Wisp — What your network is whispering.

What your network is whispering.

You can't read their source code. But you can read every byte they send.

🔓 Get Early Access 🔍 See the evidence

100% LOCAL · NO ACCOUNTS · NO SERVERS · OPEN AUDIT LOG · macOS NATIVE

Exhibit A — Capabilities

🕶️

Privacy Mode

See which apps phone home when they think you're not watching. Real-time classification with AI narratives.

🌍

Globe View

3D globe fed by 212 data sources shows where your data flows in real-time. Arcs colored by threat level. Click any arc for the full story.

💀

Hacker Mode

Full packet inspection. Monaco editor, hex dumps, TLS certs, timing waterfall. The raw bytes on the wire.

🛡️

Browser Guard

Detect when apps inject tracking scripts into web views. BrowserGate-style attacks caught before they report.

Exhibit B — The Evidence

INTERCEPTED TRANSMISSIONS

These aren't hypothetical. These happened.

LITIGATION PENDING

POST /li/track
Host: analytics.linkedin.com
X-LI-Track: extensions=probe
Body: {"browser":"chrome",
"extensions_found":6247,
"fingerprint":"ext_enum_v3"}

Extension Fingerprinting

LinkedIn · 2024

LinkedIn probed for 6,247 browser extensions to build a unique fingerprint of each visitor — identifying users across sessions even without cookies.

NO ACCOUNTABILITY

POST /api/telemetry
Host: analytics.trae.ai
X-BD-Trace: workspace_scan
Body: {"files":[".env","secrets.yml"],
"contents":"API_KEY=sk-......",
"dest":"cn-north-1.bytedance"}

ByteDance Phone-Home

Trae IDE · 2025

ByteDance's code editor transmitted workspace file trees, open tab contents, and keystrokes to servers in mainland China — silently, even when telemetry was toggled off.

$725M SETTLED

GET /tr?id=PIXEL_ID
Host: connect.facebook.net
Referer: hospital-portal.com
ev=PageView&cd={"diagnosis":
"depression","page":"/rx/fill",
"uid":"patient_38291"}

Meta Pixel Exfiltration

Meta / Facebook · 2022

Meta's tracking pixel was embedded on hospital websites, transmitting health conditions, prescriptions, and patient data directly to Facebook's ad infrastructure.

$85M SETTLED

CONNECT zoom.us:443
Routed: cn-bj-1.zoom.com.cn
Encryption: AES-128-ECB
Claimed: "End-to-End AES-256"
Key-escrow: zoom-infra/cn-keys
Meeting: DECRYPTABLE

Zoom Encryption Deception

Zoom · 2020

Zoom claimed end-to-end encryption while routing traffic through Chinese servers. Meeting content and encryption keys were accessible despite E2E promises.

Exhibit C — The Threat Landscape

WHY THIS EXISTS

The last decade of attacks. The reason you need to see every byte leaving your machine.

🔒 RANSOMWARE

$30B+ total damage · trend: accelerating

2017 — NotPetya — Maersk lost 45K PCs, 4K servers. $10B global damage from a single Ukrainian tax update.

2017 — WannaCry — NHS crippled. hospitals diverted patients, cancelled surgeries. 200K machines in 150 countries.

2021 — Colonial Pipeline — US East Coast fuel supply halted. Root cause: no MFA on a legacy VPN.

2024 — Change Healthcare — 100M patient records. Paid $22M ransom. Then extorted again by a second group.

🔗 SUPPLY CHAIN

$60B+ annually by 2025 · doubling year-over-year

2020 — SolarWinds — Backdoored update reached Pentagon, DHS, Treasury, DOE, Microsoft, Intel. 18,000 orgs compromised.

2021 — Log4Shell — A zero-day in a logging library triggered by a Minecraft chat message. CVSS 10.0.

2024 — XZ Utils — Two-year social engineering attack on a volunteer maintainer. Caught because of 500ms SSH latency.

2025 — React2Shell — Prototype pollution → RCE. CVSS 10.0. 571,249 public servers vulnerable at disclosure.

🎯 NATION-STATE

cyber as a tool of conflict · damage: incalculable

2010 — Stuxnet — US/Israel malware crossed air-gapped networks to destroy 1,000 Iranian centrifuges. First cyber weapon.

2015 — OPM Breach — China exfiltrated 22.1M federal employee records + 5.6M fingerprints. Every US security clearance holder exposed.

2024 — Salt Typhoon — Chinese hackers inside US wiretap systems. AT&T, Verizon, T-Mobile compromised. Ongoing.

⚡ ZERO-DAYS

black market: $2M+ per exploit · 97 exploited in 2023

2016+ — Pegasus/NSO — Zero-click iPhone exploits. Victims compromised from a message they never opened.

2017 — EternalBlue — Stolen NSA exploit. Powered two most destructive cyberattacks in history (WannaCry + NotPetya).

2024 — Ivanti VPN — CISA ordered all federal agencies to fully disconnect Ivanti appliances. Active exploitation in the wild.

🏭 CRITICAL INFRASTRUCTURE

where cyber meets physical · consequences measured in lives

2015 — Ukraine Power Grid — Russian hackers remotely opened breakers. 230,000 people lost power in December.

2021 — Oldsmar Water — Attacker increased sodium hydroxide to 100x lethal levels in Florida water supply. Caught by operator watching screen.

2025 — UK Retail Siege — DragonForce hit M&S, Co-op, and Harrods in weeks. Supply chains halted, online orders frozen.

[ CURRENT THREAT FEED ]

Bybit — $1.5B stolen (largest crypto heist ever)
Jaguar Land Rover — £1.9B data breach via Hellcat ransomware
Red Hat GitLab — 570GB source code leaked
React2Shell — CVSS 10.0 — 571K servers vulnerable
AI Phishing — 1,265% increase since ChatGPT launch

The Current Wave

2025–2026

Identity abuse, not zero-days, drives most breaches now. Stolen credentials. Session tokens. Social engineering. The attack surface isn't technical — it's human.

🔓 EARLY ACCESS

Everything free. No paywalls. No tiers. Just raw network intelligence for those who want to see.

Get Early Access

still hacking on this thing — stay close.