Metadata-Version: 2.4
Name: darkelf-cocoa
Version: 4.3.4
Summary: Darkelf Cocoa privacy browser for macOS
Author: Dr. Kevin Moore
License: LGPL-3.0-or-later
Requires-Python: >=3.11
Description-Content-Type: text/markdown
Requires-Dist: pyobjc
Requires-Dist: tldextract

# 🧿 Darkelf Cocoa Browser

### Ephemeral, Post-Quantum Privacy Browser (macOS / Cocoa)

Darkelf is a memory-only, privacy-first web browser built using PyObjC + WebKit, featuring a deterministic Post-Quantum Integrity Layer (PQ) and an on-device AI security engine (MiniAI Sentinel).

---

# 🚀 Darkelf Cocoa 4.3.4

### Stability • Accuracy • Privacy Reinforced

Darkelf Cocoa 4.3.4 strengthens internal consistency, improves fingerprint realism, and enhances stealth across identity, rendering, and detection layers.

## New Features in Darkelf Cocoa 4.3.4

### Memory Chunking
Improved memory handling by breaking data into smaller, more efficient chunks for enhanced performance and stability.

### Enhanced Error Logging
Upgraded logging system with more detailed diagnostics, making debugging and issue tracking more effective.

### Safe URL Handling
Introduced safer URL processing to prevent malformed or unsafe links from causing unexpected behavior or security issues.

---

## 🧪 Stability & Verification

* ✅ All 59 Pytests passing
* Improved cold boot consistency
* Hardened lifecycle + state handling
* Stable under stress / long-session runtime

---

## 🧠 MiniAI Sentinel (Detection Engine)

### Enhanced Detection Accuracy

* Refined behavioral heuristics
* Reduced false positives under load
* Improved classification for:

  * scraping activity
  * credential abuse patterns
  * automation frameworks

### Smarter Thresholding

* Tuned for real-world browsing behavior
* Concurrency-safe detection logic
* No false triggers from high-performance systems

---

## 🕸️ Scraper Detection (Reworked)

### Hybrid Detection Model

* Same-path burst detection (test-safe)
* Multi-path enumeration detection (real-world)

### Improvements

* Eliminates false positives from:

  * hardware concurrency
  * rapid navigation
* Better alignment with real attacker behavior

---

## 🛡️ Network Policy Engine (Enhanced)

* 🔒 Fixed HTTP → HTTPS upgrade enforcement
* 🚫 Stricter tracker blocking (domain-level precision)
* Works correctly without active tab context
* Reduced interference with legitimate traffic

---

## 🔐 Post-Quantum Integrity Layer (PQ)

### Enhancements in 4.3.1

* Stronger stateful request chaining
* Improved replay resistance
* Better entropy tracking
* Stable behavior across rapid navigation

### Identity Model

* `_pq_seed` → per-tab root identity
* `_pq_salt` → hidden entropy
* `_pq_counter` → monotonic progression
* `_pq_prev_chain` → chain continuity

### Chain Construction

```
chain = SHA3_512(
    seed +
    normalized_url +
    previous_chain +
    counter +
    salt
)
```

### Features

* Canonical URL normalization
* Replay detection (~200 chain window)
* TLS certificate binding
* Deterministic third-party deception
* Rendering isolation (Canvas/WebGL/Audio)

### Identity Rotation

```
seed → SHA3_256(seed)
```

---

## 🎨 Fingerprint System (Enhanced)

### PQ-Based Identity

Each tab now uses a **deterministic, hidden identity** derived from an internal PQ seed:

- Stable within a tab session  
- Independent across tabs  
- Not exposed to websites  

### Rotation Model

- Fingerprints remain stable on reload  
- New tabs receive distinct identities  
- Gradual variation over time and navigation  

### Result

- Prevents cross-tab tracking  
- Avoids unstable or overly-random behavior  

---

## 🧩 Fingerprint Coherence

- Canvas, WebGL, and font signals are now aligned  
- Eliminated inconsistent or conflicting fingerprint traits  

### Result

- Coherent, realistic device fingerprint  
- Reduced detection via cross-surface mismatch  

---

## 🕶️ User-Agent Stealth

- Removed all Darkelf identifiers from the User-Agent  

### Result

- Appears as a standard WebKit/macOS client  
- Internal identity system remains fully hidden  

---

## 🔐 Internal Improvements

- Hidden identity grouping (not externally visible)  
- Navigation-based entropy (no JS-driven mutation)  
- Stable, non-reactive fingerprint behavior  

## ⚙️ JavaScript Hardening (PQ Unified)

* All JS privacy surfaces aligned under PQ-seeded entropy
* Consistent spoofing across:

  * Canvas
  * WebGL
  * Font fingerprinting

---

## 🔁 Fingerprint Isolation

### Per-Tab Identity Model

* 🔁 Deterministic per-tab identity
* Group-based identity distribution (bucketed)
* No cross-tab fingerprint reuse

### Result

* Eliminates cross-tab correlation vectors
* Prevents long-session fingerprint linking
* Creates overlapping identity clusters (crowd blending)

---

## 🎯 Content Rules / Adblocking

* Refined and consolidated rule sets
* Improved compatibility with PQ fingerprint system
* Better filtering of:

  * trackers
  * ad iframes
  * consent frameworks
* Reduced site breakage
* Improved CNN / news-site handling (container-safe filtering)

---

## 🧩 Architecture Improvements

* Clear separation between:

  * network policy layer
  * MiniAI detection engine
  * PQ cryptographic state

* Reduced duplication

* Fewer edge-case inconsistencies

* Improved long-session stability

---

## 🔐 Ephemeral Browsing

* No disk persistence
* Memory-only cookies/cache/storage
* Automatic cleanup on exit
* Downloads disabled by default

---

## 🕵️ Privacy & Anti-Tracking

* First-party isolation (FPI)
* Deterministic third-party deception
* Ad + tracker blocking
* Fingerprint surface reduction
* No stable cross-session identity

---

## 📦 PyPI

```bash
pip install darkelf-cocoa
darkelf
```

---

## 🔐 Security Model

* Zero persistence
* Deterministic identity isolation
* Replay resistance
* Behavioral anomaly detection
* No telemetry

---

## 📜 License

LGPL-3.0-or-later
© Dr. Kevin Moore (2025)
