Audit follow-up (2026-06-10), all validated before commit.
#2 WebRTC — the shipped baseline now MATCHES the manually-validated config
(behind a residential proxy: host=<uuid>.local, srflx=proxy egress, No-Leak,
gathering completes, indistinguishable from vanilla Firefox on BrowserLeaks +
CreepJS):
- prefs baseline obfuscate_host_addresses False->True; add
zoom.stealth.webrtc.disable_ipv6=True; drop the dead
media.peerconnection.ice.disableIPv6 (no-op on FF150)
- launcher auto-derives the proxy egress IP via _geo.prepare_session_geo
(one round-trip shared with the timezone resolution) and feeds nICEr via
STEALTHFOX_WEBRTC_PUBLIC_IP + STEALTHFOX_WEBRTC_DISABLE_IPV6 in _build_env
(sync + async); an explicit caller env still wins. The C++ mechanisms were
already in firefox-9 — this activates them, no rebuild.
#1 drop orphan prefs zoom.stealth.timezone + zoom.stealth.seed (read by no C++;
the live ones are juggler.timezone.override + zoom.stealth.fpp.hw_seed).
#3 release title 'rev N' instead of 'rev firefox-N'.
CI guards (unit, leak-safe — no real proxy/creds, the kind that would have
caught this gap at zero cost):
- shipped-baseline guard + no-orphan-prefs (test_webrtc_realness.py)
- egress auto-derive in _build_env (test_launcher_helpers.py)
- prepare_session_geo returns (tz, egress) (test_geo.py)
CI keeps faking 'behind a proxy' with an in-process TCP-only SOCKS5 + RFC 5737
TEST-NET IPs; real-proxy residential realness stays a LOCAL manual gate.
449 unit pass.
IT11–IT13 mirror IT10 on the Linux platform branch, verifying:
- Xvfb workarounds coexist with SOCKS5 proxy mutation
- MSAA pin propagates through prefs translation on Linux
- _LINUX_GENERIC_FONT_FACTORS is prepended to per-font metrics
Tests use monkeypatch on sys.platform so they run on any host OS.
Verified green on Linux/WSL alongside the existing Windows tests.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
