE.md for the design and cost tiers ($0–$15/mo).

Polls your audit Worker every 5 minutes to verify WARP is active and the exit location hasn't drifted.
Deploy your own Worker (see worker/README.md), then paste the URL here — e.g. https://algoblocker-audit.yoursubdomain.workers.dev
Status: checking…
Captured once while WARP is active. Future checks compare against this; ASN/country changes flag as mismatch.
(not captured)
Opt-in. When health check returns down or mismatch, all HTTP/HTTPS traffic is blocked via a dynamic DNR rule — except requests to the Worker URL itself (so re-check can succeed). Recommended only for strict threat models. Off by default.

Verify

Open the built-in probe page and compare against a control tab with algoblocker disabled:

External probes will show the spoofed values. If your real values leak, that's a coverage gap — please file it.

Reset

Generates fresh per-install randomization seed. Won't change current-page fingerprints (those reseed per page load).