Picture the tracking you accept online — happening to you physically, all day, by people you can see. It would feel like a dystopia. Online, we call it Tuesday.
Walk through an ordinary afternoon ↓
You step into the corner shop. A greeter clips a numbered tag to your collar — "just for analytics" — and notes that you came from the bakery next door.
You never signed up for a loyalty card. It doesn’t matter — the tag follows you anyway, building a file under a number instead of your name.
You peel off the clip-on tag. Too late: they’ve already stitched one into the lining of your coat from the cut of your shoes and the way you walk. You can’t take it off.
The discount card in your wallet turns out to be a logger for every basket. The store knows what you reached for and put back.
On the walk home, the mall quietly matches the poster you glanced at this morning to the card you swiped tonight.
Every chain you visited pools its tags into one ledger about you, sold on to anyone who asks — including strangers three states away.
By the end of the day you’re carrying a small forest of tags — and none of them are yours.
The reveal
None of it felt like anything, because software is invisible and costs almost nothing to deploy everywhere at once. Here is the same afternoon, with the set removed.
Each moment from the story is a real mechanism. Every number below is cited — accuracy is the whole point.
Embedded pixels and SDKs report your visit to companies you have never heard of, often before you click anything — and whether or not you have an account with them.
The average person’s data reached Meta from 2,230 separate companies over three years.
The study’s panel self-selected for privacy-aware users, so treat 2,230 as directional, not a population mean.
Trackers profile logged-out visitors and people with no account at all. Researchers found embedded pixels sending sensitive health details to Meta for patients who had never used Facebook.
As of 2024, roughly a third of healthcare websites still carried the Meta Pixel.
Fingerprinting identifies you from screen size, fonts, GPU, language and dozens of other signals — no cookie to clear, nothing to opt out of.
Combining browser and device signals can single out ~99% of users with no cookie at all.
Retailers turned purchase histories into advertising businesses. Target once modeled pregnancy and due dates from about 25 ordinary products, then hid the baby coupons among unrelated items.
Retail media generated roughly $140B in ad revenue globally in 2024.
Target’s pregnancy model is documented; the famous “angry father at the store” anecdote was reported second-hand and has never been verified — treat it as folklore.
Google secretly paid Mastercard for transaction data to confirm whether people who saw an ad later bought something in a physical store.
The deal covered roughly 2 billion cards and was never disclosed to cardholders.
Only the merchant and total were shared, not the itemized basket.
Data brokers fuse loyalty, web, location and public records into a single profile, then license it across the ad ecosystem.
Acxiom claims up to ~10,000 attributes on roughly 2.5 billion people.
The 10,000-attribute figure is Acxiom’s own marketing claim, not independently audited.
Oracle shut down its entire advertising and consumer-data business — once targeting across 30,000+ attributes — as revenue collapsed under privacy pressure.
Oracle Advertising closed on September 30, 2024 (revenue fell from ~$2B to ~$300M).
In 2024 the FTC issued its first-ever bans on selling sensitive location data, ordering brokers to delete the histories they had amassed.
X-Mode/Outlogic, InMarket and Kochava were all forced to stop selling precise location data in 2024.
Figures verified June 2026. The whole list lives in one cited data file — check our sources.
The turn
xNet is a local-first workspace where the data starts on your device and stays under your control. Not a tracker blocker — a different foundation, where there’s nothing to traffic in the first place.
Documents, databases, the whole workspace persist locally first — SQLite in the browser, native on desktop and mobile. No server is required for any of it.
Your identity is a cryptographic key on your device (a did:key, backed by a passkey) — not an account on someone’s server. Nobody else holds your credentials.
Edits are signed with your key and hash-chained, so authorship and integrity are provable. The data is yours by construction, not by promise.
xNet isn’t funded by advertising, so there is no tracking SDK to embed and no profile to sell. The business model simply doesn’t need your behavior.
There’s one consent switch for anything that could leave your device, and it starts off. Optional diagnostics are scrubbed and opt-in — never the price of entry.
The SDK and protocol are MIT-licensed, with a written spec and golden test vectors reproduced in Rust, Python and Swift. You don’t have to trust us — you can check.
A privacy pitch that overclaims is just more marketing. So here’s the honest version, and the source code to check it against.
We won’t say everything is end-to-end encrypted.
Encryption is yours to switch on. Some data is public by design — you decide what’s private.
We won’t say there are no servers.
No server is required, but a hub — yours to self-host or our managed one — is useful for sync and backup. When you use one, it only ever holds encrypted data.
We won’t say you’re anonymous.
Your identity is a pseudonymous key you control, not a name we hold. If you opt into diagnostics, they’re scrubbed first.
This page set 0 cookies · 0 third-party requests · 0 trackers.
Verify it yourself: open DevTools → Network. Nothing about your visit left your browser.
Documents, databases, canvas, tasks — a real workspace that happens to keep everything on your side of the glass.