Anti Detection Disabled In Production

What Happened

The March 22 audit revealed that in CDP mode (the default and only production mode), ALL 12 stealth scripts and humanization features were silently disabled. The stealth code existed in the codebase but was explicitly skipped with a comment: “CDP mode with copied profile doesn’t need stealth scripts.” Humanization was gated behind JOBHUNTR_HUMANIZE env var defaulting to “0” with no UI toggle. Scrolls were mechanical (100px, ~1s intervals).

Root Cause

The gap between “code exists” and “code runs” created a false sense of security. Developers (and the AI agents building the system) saw stealth and humanization modules in the codebase and assumed they were active. The conditional skipping happened deep in the browser initialization : easy to miss during code review.

Fix

The anti-detection suite was built specifically to address this. Instead of stealth scripts (which are unnecessary in CDP mode), the focus shifted to behavioral humanization: Gaussian timing, reading simulation, natural scroll patterns, session pacing : all active by default.

Lesson

Audit what actually runs, not what the code contains. A module that’s imported but conditionally skipped is worse than no module at all : it creates the illusion of protection. This directly contributed to the LinkedIn account restriction on March 25.