# Privacy Layer
## Privacy Layer
The foundation of Macro's privacy architecture.
***
### Privacy Profiles
**Identity isolation system:**
#### Storage Isolation
* Separate cookie jars per profile
* Independent localStorage/sessionStorage
* Isolated IndexedDB
* Separate cache per profile
#### Network Isolation
* Profile-scoped DNS caches
* Separate HTTP cache
* Isolated connection pools
* Profile-specific TLS sessions
#### Cryptographic Isolation
* Different identities per profile
* Separate keystores
* Profile-scoped certificates
* No cross-profile credential sharing
### Tracker Blocking
**Native blocking engine:**
#### Filter Lists
* EasyList, EasyPrivacy integrated
* Custom Macro filter additions
* Auto-updating filter subscriptions
* Applied before network requests
#### Blocking Scope
* Third-party trackers
* Advertising networks
* Analytics scripts
* Social media widgets
* Fingerprinting scripts
#### Performance
* Blocking at network layer (faster than extension-based)
* Reduced bandwidth consumption
* Faster page loads
* Lower CPU usage
### Fingerprint Defense
**Multi-layer anti-fingerprinting:**
#### Canvas Fingerprinting
* Randomized canvas rendering
* Per-profile fingerprint variation
* Noise injection into canvas operations
#### WebGL Fingerprinting
* WebGL context spoofing
* GPU information masking
* Renderer information randomization
#### Audio Context Fingerprinting
* Audio fingerprint randomization
* Oscillator frequency variations
* Per-profile audio signatures
#### Font Fingerprinting
* Limited font enumeration
* Common font subset exposure
* Randomized font metrics
#### Hardware Fingerprinting
* Battery API disabled
* Device memory masking
* CPU core count randomization
* Screen resolution fuzzing
### Cookie Management
**Profile-scoped cookie system:**
#### Isolation
* Each profile has separate cookie jar
* No cookie sharing between profiles
* Isolated third-party cookie handling
#### Policies
* Third-party cookies blocked by default
* Auto-delete on profile close (optional)
* Per-site cookie permissions
* SameSite enforcement
### DNS Privacy
**Encrypted DNS queries:**
#### DNS over HTTPS (DoH)
* Enabled by default
* Prevents ISP query snooping
* Encrypted DNS traffic
#### DNS Providers
* Privacy-respecting resolvers (Quad9, Cloudflare)
* No query logging
* DNSSEC validation
#### VPN Integration
* When Mesh VPN active, DNS routed through VPN
* Prevents DNS leaks
* Query anonymization
### Referrer Policy
**Control what sites see about your navigation:**
#### Policies
* No Referrer (default for cross-origin)
* Same-Origin Only
* Strict (never send referrer)
* Configurable per profile
#### Benefits
* Prevents tracking via referrer chains
* Sites don't see where you came from
* Reduces information leakage
### WebRTC Leak Prevention
**Prevents IP address leaks:**
* WebRTC disabled by default
* ICE candidate filtering when enabled
* No local IP exposure
* VPN-aware WebRTC routing
### HTTPS Enforcement
**Automatic HTTPS upgrades:**
* HTTP requests upgraded to HTTPS when available
* HTTPS-only mode (optional)
* Certificate pinning for known sites
* Invalid certificate warnings
***
Privacy at every layer. Defense in depth.