Privacy Mode
See which apps phone home. Real-time classification and AI narratives.
Globe View
3D globe fed by 212 data sources. See where traffic lands live.
Hacker Mode
Full packet inspection: Monaco, hex dumps, TLS certs, timing waterfall.
Browser Guard
Detect extension probes, injected trackers, and BrowserGate-style attacks.
What your network is whispering.
You can't read their source code. But you can read every byte they send.
Exhibit A — The Evidence
INTERCEPTED TRANSMISSIONS
These aren't hypothetical. These happened.
LITIGATION PENDING
RISK▲▲▲△△
POST /li/track
Host: analytics.linkedin.com
X-LI-Track: extensions=probe
Body: {"browser":"chrome",
"extensions_found":6247,
"fingerprint":"ext_enum_v3"}
Host: analytics.linkedin.com
X-LI-Track: extensions=probe
Body: {"browser":"chrome",
"extensions_found":6247,
"fingerprint":"ext_enum_v3"}
Extension Fingerprinting
LinkedIn · 2024
LinkedIn probed for 6,247 browser extensions to build a unique fingerprint of each visitor — identifying users across sessions even without cookies.
NO ACCOUNTABILITY
RISK▲▲▲▲▲
POST /api/telemetry
Host: analytics.trae.ai
X-BD-Trace: workspace_scan
Body: {"files":[".env","secrets.yml"],
"contents":"API_KEY=sk-......",
"dest":"cn-north-1.bytedance"}
Host: analytics.trae.ai
X-BD-Trace: workspace_scan
Body: {"files":[".env","secrets.yml"],
"contents":"API_KEY=sk-......",
"dest":"cn-north-1.bytedance"}
ByteDance Phone-Home
Trae IDE · 2025
ByteDance's code editor transmitted workspace file trees, open tab contents, and keystrokes to servers in mainland China — silently, even when telemetry was toggled off.
$725M SETTLED
RISK▲▲▲▲△
GET /tr?id=PIXEL_ID
Host: connect.facebook.net
Referer: hospital-portal.com
ev=PageView&cd={"diagnosis":
"depression","page":"/rx/fill",
"uid":"patient_38291"}
Host: connect.facebook.net
Referer: hospital-portal.com
ev=PageView&cd={"diagnosis":
"depression","page":"/rx/fill",
"uid":"patient_38291"}
Meta Pixel Exfiltration
Meta / Facebook · 2022
Meta's tracking pixel was embedded on hospital websites, transmitting health conditions, prescriptions, and patient data directly to Facebook's ad infrastructure.
$85M SETTLED
RISK▲▲▲▲△
CONNECT zoom.us:443
Routed: cn-bj-1.zoom.com.cn
Encryption: AES-128-ECB
Claimed: "End-to-End AES-256"
Key-escrow: zoom-infra/cn-keys
Meeting: DECRYPTABLE
Routed: cn-bj-1.zoom.com.cn
Encryption: AES-128-ECB
Claimed: "End-to-End AES-256"
Key-escrow: zoom-infra/cn-keys
Meeting: DECRYPTABLE
Zoom Encryption Deception
Zoom · 2020
Zoom claimed end-to-end encryption while routing traffic through Chinese servers. Meeting content and encryption keys were accessible despite E2E promises.
Exhibit B — The Threat Landscape
WHY THIS EXISTS
The last decade of attacks. The reason you need to see every byte leaving your machine.
RISK▲▲▲▲▲
🔒 RANSOMWARE
$30B+ damage · trend: accelerating
NotPetya — $10B global damage from one poisoned tax update.
WannaCry — NHS hospitals diverted patients after 200K machines were hit in 150 countries.
Colonial Pipeline — fuel supply halted because a legacy VPN lacked MFA.
Change Healthcare — 100M patient records, paid once, then extorted again.
RISK▲▲▲▲▲
🔗 SUPPLY CHAIN
trusted software becomes the entry point
SolarWinds — 18,000 orgs pulled in a backdoored update.
Log4Shell — internet-wide exposure from a tiny logging dependency.
XZ / React2Shell — patience, maintainer pressure, and one missed review can cascade.
RISK▲▲▲▲▲
🎯 NATION-STATE
cyber as conflict, espionage, and leverage
Stuxnet — code crossed air gaps and destroyed centrifuges.
OPM — 22.1M federal records and 5.6M fingerprints exposed.
Salt Typhoon — wiretap systems and major US carriers compromised.
RISK▲▲▲▲△
⚡ ZERO-DAYS
black market: $2M+ per exploit
Pegasus — zero-click iPhone compromise from messages victims never opened.
EternalBlue — stolen NSA tooling powered history-making attacks.
Ivanti — federal agencies were told to fully disconnect live targets.
RISK▲▲▲▲▲
🏭 CRITICAL INFRASTRUCTURE
where packets turn into physical harm
Ukraine Grid — 230,000 people lost power in winter.
Oldsmar Water — sodium hydroxide was pushed toward lethal levels.
Colonial / retail sieges — supply chains and essential services freeze fast.
RISK▲▲▲▲△
🔥 THE CURRENT WAVE
identity abuse beats zero-days most days
Bybit — $1.5B stolen in the biggest crypto heist yet.
UK retail siege — M&S, Co-op, and Harrods hit in weeks.
AI phishing — social engineering scales faster than patching does.
RISK▲▲▲▲△
🧑💼 INSIDER THREATS
trusted access turned weapon
Snowden — NSA contractor walked out with classified troves.
Tesla saboteur — employee altered code and exported data.
Twitter 2020 — social-engineered employees hijacked high-profile accounts for a Bitcoin scam.
RISK▲▲▲▲▲
🗃️ DATA BREACHES
billions of records, one mistake
Equifax — 147M Americans' SSNs and credit data exposed.
Yahoo — 3B accounts compromised across two breaches.
Marriott — 500M guest records stolen over four years undetected.
RISK▲▲▲△△
🌐 DDoS / BOTNETS
weaponizing everyday devices at scale
Mirai — cameras and routers knocked Dyn offline, taking down half the internet.
GitHub 2018 — 1.35 Tbps memcached amplification, largest at the time.
Dyn attack — cascading failures hit Twitter, Netflix, and Reddit together.
Field Test
Is this for you?
Wisp is probably for you if the first thing you ask after installing a tool is: what is it actually sending out?
- You want privacy-mode simplicity, but still need hacker-mode receipts when something feels off.
- You care about trackers, telemetry, suspicious DNS, or AI tools quietly phoning home.
- You want LuLu + mitmproxy-level visibility without living in terminal glue and manual setup.
- You would actually use a product that explains weird traffic in plain English and lets you drill deeper.
first pass: surface-level fit check