browser.knows

你以为你只是在看这个网页。 You think you're just looking at this page.

这个网页也在看你。 The page is also looking at you.

没用 cookie，没让你登录，没要权限。光是打开它——你已经告诉了它下面这些。 No cookies. No login. No permissions asked. Just by opening it — you already told it everything below.

↓ 往下滚 ↓ scroll

第一件 · 你在哪儿 one · where you are

根据你的时区，你大概在…… based on your timezone, you're somewhere near…

—

timezone—

UTC offset—

local time—

language—

accept-lang—

知道时区，就能大致圈出地球上的一条带子；知道接受的语言，再缩小到一两个国家。 Timezone narrows you to a strip of the planet. Accept-Language narrows it to a country or two.

第二件 · 你的设备 two · your machine

screen—

viewport—

pixel ratio—

color depth—

OS—

CPU cores—

RAM (≥)—

GPU—

touch—

battery—

屏幕、显卡、内存、核心数——一台机器的几乎全部"身材尺寸"。没问，就给你了。 Screen, GPU, memory, cores — most of a machine's "measurements." It didn't ask. You handed them over.

第三件 · 你怎么联进来的 three · how you arrived

IP—

connection—

downlink—

protocol—

TLS—

referrer—

user-agent—

IP 是绕不开的——服务器要回包，就一定知道往哪儿回。
这一行不是浏览器告诉网页的，是网络本身告诉的。 The IP is unavoidable — the server has to know where to send the reply.
That line isn't from your browser. It's from the network itself.

第四件 · 你的小偏好 four · your little preferences

color scheme—

reduced motion—

color gamut—

contrast—

cookies—

do-not-track—

PDF viewer—

你设过深色模式？你嫌动画太晃眼？你不喜欢被跟踪？——它都知道。
哪怕 DNT 写着"请别跟踪"，绝大多数网站会笑笑然后照跟不误。 You set dark mode? You hate motion? You toggled "do not track"? It knows.
And DNT? Most sites just smile and track you anyway.

第五件 · 你的指纹 five · your fingerprint

让浏览器在画布上画一行字、播一段听不见的声音——画出来、播出来的结果，每台机器都不一样。 Ask the browser to draw text on a canvas and play an inaudible tone. The bytes that come back differ on every machine.

canvas 指纹

canvas fingerprint

—

audio 指纹

audio fingerprint

—

综合指纹

combined fingerprint

—

把这串和上面所有信息拼起来：在地球 80 亿人里，能跟你完全对上的，大概是个位数。 没 cookie 也能认出你。 Combine this hash with all the data above: out of 8 billion people, maybe a handful match you exactly. No cookies needed to recognize you next time.

第六件 · 此时此刻 six · right now

不只是开页那一下——你滚一下，它知道；你点一下，它知道；你停在哪儿，它知道。 Not just the moment you opened it. You scroll — it knows. You move — it knows. You pause — it knows.

mouse

—

scroll

—

on page

—

last key

—

clicks

tab focus

—

那个小橙点，是你的鼠标。试着动一下，它在跟你。 That little orange dot is your mouse. Try moving it — it's following you.

收尾 epilogue

这一切—— And all of this —

没用 cookie。没让你登录。没弹出任何"是否同意"的窗。
就是一个普通网页，浏览器照规矩办事。 without a single cookie. Without logging in. Without any "do you consent" popup.
Just a plain web page. The browser doing exactly what it's spec'd to do.

真正的广告商和分析平台拿到的，比这只多不少：包括你的字体列表、浏览过的 URL 模式、滑动节奏、按键间隔…… What real ad networks and analytics get is more, not less: your installed fonts, scroll cadence, keystroke timings, browsing patterns…

* 这页所有数据都只留在你浏览器里——除了你的 IP，因为服务器必须知道往哪儿回包。
* 想躲？开无痕、用 Tor、关 JS、装 Brave、戴口罩。
* 但躲不完。 * All data here stays in your browser. Except your IP — the server needs to send you a reply.
* Want to hide? Use incognito, Tor, disable JS, install Brave.
* You can't hide all the way.