A web page that shows you everything the browser told it without asking
A live demo page exposes IP geolocation, timezone, GPU string, font set, battery level, and storage allocation — all collected before any interaction, no permissions requested.
What Matters
- IP geolocation runs server-side against a third-party API; your device never volunteered a location, it volunteered a routable address.
-
WebGL fingerprinting reads the full GPU renderer string (e.g.
Vulkan 1.3.0 SwiftShader) revealing manufacturer, generation, and approximate price tier. - Font probing across 17 common typefaces produces a near-unique device fingerprint combinable with screen size, timezone, and GPU — no cookies needed.
- Battery API exposure: researchers demonstrated in 2015 that level plus discharge time could track users across sites for 30 minutes; Firefox removed the API in 2016, but many browsers still expose it.
- The page allocates 418 MB of origin storage automatically — and notes most sites don’t leave it empty.
- [HN: @karmakaze] EFF’s coveryourtracks.eff.org is more rigorous; their test showed his fingerprint was unique among all visitors in the past 45 days.
- [HN: @lucideer] Several data points silently fail or return garbled output rather than explicit “withheld” — accuracy is lower than the dramatic copy implies; @acid__ calls it “AI-generated slop.”
