Documentation

App Methodology

How Aerod structures IP lookup, WebRTC, browser leak, fingerprint, proxy/VPN, and DNS exposure checks without pretending one result proves privacy.

On this page

Aerod apps are designed to explain observable exposure. They should not present privacy as a magic score, and they should not imply that one browser, route, or IP result proves anonymity.

The active app routes are IP Lookup, WebRTC Leak Test, Browser Leak Test, Browser Fingerprint Check, and Proxy/VPN Detection. DNS Leak Test remains planned until the controlled resolver infrastructure exists.

Result model

Every app should answer five questions:

  1. What was checked? The IP address, browser, network, resolver, rendering surface, permission state, connection candidate, or route signal involved.
  2. What was observed? The value, behavior, match, mismatch, or warning returned by the current session.
  3. Why does it matter? The practical privacy or security implication.
  4. What is the limitation? What the module cannot know from this browser, request, or data source.
  5. What should change next? A setting, provider decision, browser profile decision, VPN/proxy configuration, resolver choice, or workflow improvement.

The interface should favor clear result cards over vague fear language.

Active app scope

AppWhat it explainsPrimary limit
IP LookupPublic IP, IPv4/IPv6 lookup, ASN, ISP or organization, approximate location, timezone, and map context when available.IP geolocation is approximate and may identify a network route rather than a physical device.
WebRTC Leak TestBrowser ICE candidates, public-looking candidates, private/local candidates, hostnames, and mDNS-obfuscated values.A single run does not prove every future session behaves the same way.
Browser Leak TestBrowser identity, locale, storage, permissions, privacy controls, and practical exposure notes.Visible browser signals are normal; interpretation depends on context and account state.
Browser Fingerprint CheckRendering, WebGL, audio, fonts, client hints, screen geometry, storage, permissions, and consistency signals.A local session fingerprint estimate is not proof of global identity across the web.
Proxy/VPN DetectionRoute context and mismatch cues between proxy/VPN expectations, browser context, WebRTC, DNS, timezone, language, and account state.It can surface consistency clues, not definitively prove every detection system’s classification.

DNS Leak Test status

DNS behavior may require controlled external infrastructure. Aerod should not publish a working DNS Leak Test route until the test can generate and resolve controlled DNS requests reliably. Until then, DNS guidance belongs in VPN, proxy, docs, and setup articles.

What Aerod apps should not claim

Aerod apps should not claim to prove that a user is anonymous, untracked, secure everywhere, compliant, or safe from all fingerprinting. The apps inspect a current browser or IP context. Another site, profile, account, network, or data provider can produce a different result.

Good security tooling is honest about scope.

Update process

When app behavior changes materially, the relevant docs and changelog should be updated. Examples include new lookup providers, changed IP/geolocation fields, changed browser signals, changed risk labels, changed DNS/WebRTC interpretation, new storage behavior, or modified data handling.