docs: update v141 20251012 release docs and config references

Author: MSTU0

ADVANCED_FEATURES.md

@@ -14,7 +14,7 @@ BotBrowser offers multi‑layer emulation and control to keep fingerprints consi
 
 ## 🧭 Capabilities Index
 
-[navigator.webdriver removal](#chrome-behavior-emulation), [main‑world isolation](#playwright-puppeteer-integration), [JS hook stealth](#playwright-puppeteer-integration), [Canvas noise](#graphics-rendering-engine), [WebGL/WebGPU param control](#graphics-rendering-engine), [Skia anti‑alias](#cross-platform-font-engine), [HarfBuzz shaping](#cross-platform-font-engine), [MediaDevices spoofing](#complete-fingerprint-control), [font list spoofing](#cross-platform-font-engine), [UA congruence](#configuration-and-control), [per‑context proxy geo](#enhanced-proxy-system), [DNS‑through‑proxy](#enhanced-proxy-system), [HTTP headers/HTTP2/HTTP3](#chrome-behavior-emulation), [headless parity](#headless-incognito-compatibility), [WebRTC SDP/ICE control](#webrtc-leak-protection), [TLS fingerprint (JA3/JARM)](#network-fingerprint-control)
+[navigator.webdriver removal](#chrome-behavior-emulation), [main‑world isolation](#playwright-puppeteer-integration), [JS hook stealth](#playwright-puppeteer-integration), [Canvas noise](#graphics-rendering-engine), [WebGL/WebGPU param control](#graphics-rendering-engine), [Skia anti‑alias](#cross-platform-font-engine), [HarfBuzz shaping](#cross-platform-font-engine), [MediaDevices spoofing](#complete-fingerprint-control), [font list spoofing](#cross-platform-font-engine), [UA congruence](#configuration-and-control), [per‑context proxy geo](#enhanced-proxy-system), [DNS‑through‑proxy](#enhanced-proxy-system), [active window emulation](#active-window-emulation), [HTTP headers/HTTP2/HTTP3](#chrome-behavior-emulation), [headless parity](#headless-incognito-compatibility), [WebRTC SDP/ICE control](#webrtc-leak-protection), [TLS fingerprint (JA3/JARM)](#network-fingerprint-control)
 
 <a id="configuration-and-control"></a>
 ## 🔧 Configuration & Control
@@ -146,12 +146,21 @@ Sophisticated noise with consistency algorithms.
 - AudioContext fingerprint noise injection
 - Maintains realistic audio processing behavior
 - Cross-worker consistency for complex applications
+- Tuned noise distribution (Chromium 141) to harden probes without audible artifacts
 
 **Text‑Metrics Manipulation:**
 - TextMetrics and client rects noise injection
 - Font measurement consistency across workers
 - Realistic text rendering variations
 
+<a id="active-window-emulation"></a>
+### Active Window Emulation
+Keep automation sessions foreground-consistent even when the host window is unfocused.
+
+- `--bot-config-always-active` defaults to `true`, suppressing `blur`/`visibilitychange` events and pinning `document.hidden=false`.
+- Works per window: disable explicitly when sites must observe genuine focus changes.
+- Prevents detection heuristics that watch caret blinking, FocusManager events, or inactive viewport throttling.
+
 <a id="headless-incognito-compatibility"></a>
 ### Headless & Incognito Compatibility
 Consistent behavior across modes with comprehensive simulation.
@@ -179,6 +188,7 @@ Complete WebRTC fingerprint control and IP protection.
 - MediaStream API consistency
 - RTCPeerConnection behavior modification
 - Network topology hiding
+- ICE server presets and custom lists via `--bot-config-webrtc-ice` to prevent TURN-level IP disclosure
 
 <a id="chrome-behavior-emulation"></a>
 ### Chrome Behavior Emulation
@@ -318,6 +328,7 @@ Comprehensive media‑format support and codec emulation.
 - Platform-specific codec availability simulation
 - Authentic media format reporting
 - Container format support detection
+- Default profile configuration now uses `expand` to prioritize local decoders; switch back to `profile` for legacy canned lists
 
 **WebCodecs API Support:**
 - videoDecoderSupport authentic reporting
@@ -581,7 +592,7 @@ For technical questions about advanced features, implementation details, or cust
 - **[CLI Flags Reference](CLI_FLAGS.md)** - Complete command-line options
 - **[Profile Configuration](profiles/PROFILE_CONFIGS.md)** - Advanced profile customization
 - **[Validation Results](VALIDATION.md)** - Research and testing data
-- **[BotCanvas Lab](tools/botcanvas/)** - Canvas forensics and fingerprint analysis tool
+- **[BotCanvasLab](tools/botcanvas/)** - Canvas forensics and fingerprint analysis tool
 - **[Examples](examples/)** - Automation code samples
 
 ---

CHANGELOG.md

@@ -8,6 +8,76 @@ This software and its documented capabilities are provided for **academic study
 
 ⚠️ **This software is for compatibility validation in controlled, academic test environments only. It must not be used to circumvent security controls on production systems.**
 
+## [2025-10-12] 
+
+### Major
+- **Chromium Core Upgrade → 141.0.7390.77**
+  - **What**: Sync to the latest stable Chrome 141 release.
+  - **Why**: Keeps Rendering/Network/Storage/Media in parity with upstream, reduces version‑based heuristics, and includes current security fixes.
+  - **Impact**: More deterministic behavior on sites that gate features by major version; lower drift on fingerprint surfaces impacted by minor engine changes.
+
+- **Experimental: BotCanvasLab (Canvas2D recorder)**
+  - **What**: An opt‑in tool that **records Canvas2D draw operations** and exports **replayable code snippets** (trace → code).
+  - **Use cases**: Reverse‑inspect how a site draws charts/captchas/signature pads; reproduce rendering flows; compare visual diffs across hosts/profiles.
+  - **Enable**:
+    ```bash
+    chrome.exe --bot-canvas-record-file=/abs/path/trace.canvas.jsonl --bot-profile=/abs/path/profile.enc
+    ```
+  - **Notes**: Recording is **local** and grows with draw calls; recommended for analysis/debug, not for high‑volume production.
+  - **Docs**: https://github.com/botswin/BotBrowser/tree/main/tools/botcanvas
+
+### New
+- **CLI: `--bot-config-webrtc-ice` (custom ICE servers)**
+  - **What**: Choose STUN/TURN presets or provide a custom list to **avoid TURN‑level IP disclosure**.
+  - **Examples**:
+    - Google preset:
+      ```bash
+      --bot-config-webrtc-ice=google
+      ```
+    - Custom list (comma‑separated):
+      ```bash
+      --bot-config-webrtc-ice=custom:stun:stun.l.google.com:19302,turn:turn.example.com
+      ```
+  - **Why**: Some probes (e.g., https://ipbinding.online/) try to infer the real network by observing TURN traffic; controlling ICE servers reduces unintended leakage.
+
+- **CLI: `--bot-config-always-active` (true/false, default: true)**
+  - **What**: Keep windows **active** even when unfocused.
+  - **Behavior**: Suppresses `blur/visibilitychange`; forces `document.hidden=false`; caret keeps blinking; applies **per‑window** (multi‑window friendly).
+  - **Why**: Certain sites degrade features or throttle actions when the tab isn’t considered active.
+
+### Improved
+- **Runtime features control (finer per‑OS toggling)**
+  - More precise reading/toggling of runtime flags at startup, including OS‑conditioned switches → **more stable cross‑OS fingerprints** when moving profiles between Windows/macOS/Android.
+
+- **Chrome component plugin preload (ID: `ghbmnnjooekpmoecnnnilnnbdlolhkhi`)**
+  - Hardened preload path and timing so this stock component extension reliably appears; improves **Chrome‑authentic** signals that some scanners expect.
+
+- **WebGL/WebGL2 parameter reads**
+  - Reworked parameter access to avoid **application‑settable states** and cross‑driver quirks; prevents false values and closes detection patterns reported by https://fv.pro/
+
+- **Media types default → `expand`**
+  - `--bot-config-media-types` now defaults to **`expand`** (previously `profile`) so BotBrowser leverages **local decoders** by default → more accurate `canPlayType`/MSE decisions.
+  - To keep old behavior, pass `--bot-config-media-types=profile`.
+
+- **AudioContext noise tuning**
+  - Adjusted distribution/phase to better defend against **audio fingerprinting** with minimal audible/timing side‑effects.
+
+### Fixed
+- **Font sizes stable under `--bot-config-noise-text-rects`**
+  - Fixed an interaction where text‑rect noise perturbed computed font‑size metrics; sizes now remain stable.
+
+- **Geolocation reliability**
+  - Fixed geolocation not working in some configurations. Tracks: https://github.com/botswin/BotBrowser/issues/69
+
+- **Android window sizing**
+  - Corrected window metrics when emulating Android so viewport matches profile expectations.
+
+- **Proxy robustness & validation**
+  - Avoid crashes on failing proxies; emit clear error messages for malformed proxy arguments to prevent misconfig loops.
+
+
+---
+
 ## [2025-10-02] 
 
 ### Major

CLI_FLAGS.md

@@ -178,6 +178,7 @@ The following `--bot-config-*` flags map directly to profile `configs`:
 --bot-config-locale=auto                      # Browser locale: e.g. en-US, fr-FR, de-DE, or "auto" (derived from IP/language)
 --bot-config-location=40.7128,-74.0060        # Location: "lat,lon" (coordinates) or "auto" (IP-based)
 --bot-config-media-devices=profile            # Media devices: profile (fake devices), real (system devices)
+--bot-config-always-active=true               # Keep windows/tabs active even unfocused (default true)
 --bot-config-noise-audio-context=true         # Audio context noise: true, false
 --bot-config-noise-canvas=true                # Canvas fingerprint noise: true, false
 --bot-config-noise-client-rects=false         # Client rects noise: true, false
@@ -190,8 +191,9 @@ The following `--bot-config-*` flags map directly to profile `configs`:
 --bot-config-webgl=profile                    # WebGL: profile (use profile), real (system), disabled (off)
 --bot-config-webgpu=profile                   # WebGPU: profile (use profile), real (system), disabled (off)
 --bot-config-webrtc=profile                   # WebRTC: profile (use profile), real (native), disabled (off)
+--bot-config-webrtc-ice=google                # ICE servers: google preset or custom:stun:host:port,turn:host
 --bot-config-window=profile                   # Window dimensions: profile (use profile), real (system window)
---bot-config-media-types=profile              # Media types: profile, real, expand (allow expanding via local decoders)
+--bot-config-media-types=expand               # Media types: expand (default), profile, real
 --bot-config-mobile-force-touch=false         # Mobile touch: force touch events on/off for mobile device simulation
 ```
 
@@ -204,6 +206,12 @@ The following `--bot-config-*` flags map directly to profile `configs`:
 - **Dynamic Configuration:** Perfect for automation and CI/CD
 - **Session Isolation:** Different settings per instance
 
+### Spotlight: BotBrowser v141 20251012 Additions
+
+- **`--bot-config-webrtc-ice`** — choose ICE presets or bring your own STUN/TURN list to keep TURN traffic from revealing the real network path.
+- **`--bot-config-always-active`** — keeps tabs/windows active (default `true`) so sites can’t key off backgrounded state; disable per window if you need native focus behavior.
+- **`--bot-config-media-types` default = `expand`** — BotBrowser now prefers locally available decoders for more realistic media capability checks; switch back to `profile` for the legacy behavior.
+
 ### Configuration Priority
 
 1. **🥇 CLI `--bot-config-*` flags** (Highest priority)
@@ -259,6 +267,16 @@ chromium-browser \
   --bot-title="Custom Session"
 ```
 
+### Active Window + Custom ICE Setup
+```bash
+# Keep tabs active while routing WebRTC through explicit ICE servers
+chromium-browser \
+  --bot-profile="/absolute/path/to/chrome141_win11_x64.enc" \
+  --bot-config-always-active=true \
+  --bot-config-webrtc-ice="custom:stun:stun.l.google.com:19302,turn:turn.example.com" \
+  --bot-config-media-types="expand"
+```
+
 ### Dynamic Multi-Instance Setup
 ```bash
 # Instance 1 - Chrome brand with profile window settings

README.md

@@ -149,6 +149,7 @@ This map links common detection surfaces to BotBrowser capabilities and the exac
 - **Configurability:** 20+ CLI overrides, per‑context proxies with automatic geo‑detection, and session tools (cookies/bookmarks/title)
 - **Headless ↔ GUI Parity:** Stable GPU/WebGPU/media signals and consistent behavior across browser modes
 - **Performance Controls:** Precise FPS simulation, memory/storage timing, and GPU micro‑benchmarks for realistic profiles
+- **Focus & Session Control:** Always-active tab emulation, configurable WebRTC ICE servers, and expanded media decoder reporting for authentic runtime signals
 
 ### Fingerprint Consistency Matrix — Cross‑Platform Coverage
 
@@ -240,7 +241,7 @@ Our compatibility research examines browser fingerprinting techniques across dif
 | **[Validation Results](VALIDATION.md)** | Research data | 25+ anti-bot systems, 50,000+ test sessions, statistical analysis |
 | **[CLI Flags Reference](CLI_FLAGS.md)** | Command-line options | `--bot-config-*` flags, proxy auth, session management |
 | **[Profile Configuration](profiles/PROFILE_CONFIGS.md)** | Profile customization | Fingerprint control, cross-platform compatibility |
-| **[BotCanvas Lab](tools/botcanvas/)** | Canvas forensics tool | Canvas 2D recording, JSONL event viewer, replay roadmap |
+| **[BotCanvasLab](tools/botcanvas/)** | Canvas forensics tool | Canvas 2D recording, JSONL event viewer, replay roadmap |
 | **[Examples](examples/)** | Code samples | Playwright, Puppeteer, bot-script automation |
 
 ### Quick Access

profiles/PROFILE_CONFIGS.md

@@ -92,7 +92,9 @@ All configurations are embedded in the `configs` field inside your profile JSON
 | `injectRandomHistory`           | Optionally injects synthetic navigation history for academic experiments in browser state testing. | `false`    |
 | `disableDebugger`               | Prevents unintended interruptions from JavaScript debugger statements during automated academic workflows. | `true`     |
 | `keyboard`                      | Choose keyboard fingerprint source: `profile` (emulated from profile) or `real` (use system keyboard). | `profile` |
-| `mediaTypes`                    | Media types behavior: `profile` (use profile settings), `real` (native system), `expand` (allow expanding via local decoders). | `profile` |
+| `mediaTypes`                    | Media types behavior: `expand` (prefer local decoders), `profile` (profile-defined list), `real` (native system). | `expand` |
+| `alwaysActive`                  | Keep windows/tabs in an active state to suppress `blur`/`visibilitychange` events and `document.hidden=true`. | `true` |
+| `webrtcICE`                     | ICE server preset (`google`) or custom list via `custom:stun:host:port,turn:host:port`. | `google` |
 | `mobileForceTouch`              | Force touch events on/off when simulating mobile devices (`true`, `false`).          | `false`    |
 
 ### Proxy Settings
@@ -187,6 +189,12 @@ All configurations are embedded in the `configs` field inside your profile JSON
     // WebRTC: 'profile' = profile’s settings; 'real' = native; 'disabled' = no WebRTC
     "webrtc": "profile",
 
+    // WebRTC ICE servers: 'google' preset or 'custom:stun:...,turn:...'
+    "webrtcICE": "google",
+
+    // Keep the window active even when unfocused (suppresses blur/visibilitychange)
+    "alwaysActive": true,
+
     // Fonts: 'profile' = profile’s embedded list; 'real' = system-installed fonts
     "fonts": "profile",
 
@@ -199,6 +207,9 @@ All configurations are embedded in the `configs` field inside your profile JSON
     // Media devices: 'profile' = fake camera/mic devices; 'real' = actual system devices
     "mediaDevices": "profile",
 
+    // Media types: 'expand' = prefer local decoders; switch to 'profile' for legacy behavior
+    "mediaTypes": "expand",
+
     // Speech voices: 'profile' = profile’s synthetic voices; 'real' = system voices
     "speechVoices": "profile",
 

tools/botcanvas/README.md

@@ -1,4 +1,4 @@
-# BotCanvas Lab (Beta)
+# BotCanvasLab (Beta)
 
 Canvas 2D/WebGL fingerprint forensics for BotBrowser. Capture every API call as a JSONL event stream for analysis and future replay capabilities.