Complementos do Firefox
  • Extensões
  • Temas
    • para o Firefox
    • Dicionários e pacotes de idiomas
    • Outros sites de navegadores
    • Complementos para Android
Iniciar sessão
Pré-visualização de Chameleonn

Chameleonn por 0x127

Quietly blunts every fingerprinting surface the modern web exposes, without breaking sites.

0 (0 reviews)0 (0 reviews)
Transferir o Firefox e obter a extensão
Transferir ficheiro

Metadados da extensão

Capturas de ecrã
Acerca desta extensão
What it is

Chameleon is an advanced Firefox extension that quietly blocks the fingerprinting surface modern websites use to track you. Canvas, WebGL, audio, fonts, MIDI, sensors, WebRTC, navigator quirks, the whole pile.

The core trick: Instead of randomising your fingerprint on every request (which actually makes you more unique, since no real browser does that), Chameleon picks a stable identity per origin. The same site sees the same fingerprint every time so nothing breaks. Two different sites see different fingerprints so they can't link your visits together.

You can also rotate your master identity whenever you want with one click.



How to use it

Once installed, it runs automatically. Defaults are safe for normal browsing.

The toolbar popup
  • Protection toggle
    Master on/off switch. Reloads the tab immediately. Settings persist.
  • Exempt this site
    Adds the current eTLD+1 to an allowlist and reloads without protection.
  • Rotate identity
    Generates a new global seed. All sites see a fresh fingerprint going forward.
  • Settings
    Opens full configuration page.



The options page

Accessible via right-click -> Manage Extension -> Options.
  • Master toggle
    Global enable/disable.
  • Browser identity
    Choose OS/UA profile (default: Linux-based Firefox).
  • Surfaces controls
  • Timer precision rounding
  • Timezone pinning (UTC)
  • Motion sensor blocking
  • HTTP header rewriting
  • Exempt origins
    One eTLD+1 per line. Lines starting with # are ignored.



Verifying it works

Test across multiple windows:
  • https://browserleaks.com
  • https://amiunique.org
  • https://coveryourtracks.eff.org
  • https://audiofingerprint.openwpm.com
  • https://abrahamjuliot.github.io/creepjs

Expected behavior:
  • Same origin + same window -> consistent fingerprint
  • Different origins -> different fingerprints



What it blocks

Visual fingerprinting (canvas, WebGL, WebGPU)
  • Canvas readback APIs (toDataURL, getImageData, etc.)
  • WebGL/WebGL2 parameter extraction
  • readPixels noise injection
  • WebGPU fully hidden

Audio fingerprinting
  • AudioBuffer analysis
  • AnalyserNode frequency leakage
  • OfflineAudioContext compression artifacts

Layout fingerprinting
  • getBoundingClientRect / getClientRects
  • offsetWidth/Height, scroll metrics
  • screen size + DPR
  • TextMetrics inconsistencies

Navigator identity
  • UA, platform, vendor
  • hardwareConcurrency, deviceMemory
  • languages, plugins, mimeTypes
  • maxTouchPoints
  • userAgentData spoofing

Firefox quirks hiding
  • InstallTrigger
  • mozInnerScreenX/Y
  • window.sidebar, window.netscape
  • CSS feature probes

Hardware-leaking APIs
  • Battery API
  • NetworkInformation
  • StorageManager
  • enumerateDevices
  • Bluetooth / USB / HID / Serial
  • Speech synthesis voices
  • Gamepads
  • IndexedDB databases

Sensors
  • Motion/orientation APIs disabled
  • Magnetometer, gyroscope, accelerometer blocked
  • Touch precision normalized
  • screen.orientation pinned

Web MIDI
  • MIDI access blocked completely

WebXR / WebVR
  • XR APIs removed
  • VR display enumeration disabled

PointerEvent entropy
  • Stylus pressure/tilt/twist zeroed (except real pen input)
  • pointerId normalized
  • multi-touch behavior flattened

Speech Recognition
  • SpeechRecognition APIs removed

Reporting Observer
  • Fully stubbed to prevent side-channel reporting leaks

Cookie Store API
  • async cookie enumeration disabled

Performance memory probes
  • memory estimation disabled
  • eventCounts spoofed

Audio latency
  • outputLatency/baseLatency normalized

Notifications
  • Permission pinned to default state

navigator.scheduling
  • API hidden

window.name
  • Cleared on cross-origin navigation

Ad-block detection bypass
  • Fake ad-bait elements neutralized
  • detection globals pre-filled

Font enumeration
  • Local font APIs blocked
  • Canvas font measurement normalized
  • System fonts only exposed

Permissions / media queries
  • All media queries normalized
  • Permissions API stabilized

WebRTC
  • Local and STUN IP leakage blocked
  • Relay-only connections allowed

Timing
  • performance.now() quantized to 1ms
  • timestamps rounded globally

Locale
  • Forced en-US locale
  • UTC timezone
  • standardized numeric formats

HTTP layer
  • UA rewritten
  • Accept-Language normalized
  • Client hints removed
  • tracking headers stripped
  • DNT/GPC enforced

Workers
  • Worker scripts wrapped and re-hooked
  • Cross-origin workers partially unsupported

Camouflage
  • toString() spoofed as native
  • error stacks cleaned
  • sensitive APIs hidden



Will it slow my browser down?

Not noticeably.
  • Canvas/audio hooks: tiny overhead
  • DOM measurement hooks: minimal
  • HTTP rewriting: negligible
  • Worker interception: most expensive (tens of ms in heavy apps)



Configuration recipes
  • Maximum privacy (breaks some sites)
    Linux profile, everything enabled, no exemptions
  • Daily driver
    Defaults + exempt banking/video tools
  • Casual privacy
    Defaults, disable timezone pinning



Known limits
  • Detection possible inside JS realm (hook introspection)
  • Cross-origin worker injection limitations
  • Timezone vs real clock inconsistencies
  • First-canvas race condition on page load
  • TLS fingerprinting (JA3/JA4) still visible
  • TCP/IP fingerprinting still leaks OS (kernel-level issue)

The source code for this extension can be found at https://github.com/00x127/chameleon
Rated 0 by 0 reviewers
Iniciar sessão para avaliar esta extensão
Não existem avaliações ainda

Avaliação de estrelas guardada

5
0
4
0
3
0
2
0
1
0
Ainda sem análises
Permissions and data

Permissões necessárias:

  • Aceder aos separadores do navegador
  • Aceder à atividade do navegador durante a navegação

Permissões opcionais:

  • Aceder aos seus dados para todos os sites

Data collection:

  • The developer says this extension doesn't require data collection.
Saber mais
Mais informação
Ligações do complemento
  • Site de apoio
  • Copy add-on ID
Versão
0.1.5
Tamanho
158,87 KB
Última atualização
há 22 dias (25 de jun de 2026)
Categorias relacionadas
  • Desenvolvimento da web
  • Privacidade e segurança
  • Separadores
Licença
MIT License
Histórico de versões
  • Ver todas as versões
Etiquetas
  • anti tracker
  • container
  • content blocker
  • privacy
  • security
Adicionar à coleção
Reportar este complemento
Ir para a página inicial da Mozilla

Complementos

  • Acerca
  • Blogue de complementos do Firefox
  • Workshop de extensões
  • Central do programador
  • Políticas de programador
  • Blogue da comunidade
  • Fórum
  • Reportar um erro
  • Guia de análise

Download

  • Download Firefox
  • Windows
  • macOS
  • iOS
  • Android
  • Linux
  • All

Latest Builds

  • Nightly
  • Beta

Firefox for Business

  • Enterprise

Community

  • Connect
  • Contribute
  • Developer

Follow

  • Instagram
  • YouTube
  • TikTok
  • Bluesky
  • Podcast
  • Privacidade
  • Cookies
  • Informação legal

Exceto onde anotado o contrário, o conteúdo neste site está licenciado sob a licença Creative Commons Atribuição-CompartilhaIgual v3.0 ou qualquer versão mais recente.