CloakBrowser: when open-source destroys SaaS pricing

Indie Hacker News · 6m 01s · Watch on YouTube · 25 sources

Decision Card

Effort: Afternoon experiment — pip install cloakbrowser (or npm install cloakbrowser), swap one import in an existing Playwright scraper, and run it against a bot-detection test page to see if it clears Turnstile/FingerprintJS for your target.

Honest take: The headline “billion-dollar industry killed” overstates it — CloakBrowser explicitly doesn’t solve CAPTCHAs (it just suppresses them), bundles no proxy rotation, and ships a free-but-proprietary binary under a separate BINARY-LICENSE (only the wrapper is MIT), so “open-source” is doing some marketing work here. It’s also entering a crowded lane where Camoufox already pioneered source-level patching, and CloakBrowser’s edge is keeping the Chromium/Playwright API rather than inventing the technique.

Concrete next steps:

Clone github.com/CloakHQ/CloakBrowser, do the one-line import swap, and test against your actual target site (~30–60 min).
Read the BINARY-LICENSE.md terms before any commercial use — the patched binary is not MIT (~10 min).
Benchmark it head-to-head against Camoufox for your use case, since that’s the closest open-source competitor (~1 hr).
Skip if your blocker is hard CAPTCHAs or you need built-in proxy rotation — this tool addresses neither.

TL;DR

CloakBrowser is an open-source (MIT wrapper + free proprietary binary) stealth Chromium that applies fingerprint patches at the C++/source level while keeping the native Playwright/Puppeteer API, letting existing scrapers migrate with a one-line import change. It claims to pass 30+ bot-detection tests and a 0.9 reCAPTCHA v3 score, positioning it as a free replacement for $50–$300/mo anti-detect browsers — but it doesn’t solve CAPTCHAs or bundle proxies, and you assume all legal risk.

Key Points

Commercial anti-detect browsers (Multilogin, GoLogin, AdsPower) charge $50–$300/month to make scraping bots look human to Cloudflare and reCAPTCHA 00:11
Cloak HQ released an MIT-licensed custom Chromium binary with source-level patches, drop-in compatible with Playwright and Puppeteer 00:23
It reportedly passed all 30 separate bot-detection sites tested, including Cloudflare Turnstile and FingerprintJS 00:35
Migration is a single import swap — from playwright.sync_api import sync_playwright becomes from cloakbrowser import launch 00:38
The differentiator vs prior tools: Playwright-Stealth injects JS at runtime (breaks on Chrome updates), undetected-chromedriver patches detectable flags, and Camoufox does source-level work but forks Firefox (non-Playwright API) 01:46
CloakBrowser is presented as the first to do source-level Chromium patches while keeping the native Playwright API 02:11
Claimed receipts: 9.4k stars in 12 weeks, 57 compiled patches, and a server-verified reCAPTCHA v3 score of 0.9 (human range) 02:21
Patches cover canvas, WebGL, audio context, fonts, GPU strings, screen dimensions, WebRTC ICE candidates, and hardware concurrency at the binary level 02:46
humanize=true adds Bezier-curve mouse paths and per-character keyboard timing; native SOCKS5 with UDP associate, WebRTC IP spoofing, and geoIP=true round out the proxy stack 03:14
Honest trade-offs stated in-video: it does not solve CAPTCHAs (only prevents them), proxy rotation is not bundled, and the user accepts all legal risk 05:21

Notable Quotes

“It is a custom chromium binary with source-level patches compiled in MIT licensed drop-in compatible with Playwright and Puppeteer.” 00:27

“Cloak Browser is the first project to do source level patches on Chromium while keeping the native Playwright API. That is the whole reason it broke through.” 02:11

“This thing does not solve captchas. It just prevents most of them from showing up. So, the hard challenges still need a separate solver.” 05:21

Verified Claims

Commercial anti-detect browsers run $50–$300/month. 00:11
- Multilogin pricing/comparison, AdsPower vs GoLogin
- Verdict: Confirmed (range is broadly right — Multilogin starts at $99/mo; AdsPower/GoLogin run cheaper at the low end but scale up, so the upper-$300 band reflects higher-tier/proxy-inclusive plans).
CloakBrowser is MIT-licensed and a drop-in Playwright/Puppeteer replacement. 00:27
- github.com/CloakHQ/CloakBrowser
- Verdict: Disputed/Partial — the wrapper is MIT, but the patched binary ships under a separate BINARY-LICENSE.md (free usage rights, not MIT). “MIT licensed” applies only to part of the project.
9.4k GitHub stars (at video time). 02:21
- CloakBrowser repo
- Verdict: Confirmed/Outdated — the repo now shows ~22.1k stars, consistent with continued rapid growth past the video’s 9.4k figure.
57 compiled patches and a 0.9 reCAPTCHA v3 score. 02:24
- CloakBrowser repo
- Verdict: Confirmed — repo now lists 58 source-level C++ patches and a server-verified reCAPTCHA v3 score of 0.9 (count grew by one since the video, consistent with ongoing rebases).
Prior open-source approaches each have a structural weakness (JS-injection, detectable flags, or Firefox fork). 01:46
- Scraping Central: Camoufox vs undetected-chromedriver vs Playwright Stealth
- Verdict: Confirmed — independent comparisons describe Playwright-Stealth’s runtime JS patching, undetected-chromedriver’s detectable config patches, and Camoufox as a source-patched Firefox fork (non-Playwright API).
“Camouflage” does source-level work but forks Firefox. 02:04
- Camoufox project
- Verdict: Confirmed (the video means Camoufox) — it’s a source-level patched Firefox fork, which is exactly the non-Chromium/non-Playwright limitation described.
Rebase cadence is roughly every 2 weeks, currently on Chromium 146. 05:15
- CloakBrowser releases
- Verdict: Confirmed — repo tracks Chromium 146.x with active, frequent rebases.

Tools, Papers & Standards Mentioned

CloakBrowser (CloakHQ) — the subject project
Playwright — browser automation framework CloakBrowser mirrors
Puppeteer — Node browser automation, also supported
Camoufox — source-patched Firefox stealth browser (the video’s “Camouflage”)
undetected-chromedriver — Selenium-based patched ChromeDriver
playwright-stealth / playwright-extra stealth — JS-injection stealth layer
Cloudflare Turnstile — CAPTCHA alternative tested against
FingerprintJS — browser fingerprinting / bot detection
Selenium, LangChain, browser-use, Crawl4AI, Stagehand — listed automation integrations
Multilogin, GoLogin, AdsPower — commercial anti-detect browsers it aims to replace
SOCKS5 with UDP ASSOCIATE — see RFC 1928
WebAuthn — capability added in the Chromium 146 rebase

Follow-up Questions

How does CloakBrowser hold up in independent third-party benchmarks against live Cloudflare/Akamai targets (e.g., the 31-target benchmark studies), versus the vendor’s own 30/30 self-reported results?
What exactly does the BINARY-LICENSE.md permit and prohibit — and does its “free usage rights” survive a future move to paid tiers or a hosted service, given the closing “before the venture funding catches up” line?
Since CloakBrowser deliberately bundles no proxy rotation or CAPTCHA solving, what’s the realistic total cost and stack (proxies + solver + CloakBrowser) for a production scraper, and how does that compare to a $99/mo Multilogin plan with proxies included?