GoKawiil— A Note On What You Gave —
Every observation on this page came from your own browser, in the first milliseconds after you arrived. The words were written by a human. A few honest footnotes follow.
Your location ip-api.com · Free tier · CC-BY-SA Your IP address arrives in the header of every request your device makes. We pass it to ip-api.com to translate it into a city and an internet provider name. The lookup is transient — neither side stores it. Under GDPR, an IP address can be considered personal data when used for tracking. We do not track. We do not retain. We do not log. We display only the first and last octet on screen. We know the rest. We chose not to display it.
Browser APIs MDN Web Docs · Mozilla · CC-BY-SA 2.5 Every observation about your device — screen, browser, language, GPU, cores, battery, fonts, preferences — was retrieved through standard JavaScript APIs documented openly by Mozilla. No exploits, no vulnerabilities, no hacks. Everything on this page is by design. The design is the problem.
Font fingerprinting Electronic Frontier Foundation · Cover Your Tracks (formerly Panopticlick) The technique of detecting installed fonts by measuring rendered text widths has been documented since 2010. The EFF maintains a tool that lets you see how unique your browser is. Most browsers are unique enough to be tracked across the open web without any cookie at all. The combination of fonts is one of the strongest signals.
Canvas fingerprinting Princeton University · Web Transparency & Accountability Project A 2014 study from Princeton was the first to document canvas fingerprinting in the wild. Researchers found it on 5% of the top 100,000 websites — pages that secretly asked the visitor's browser to draw a hidden image, then read the rendered pixels back as an identifier. Your browser supports the technique. We did not draw one. The page you visit after this one might.
Clipboard API MDN · Clipboard API specification With a single user gesture — a click, a tap — a page can request to read the last thing you copied. A password. An address. A draft message. The capability is announced by every modern browser. We did not request it. The capability is there, available to any page that asks at the right moment.
The battery research Olejnik, Englehardt, Narayanan · 2015 · "The Leaking Battery" Published in the proceedings of the Workshop on Data Privacy Management. The paper demonstrated that the combination of battery percentage and discharge time was unique enough to track a visitor across multiple websites for up to thirty minutes — without cookies, without accounts. Firefox removed the API in 2016. Chrome and Edge still expose it.
The technique we did not run Documented · Legal · Widely deployed A page can detect which sites you are logged into by asking your browser to load favicon URLs from those sites and watching which succeed and which fail. Logged-in services return one image; logged-out services return another. The technique requires no permission. With it, a page can know — without asking — whether you are logged into Facebook, Google, X, GitHub, Reddit, LinkedIn, and dozens of others. We did not run this. The technique is documented and legal. Some of the pages you visited today did.
The barcode Computed in your browser · 16 bars · Yours alone Beneath the count, sixteen hairlines whose heights are derived from the data your device handed over — your GPU, your fonts, your screen size, your language, your timezone, your operating system, your browser, your color depth. Same data, same barcode. Different visitor, different barcode. The computation happens in your browser; nothing about it is transmitted. Anyone with your exact fingerprint would see the same bars. The likelihood is small.
... continue reading