War is peace. Ignorance is strength. That is your IP.
Your IP address is a home address. Combined with your ISP, it narrows you to a neighborhood. Advertisers use it for geo-targeting. Law enforcement uses it for subpoenas. Data brokers sell it in bulk. You didn't type any of this — your router announced it.
Your browser version tells attackers which exploits work on you. Your language reveals your nationality. "Do Not Track" is ignored by almost every site — but sending it makes your fingerprint more unique. Even your PDF viewer setting is a data point in a profile being built right now.
Screen resolution + pixel ratio + GPU = a near-unique device signature. Fewer than 1 in 50,000 devices share your exact combination. Advertisers don't need your name — your hardware IS your name. They track you across sites without a single cookie.
Your battery level tells sites when you're desperate. Low battery + not charging = you're out, on the move, and less likely to comparison shop. Some pricing algorithms charge more when your battery is low. The discharge rate reveals your device age and usage pattern.
Storage quota reveals your device class — cheap phone or flagship. Usage reveals how much you browse. Combined with other signals, it helps classify you into an income bracket. All without asking.
We know how many cameras, microphones, and speakers you have. That count is surprisingly unique. External webcam? You probably work from home. Multiple audio outputs? You have a desk setup. This page didn't access them — but it knows they're there.
Dark mode tells them when you browse — probably at night. Reduced motion hints at accessibility needs. Your color gamut reveals your display tier. Each "preference" is a confession about your habits, your health, and your hardware. You set these for comfort. They read them for profit.
Your timezone is your longitude. Your OS version tells them what patches you're missing. Your platform string narrows you to a device family. Together they answer: where are you, what are you running, and what's vulnerable?
These hashes are your digital DNA. Every GPU renders a canvas slightly differently. Every audio stack processes a signal uniquely. Combined, they create an ID that survives cleared cookies, incognito mode, and VPNs. You can't opt out of your own hardware.
Your connection speed reveals if you're on home WiFi, office ethernet, or mobile data. RTT latency estimates your distance from the server. Data saver mode signals a limited plan — which means limited income. Sites adjust content quality, ad load, and pricing based on what your connection tells them about you.
Everything above was collected without asking. Your browser does have a few gates left — APIs that require your explicit consent. You see these prompts every day. Most people click Allow. This page uses live data for previews only — nothing is recorded.
Safe: Video calls, QR scanning, face unlock, ID verification.
Risk: The site gets a raw video feed. It can capture frames silently, run facial recognition, or record without any visible indicator after you grant access once.
Safe: Voice calls, dictation, voice search, audio recording apps.
Risk: The mic hears the room — not just you. Conversations, TV audio, keyboard sounds. Research has decoded keystrokes from mic audio alone. Some sites keep listening after the session ends.
Safe: Maps, navigation, delivery ETAs, weather, ride-sharing pickup.
Risk: IP already got your city. GPS gets your building. Apps that request "always allow" track you continuously — commute patterns, home address, workplace, how long you spend at each location.
Safe: Paste-to-search, autofill, clipboard managers, password managers reading a copied code.
Risk: If you had a password, a crypto wallet address, a credit card number, or a private message in your clipboard — the site just read it. No visible indication. One click.
You know to be suspicious when a site asks for your camera, your microphone, or your location. Those prompts feel invasive — and they should. But the data behind those gates is the data you're already trained to protect.
The 44 data points above? Those were collected without a single prompt. No permission dialog. No consent banner. No indication it was happening. Your GPU, your CPU cores, your battery level, your timezone, your screen resolution, your installed fonts, your canvas fingerprint — all of it read silently on page load, by every site you visit, every time. And that silent data is worth more than your camera feed. It doesn't change. It follows you across sessions, across browsers, across devices. It's your permanent digital fingerprint — and it was built without asking.
The permission prompts aren't the threat. They're the distraction. The real collection already happened before they rendered.