Website

Privacy Layer

Privacy Layer

The foundation of Macro's privacy architecture.

Diagram 1

Privacy Profiles

Identity isolation system:

Storage Isolation

  • Separate cookie jars per profile

  • Independent localStorage/sessionStorage

  • Isolated IndexedDB

  • Separate cache per profile

Network Isolation

  • Profile-scoped DNS caches

  • Separate HTTP cache

  • Isolated connection pools

  • Profile-specific TLS sessions

Cryptographic Isolation

  • Different identities per profile

  • Separate keystores

  • Profile-scoped certificates

  • No cross-profile credential sharing

Tracker Blocking

Native blocking engine:

Filter Lists

  • EasyList, EasyPrivacy integrated

  • Custom Macro filter additions

  • Auto-updating filter subscriptions

  • Applied before network requests

Blocking Scope

  • Third-party trackers

  • Advertising networks

  • Analytics scripts

  • Social media widgets

  • Fingerprinting scripts

Performance

  • Blocking at network layer (faster than extension-based)

  • Reduced bandwidth consumption

  • Faster page loads

  • Lower CPU usage

Fingerprint Defense

Multi-layer anti-fingerprinting:

Canvas Fingerprinting

  • Randomized canvas rendering

  • Per-profile fingerprint variation

  • Noise injection into canvas operations

WebGL Fingerprinting

  • WebGL context spoofing

  • GPU information masking

  • Renderer information randomization

Audio Context Fingerprinting

  • Audio fingerprint randomization

  • Oscillator frequency variations

  • Per-profile audio signatures

Font Fingerprinting

  • Limited font enumeration

  • Common font subset exposure

  • Randomized font metrics

Hardware Fingerprinting

  • Battery API disabled

  • Device memory masking

  • CPU core count randomization

  • Screen resolution fuzzing

Cookie Management

Profile-scoped cookie system:

Isolation

  • Each profile has separate cookie jar

  • No cookie sharing between profiles

  • Isolated third-party cookie handling

Policies

  • Third-party cookies blocked by default

  • Auto-delete on profile close (optional)

  • Per-site cookie permissions

  • SameSite enforcement

DNS Privacy

Encrypted DNS queries:

DNS over HTTPS (DoH)

  • Enabled by default

  • Prevents ISP query snooping

  • Encrypted DNS traffic

DNS Providers

  • Privacy-respecting resolvers (Quad9, Cloudflare)

  • No query logging

  • DNSSEC validation

VPN Integration

  • When Mesh VPN active, DNS routed through VPN

  • Prevents DNS leaks

  • Query anonymization

Referrer Policy

Control what sites see about your navigation:

Policies

  • No Referrer (default for cross-origin)

  • Same-Origin Only

  • Strict (never send referrer)

  • Configurable per profile

Benefits

  • Prevents tracking via referrer chains

  • Sites don't see where you came from

  • Reduces information leakage

WebRTC Leak Prevention

Prevents IP address leaks:

  • WebRTC disabled by default

  • ICE candidate filtering when enabled

  • No local IP exposure

  • VPN-aware WebRTC routing

HTTPS Enforcement

Automatic HTTPS upgrades:

  • HTTP requests upgraded to HTTPS when available

  • HTTPS-only mode (optional)

  • Certificate pinning for known sites

  • Invalid certificate warnings

Privacy at every layer. Defense in depth.

PreviousBrowser EngineNextWeb3 Integration

Last updated