Research

What Kitsune has actually measured, running real anti-detect tools through the live edge → detector. The thesis holds: incoherence across layers — not any single bad signal — is what survives anti-detect tooling.

93/103evaders caught
143detection rules

What we've learned

The arms-race ladder
Each anti-detect rung defeats the one below it; the detector answers each with a new cross-layer check.
Coordination, not the instance
A single polished bot can hide; a fleet can't — shared JA4/fingerprint/trace collisions across sessions are the durable signal.
Camoufox is the frontier
Engine-level anti-detect Firefox is the hardest case, reaching only ~suspicious — the bar everything else is measured against.
Realm coherence
Many spoofs patch the main JavaScript scope but forget the Worker/iframe realm — the two disagree, and that convicts.
Tells below the application
JA3/JA4, the HTTP/2 preface, QUIC and the TCP/IP stack betray automation before a single line of page JS runs.
Behavioral is the weakest layer
Mouse/keystroke biomechanics are corroborating-only — humanizers are improving, so it never convicts alone.
Precision is the hard part
Real, unusual humans (Brave, Tor, mobile, privacy browsers) must never be flagged — calibration against real-traffic sources is the gate.

How it's grounded

Findings come from running each evader through the real stack, not from synthetic tests. Detections are held to a calibration gate against multiple independent fingerprint sources, so a rule that would flag real humans never ships.

See the full matrix →  ·  Full findings doc