Release history


  • Wrap Beacon API
  • Bugfix: inject content scripts to all iframes
  • Fix exception throwing in the code generator dealing with Firefox bug 1267027


  • NBS improvements for Chromium-based browsers: block a host after detecting the first suspicious HTTP request from the public to the private network.


  • Add wrapper of MediaDevices.prototype.enumerateDevices
  • Fix missing Date properties
  • Fix Geolocation overflows appearing near poles
  • Improve handling of domain names (URLs):
  • Handle IPv4 addresses used as hostnames correctly
  • Do not treat TLD specially and allow specifying wrapping levels for TLDs
  • Fix handling of two-letters 2-nd level domains
  • Fix exception throwing in the code generator dealing with Firefox bug 1267027


  • Bugfix: Do not try to redefine undefined objects. The exceptions thrown in injected code used to prevent application of all the wrapping code.


  • Add an option to clear with each page reload.


  • Rewrite the NBS for Chromium-based browsers with custom DNS cache build with resolved data available in onResponseStartedListener()


  • Fix the amount of saved data through pop-up (for a specific domain), it is much harder to reach the quoa


  • Re-introduced Geolocation API wrapping (several settings available).


  • Bugfix: Set up domain-specific levels from storage correctly
  • Wrap PerformanceEntry instead of performance.getEntries*() - prevents a known leak of precise time stamps in Chromium-based browsers.
  • Add note on the effectivity of time randomization
  • Firefox fix background and content scripts synchronization, use correct naming (improves speed)
  • Time wrappers in Firefox affected by the Fiefox CSP bug should work better. However, the precise timers are not wrapped, see also #25.
  • NBS message for Chromium-based browsers reworded.


  • Improve compatibility with Chromium based browsers


  • Major code rewrite - make the code more modular, remove duplications
  • Add wrappings inspired by JavaScript Zero: Real JavaScript and Zero S ide-Channel Attacks
  • Network boundary shield prevents web pages to use the browser as a proxy between local network and the public Internet. See the Force Point report for an example of the attack. The protection encapsulates the WebRequest API, so it captures all outgoing requests.
  • Allow multiple custom levels
  • Do not modify DOM of displayed pages (the modifications were detectable by the page scripts and may reveal that the user is running JSR)
  • Canvas fingerprinting: originally, only toDataURL was blocked. The extension now blocks CanvasRenderingContext2D.prototype.getImageData and HTMLCanvasElement.prototype.toBlob.
  • Block additionaly methods to get performance data.
  • Unfortunately, we do not migrate old settings as the levels were redesigned and several features were removed. We expect to migrate previous settings in the future.
  • Initial attempt to deal with a bug but it does not work completely as expected, yet.
  • Make sure that calling toString on the wrapped function does not leak the wrapping code.
  • Fix original canvas method leaks through iframes
  • Do not allow page scripts to delete wrappers
  • GUI rewritten.
  • Do not open the main page after browser or extension update as it is irritating and may send a signal that the user is tracked.
  • Removed feature Do not change request HTTP headers. See the paper FP-Scanner: The privacy implications of browser fingerprint inconsistencies and pages like
  • Removed feature GPS/location is not blocked anymore, we expect to reintroduce this feature in the future.


  • Fix Date wrapping that used to break some pages; Date wrapping code improved
  • Improve XMLHttpRequest wrapping


  • Additional APIs that can be wrapped:
  • navigator properties: userAgent, vendor, platform, appVersion, oscpu, language, languages
  • document properties: referrer


  • Initial public version