Skip to content

Releases: clearcotelabs/clearcote-browser

Clearcote Browser v0.1.0-pre.4 (Chromium 149.0.7827.114, Windows x64)

17 Jun 12:20
@pim97 pim97
v0.1.0-pre.4
912c86d

Choose a tag to compare

View all tags
Clearcote Browser v0.1.0-pre.4 (Chromium 149.0.7827.114, Windows x64) Pre-release
Pre-release

Clearcote Browser v0.1.0-pre.4 (Chromium 149.0.7827.114, Windows x64)

Supersedes v0.1.0-pre.3. Same Chromium build — this release adds the missing
149.0.7827.114.manifest (the SxS version-assembly manifest) to the archive root.
Without it, chrome.exe fails to start on a clean Windows box with "the side-by-side
configuration is incorrect" (surfaced via Playwright/Puppeteer as spawn UNKNOWN).
pre.1–pre.3 shipped without it; the SDK clearcote@0.1.2 / PyPI 0.1.1 point here.

The browser binary itself is byte-identical to pre.3 (chrome.exe sha256 unchanged).

Downloads & checksums

Artifact SHA-256
clearcote-149.0.7827.114-windows-x64.zip 40972168909e887434a3db4188d336bb7389d319a5c75967fb66ca6114c22e4c
chrome.exe (inside the zip) 5743595256c89c6874804bf3315acce592fc7f1883760c8d380c010151a73b23
chrome.dll (inside the zip) 836926ec85d04d52056e7a018f0e6a4c0ca5758808f91ce4328c96d61fb4181b

Verify (don't trust — verify)

The pinned signing-key fingerprint is CA96F185 F96A 693A EDB3 AC1F CB00 D851 B7A8 6B0F
(also in README / VERIFY.md). Confirm the key's fingerprint
equals that value, then check the signature.

gpg --with-fingerprint --show-keys clearcote-signing-key.asc   # must equal the pinned fingerprint
gpg --import clearcote-signing-key.asc
gpg --verify SHA256SUMS.txt.asc SHA256SUMS.txt                  # Good signature
sha256sum -c clearcote-149.0.7827.114-windows-x64.zip.sha256    # OK
unzip -p clearcote-149.0.7827.114-windows-x64.zip chrome.exe | sha256sum   # matches above

Quickstart (Playwright drop-in)

from playwright.sync_api import sync_playwright
with sync_playwright() as p:
    b = p.chromium.launch(
        executable_path=r"C:\clearcote\chrome.exe",
        args=["--fingerprint=seed-123", "--fingerprint-platform=windows"],
    )
    b.new_page().goto("https://abrahamjuliot.github.io/creepjs/")

Or via the SDK: npm i clearcote / pip install clearcote then launch() (auto-downloads + verifies this build).

Caveats

  • Pre-release / not exhaustively stealth-validated across all detection suites on real Windows.
  • is_official_build=false — matches the published config/args.gn; not yet a stable official build.
  • proprietary_codecs=true — H.264/AAC enabled; mind redistribution terms.
  • Per-eTLD+1 farbling (canvas/WebGL/audio) + WebRTC leak controls are engine-level in this build.
Loading

Clearcote Browser v0.1.0-pre.3 (Chromium 149.0.7827.114, Windows x64)

17 Jun 11:47
@pim97 pim97
v0.1.0-pre.3
b2739a9

Choose a tag to compare

View all tags
Clearcote Browser v0.1.0-pre.3 (Chromium 149.0.7827.114, Windows x64) Pre-release
Pre-release

Clearcote Browser v0.1.0-pre.3 — Chromium 149, Windows x64

De-Googled, fingerprint-hardened Chromium with engine-level anti-detect controls and a drop-in Playwright workflow. This pre-release supersedes v0.1.0-pre.2.

What's new since pre.2

  • Audio fingerprint fixed (Brave-style farbling). The AudioContext fingerprint previously injected per-sample noise — detectable as a lie (every sample distinct). It now applies a single deterministic per-eTLD+1 scale factor across the whole buffer, so the fingerprint shifts per site while preserving the buffer's real structure (equal samples stay equal). getChannelData and copyFromChannel stay consistent. Verified: CreepJS no longer flags the audio panel.
  • Exact AudioContext sample rate. OfflineAudioContext.sampleRate previously returned a noised, non-standard value (e.g. 44099.99); it now returns the exact requested rate (44100). The audio fingerprint is still farbled via the buffer, so nothing is lost — but the tell is gone.
  • WebRTC proxy-IP mock (--webrtc-ip). With --webrtc-ip=<IP> set, WebRTC surfaces that IP (your proxy's egress) as the server-reflexive (srflx) candidate and emits no host candidate — so WebRTC matches your HTTP IP while the real/LAN IP never leaks (the reflected address is replaced at the source and host candidates are suppressed). Without the switch, WebRTC stays safely blocked (default).
  • Still runtime-validated on real Windows (6/6, CreepJS): navigator.webdriver=false; same seed ⇒ identical canvas; different seed ⇒ different canvas and WebGL renderer; --timezone and --fingerprint-platform honored.

Downloads

File What
clearcote-149.0.7827.114-windows-x64.zip the build (chrome.exe + chrome.dll + full runtime + VC++ 2015-2022 DLLs)
clearcote-149.0.7827.114-windows-x64.zip.sha256 per-artifact checksum
clearcote-149.0.7827.114-windows-x64.zip.sha256.asc GPG detached signature of the above
SHA256SUMS.txt aggregate checksums (zip + chrome.exe + chrome.dll)
SHA256SUMS.txt.asc GPG detached signature of SHA256SUMS.txt
clearcote-signing-key.asc public signing key (convenience copy — trust the pinned fingerprint below, not the attached key)

Verify before you run

Signing key fingerprint (pinned, out-of-band — must match):

CA96F185 F96A 693A EDB3 AC1F  CB00 D851 B7A8 6B0F

gpg --with-fingerprint --show-keys clearcote-signing-key.asc   # confirm == the fingerprint above
gpg --import clearcote-signing-key.asc
gpg --verify SHA256SUMS.txt.asc SHA256SUMS.txt                  # Good signature ("not certified" WARNING is expected)
sha256sum -c clearcote-149.0.7827.114-windows-x64.zip.sha256    # OK

SHA-256 (pinned to this build):

767cc867cbc8a622b98c3e85f5b3a37cfa587f8dff19060afe0c7783880c0aaa  clearcote-149.0.7827.114-windows-x64.zip
5743595256c89c6874804bf3315acce592fc7f1883760c8d380c010151a73b23  chrome.exe
836926ec85d04d52056e7a018f0e6a4c0ca5758808f91ce4328c96d61fb4181b  chrome.dll

Quickstart (Playwright drop-in)

Unzip somewhere (e.g. C:\clearcote\), then point Playwright at the binary:

from playwright.sync_api import sync_playwright
with sync_playwright() as p:
    b = p.chromium.launch(
        executable_path=r"C:\clearcote\chrome.exe",
        args=["--fingerprint=seed-123", "--fingerprint-platform=windows"],
    )
    b.new_page().goto("https://abrahamjuliot.github.io/creepjs/")

Same --fingerprint seed ⇒ same identity across launches; a new seed ⇒ a fresh, per-site-decorrelated identity. To make WebRTC report your proxy's IP instead of being blocked, add --webrtc-ip=<your proxy's public IP>.

Caveats (read these)

  • Pre-release. Passes a 6/6 CreepJS smoke check on real Windows and the audio panel is now clean, but not yet a full pass across BrowserScan / Pixelscan / FingerprintJS — treat as experimental.
  • is_official_build=false. This binary is not an official-build/optimized Chromium; some timing/behavioral signals differ from stock Chrome.
  • proprietary_codecs=true. H.264/AAC are enabled — redistribution may carry codec-licensing obligations in your jurisdiction.
  • Reproducible & auditable. The complete, concern-grouped patch set in patches/ applies zero-reject onto pinned upstream Chromium + the ungoogled base + the published config/args.gn, and reproduces this build. Chromium cross-builds are not yet bit-for-bit deterministic — the guarantee is "every change is an auditable patch and the config is public," not "rebuild and the hash matches."
Loading