Source Code
The entire project, readable in your browser. No hidden JavaScript, no sneaky beacons. If we claimed we don't track you, this is where you check.
|
Pages/
Feeds/
Backend/
Includes/
Stylesheet/
JavaScript/
data/counter.txt and data/guestbook.txt hold visitor-supplied content
(a number and signed messages), so they are not shown here.
|
1 <?php 2 /** 3 * index.php -- Home page 4 * ----------------------------------------------------------------------------- 5 * The front door. Sets the tone, explains the premise, lists features (with 6 * blinking NEW! markers), shows a live "what we already know just from this 7 * request" teaser table, and points at the big [ START SCAN ] button. 8 * 9 * All heavy lifting (detection, fingerprinting, scoring) happens on the Scan 10 * page. This page is intentionally light and mostly server-rendered so it 11 * loads instantly on a 56k modem, spiritually speaking. 12 * ----------------------------------------------------------------------------- 13 */ 14 15 require_once __DIR__ . '/includes/config.php'; 16 require_once __DIR__ . '/includes/functions.php'; 17 18 $PAGE_TITLE = 'Home'; 19 $PAGE_ID = 'index.php'; 20 21 // A few server-side facts we can show immediately, with zero JavaScript, to 22 // make the point that the visitor is already leaking data just by being here. 23 $ip = client_ip(); 24 $ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '(none sent)'; 25 $lang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '(none sent)'; 26 $enc = isset($_SERVER['HTTP_ACCEPT_ENCODING']) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : '(none sent)'; 27 $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '(unknown)'; 28 $proto = http_protocol(); 29 $secure = is_https() ? 'HTTPS (encrypted)' : 'HTTP (plaintext!)'; 30 $server_soft = isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : '(hidden)'; 31 32 $features = isset($GLOBALS['FEATURE_LIST']) ? $GLOBALS['FEATURE_LIST'] : array(); 33 $updates = isset($GLOBALS['UPDATE_LOG']) ? $GLOBALS['UPDATE_LOG'] : array(); 34 35 include __DIR__ . '/includes/header.php'; 36 ?> 37 38 <h1><?php echo section_icon('eye', '#00FF00', 22); ?> What Can I Learn About You?</h1> 39 40 <div class="note"> 41 <b>Short answer:</b> more than you would like. This page is a live demonstration 42 of everything a completely ordinary website can figure out about a visitor — 43 using nothing but the request your browser sent and a pile of standard browser 44 APIs. No exploits. No malware. No permission prompts. Just the defaults. 45 </div> 46 47 <p> 48 Every time you open a web page, your browser volunteers a surprising amount of 49 information. Your IP address reveals roughly where you are and who your provider 50 is. Your <span class="mono">User-Agent</span> announces your browser and OS. 51 A few lines of JavaScript can measure your screen, count your CPU cores, probe 52 dozens of hardware features, and quietly build a <b>fingerprint</b> that follows 53 you around — no cookies required. 54 </p> 55 56 <p class="green"> 57 > This site proves the point, then throws it all away. Nothing you see here is 58 stored, logged, or transmitted anywhere. Read the 59 <a href="<?php echo eattr(url('source.php')); ?>">source</a> if you don't believe us. 60 </p> 61 62 <!-- Two-column classic layout: main call-to-action + sidebar --> 63 <table class="cols layout"><tr> 64 <td> 65 66 <!-- ============ THE BIG BUTTON ============ --> 67 <div class="asciibox center"> 68 <pre class="green mb0" style="font-size:16px"> 69 +==================================================+ 70 | | 71 | READY TO SEE WHAT THIS PAGE CAN SEE? | 72 | | 73 +==================================================+</pre> 74 <p> 75 <a class="btn" href="<?php echo eattr(url('scan.php')); ?>" 76 style="font-size:26px;padding:8px 28px;display:inline-block;margin:8px"> 77 >> START SCAN << 78 </a> 79 </p> 80 <p class="dim"> 81 The scan runs entirely in your browser. It takes about five seconds and 82 reveals your fingerprint, a privacy score, and a full report. 83 </p> 84 </div> 85 86 <!-- ============ ALREADY-LEAKING TEASER ============ --> 87 <div class="panel"> 88 <div class="panel-title"><?php echo section_icon('globe'); ?> <span class="ico"></span>What We Already Know (no JavaScript required)</div> 89 <div class="panel-body"> 90 <table class="data kv"> 91 <tr><td class="k">Your IP Address</td><td class="v"><b class="yellow"><?php echo e($ip); ?></b></td></tr> 92 <tr><td class="k">Connection</td><td class="v"><?php echo e($secure); ?> over <?php echo e($proto); ?></td></tr> 93 <tr><td class="k">Host Requested</td><td class="v"><?php echo e($host); ?></td></tr> 94 <tr><td class="k">User-Agent</td><td class="v" style="font-size:15px"><?php echo e($ua); ?></td></tr> 95 <tr><td class="k">Accept-Language</td><td class="v"><?php echo e($lang); ?></td></tr> 96 <tr><td class="k">Accept-Encoding</td><td class="v"><?php echo e($enc); ?></td></tr> 97 <tr><td class="k">Server Software</td><td class="v"><?php echo e($server_soft); ?></td></tr> 98 </table> 99 <p class="dim mb0"> 100 ↑ Your browser sent all of the above <b>before a single line of our 101 code ran</b>. The <a href="<?php echo eattr(url('scan.php')); ?>">full scan</a> 102 adds geolocation, ISP, VPN detection, hardware, and your fingerprint. 103 </p> 104 </div> 105 </div> 106 107 <!-- ============ FEATURE LIST ============ --> 108 <div class="panel"> 109 <div class="panel-title"><?php echo section_icon('folder'); ?> <span class="ico"></span>Features</div> 110 <div class="panel-body"> 111 <table class="data"> 112 <tr><th>Module</th><th>What it does</th><th> </th></tr> 113 <?php foreach ($features as $f): 114 $name = $f[0]; $desc = $f[1]; $isnew = !empty($f[2]); ?> 115 <tr> 116 <td class="nowrap"><b class="cyan"><?php echo e($name); ?></b></td> 117 <td><?php echo e($desc); ?></td> 118 <td class="center"><?php echo $isnew ? '<span class="new-gif">NEW!</span>' : ''; ?></td> 119 </tr> 120 <?php endforeach; ?> 121 </table> 122 </div> 123 </div> 124 125 </td> 126 127 <!-- ============ SIDEBAR ============ --> 128 <td class="col-side"> 129 130 <div class="sidebox"> 131 <div class="sidebox-title"><?php echo section_icon('warning', '#FFFF00'); ?> Site News</div> 132 <ul class="retro" style="margin-left:14px;font-size:15px"> 133 <?php 134 $shown = 0; 135 foreach ($updates as $u): 136 if ($shown++ >= 5) break; ?> 137 <li><span class="dim"><?php echo e($u[0]); ?></span><br><?php echo e($u[1]); ?></li> 138 <?php endforeach; ?> 139 </ul> 140 <div class="center"><a href="<?php echo eattr(url('rss.php')); ?>" style="font-size:14px">[ RSS feed ]</a></div> 141 </div> 142 143 <div class="sidebox"> 144 <div class="sidebox-title"><?php echo section_icon('lock', '#00FF00'); ?> Our Promise</div> 145 <ul class="retro" style="margin-left:14px;font-size:15px"> 146 <li>We store <b class="green">nothing</b>.</li> 147 <li>We set <b class="green">no cookies</b>.</li> 148 <li>We log <b class="green">no visitors</b>.</li> 149 <li>Everything is <b class="green">local</b>.</li> 150 <li>The code is <b class="green">open</b>.</li> 151 </ul> 152 </div> 153 154 <div class="sidebox"> 155 <div class="sidebox-title"><?php echo section_icon('chip', '#00FFFF'); ?> Quick Links</div> 156 <ul class="retro" style="margin-left:14px;font-size:15px"> 157 <li><a href="<?php echo eattr(url('scan.php')); ?>">Run the Scan</a></li> 158 <li><a href="<?php echo eattr(url('browser.php')); ?>">Browser Details</a></li> 159 <li><a href="<?php echo eattr(url('fingerprint.php')); ?>">Fingerprint Me</a></li> 160 <li><a href="<?php echo eattr(url('privacy.php')); ?>">Privacy Score</a></li> 161 </ul> 162 </div> 163 164 <div class="sidebox center"> 165 <div class="sidebox-title">Hit Counter</div> 166 <pre class="green mb0" style="font-size:18px;letter-spacing:2px"><?php echo e(odometer(get_visit_count())); ?></pre> 167 <div class="dim" style="font-size:13px">visitors (and counting)</div> 168 </div> 169 170 </td> 171 </tr></table> 172 173 <hr> 174 175 <!-- ============ WHY THIS EXISTS ============ --> 176 <div class="warnbx"> 177 <b>Why build this?</b> Because "privacy policy" pages are boring and nobody reads 178 them. It is more convincing to simply <i>show</i> you what a website sees the 179 instant you arrive. Once you have seen it, you cannot un-see it — and you 180 might finally install that tracker blocker. 181 </div> 182 183 <p class="center dim"> 184 <?php echo section_icon('monitor'); ?> 185 Best viewed in Firefox at 1024x768. Netscape 4 users, we salute your persistence. 186 <?php echo section_icon('monitor'); ?> 187 </p> 188 189 <?php include __DIR__ . '/includes/footer.php'; ?> 190 You are reading the real file being executed on the server. What you see is what runs. |