Architecture

How Clearcote layers privacy and identity control onto Chromium — transparently.

The stack

Clearcote is a thin, auditable stack. Each layer is open and replaceable:

            Chromium  (Google, BSD-3)
                |
   ungoogled-chromium  ->  removes Google services, telemetry, integration
                |
       Clearcote patches  ->  engine-level identity & privacy controls
                |
   reproducible build  ->  checksummed, signed, rebuildable by anyone
                |
        Clearcote Browser  +  Playwright / Puppeteer drop-in

Engine-level, not script injection

Most "stealth" tooling injects JavaScript to overwrite navigator properties at runtime. That is brittle and self-revealing — the overrides themselves become a fingerprint (wrong prototype chains, getter timing, missing native code stringification).

Clearcote instead modifies the C++ engine. The values a page reads are produced by the same code paths Chromium always uses, so there is no injected layer to detect. This covers APIs that JavaScript can't cleanly intercept at all.

Coherent, per-site identity (farbling)

Randomizing each signal independently produces an identity that doesn't add up — a dead giveaway. Clearcote derives all signals from a single seed, combined with the site's registrable domain, so values are:

• Internally consistent — platform, GPU, timezone and locale agree with each other.
• Stable per site — the same site sees the same identity across a session.
• Decorrelated across sites — different domains see different values, so you aren't linkable across the web.

This per-eTLD+1 model is inspired by Brave's farbling approach.

What it controls

Build target

The current target is Windows x64, cross-compiled from Linux against Chromium 149. The full recipe — and every cross-build gotcha — is documented so anyone can reproduce it. See Build from source.