Purpose
Aerod apps should help users understand what a website can observe from the current browser and connection. The methodology is not built around vague privacy scores. It is built around observable signals, limitations, and practical fixes.
Result model
Each app result should answer four questions:
- What was checked? The exact browser, network, or configuration surface.
- What was observed? The signal returned by the browser or request.
- Why does it matter? The practical privacy or security implication.
- What can be changed? Browser settings, VPN/proxy configuration, resolver choices, extension behavior, or account hygiene.
Client-side checks
Browser checks should run in the browser where practical. These checks may include rendering, storage, timezone, language, viewport, permission, and platform signals. Client-side checks should avoid sending raw fingerprint data to a server unless a specific feature requires it and the data handling policy covers it.
Server-side checks
Some checks require a request to Aerod, such as public IP visibility, request headers, ASN, or connection routing indicators. Server-side checks should return the result without turning it into a long-term user profile by default.
Limitations
No single check proves a user is private or exposed everywhere. Results are contextual. Browser updates, VPN/proxy routing, DNS resolver behavior, extensions, and account state can all change what another site observes.