How CloakBrowser is different from playwright-stealth
Here is the key fact every stealth scraper has to understand in 2026: anti-bot scripts run Function.prototype.toString.call(fn) on the browser functions a stealth tool usually overrides. That call returns a function's source code. If the result is anything other than [native code], the site knows the function was tampered with — so the patch itself becomes the giveaway. This is why playwright-stealth fails against Kasada, recent Akamai versions, and DataDome: each JavaScript override leaves a visible source signature.
CloakBrowser changes the same things (canvas hash, WebGL renderer, AudioContext, navigator quirks, Battery API, CDP input handling) but does it in the C++ code before the browser is even built. The functions still return [native code] because they are still native code. Nothing was injected at runtime, so toString() finds nothing to flag.
The 60-extension probe and real extensions
Akamai's sensor.js tries to load 60 known chrome-extension://[id]/manifest.json URLs — in effect, checking which browser extensions you have installed. Real Chrome users almost always have a few (uBlock Origin, LastPass, Bitwarden, 1Password), so at least some of these requests should succeed. A headless browser (a browser running with no visible window, typical of bots) has none, so all 60 requests fail at once with net::ERR_FAILED — a result that is statistically impossible for a real user.
CloakBrowser ships with profiles that have real extensions installed, so some probes return real manifest data and the overall response pattern looks like a genuine Chrome user. This is the one Chromium-side feature that Camoufox cannot match as naturally, because Firefox has no chrome-extension protocol at all.
When to choose CloakBrowser vs Camoufox
Pick CloakBrowser for: Chromium-only sites; Akamai targets where sensor.js actively scores you and the extension probe matters; and sites that weight browser market share, since about 65% of users run a Chromium-family browser. The trade-off is higher memory use.
Pick Camoufox for: Cloudflare (reported high compatibility in Mar 2026), and sites where CDP detection is the main barrier — Camoufox is built on Firefox and drives the browser with Mozilla's Juggler protocol instead of CDP (the Chrome DevTools Protocol that automation tools use and anti-bots watch for). It also uses less memory.
For both: use real residential or ISP IP addresses; align your timezone and locale to the IP with geoip-style settings; run with a consistent, rate-limited input mode (humanize=True or equivalent); and never run more than about 10 instances on one machine.
Is the closed-source binary safe? (security analysis)
CloakBrowser's control library is open source, but the part that actually does the stealth work is a pre-built, closed-source Chromium binary you download and run with full local privileges. That is a real supply-chain concern (the risk that software you install does something hidden): a patched browser binary could in principle read your .ssh keys, harvest environment secrets, or phone home, and because you cannot see the C++ source you cannot rule it out.
An independent behavioural audit — github.com/pim97/cloakbrowser-analyze — ran nine runtime tests against the binary (watching what it actually does while running) and reported no malicious behaviour observed: 2.9M extracted strings contained no suspicious URLs, hardcoded credentials, or exfiltration keywords; packet capture showed only the expected PyPI/GitHub traffic from the wrapper; the process never touched .ssh, .aws, or planted decoy secrets; and every process it spawned was a standard Chromium component.
The same write-up is clear about the limit of that evidence: passing behavioural tests is not the same as being provably safe. A closed binary can still hide behaviour that only triggers after a delay or under specific conditions, which runtime observation will not catch. If your threat model cannot tolerate an unauditable binary — corporate machines, or anything near credentials or production infrastructure — prefer a fully open-source stack like Camoufox or PatchRight, or run CloakBrowser inside a disposable container with no access to host secrets.
