/ SHARED THREAT INTELLIGENCE

One person’s detection.
Everyone’s early warning.

When one WifiThreatWatch device confirms an attack, it warns every other one — before they connect. Here’s how a community watches WiFi together: the attacker documented in full, you only ever as a hash.

/ GUARDED COLLECTION

Document the attacker. Hash everything of yours.

A useful warning has to name the threat. So when your device confirms an attack run from a rogue hotspot — the attacker’s hardware, not yours — it reports that access point in full: real network name, hardware address, radio details, and the rough area where it was seen (150 m to 1 km, never an exact position). That’s what lets the next device recognize the same equipment the moment it reappears.

Your own network never gets that treatment. Before anything about it leaves your computer, its identifiers become a one-way hash: a fingerprint that can be matched against other fingerprints, but never turned back into a name. Nearby networks seen during scans cross the same way — hashes only.

Reports are tied to the reporting account for at most 90 days — solely to keep junk out of the database — then permanently anonymized. And no warning ever says who reported what.

The exact fields, word for word, are in the Privacy Policy and Terms (v2026-07-08.2).

YOUR DEVICEOUR SERVERSTHE ATTACKER’S ROGUE APreported as-isFakeCafe_FreeWiFide:ad:be:ef:13:37name · MAC · radioarea ≈ 150 m – 1 kmDOCUMENTED IN FULLYOUR OWN NETWORKHome WiFia4:5e:60:2b:8f:c1ONE-WAY HASHruns on your devicea3f9··c1HASH ONLY — NEVER THE NAME
GUARDED COLLECTIONthe attacker’s rogue AP crosses documented in full — your own network only ever crosses as a hash
About the attacker’s AP

Its real network name (SSID), hardware address (BSSID), channel, band, security mode, hardware vendor, signal data, and a rough area of 150 m–1 km — never an exact position.

About your network — and you

One-way hashes only — its real name and router address never leave your device. Never collected, for anyone: browsing activity, files, exact GPS position.

/ WHAT YOU GET

Three ways the community has your back

Every device runs the same local detectors WifiThreatWatch already ships. Sharing what they confirm turns a single-device tool into a network that warns everyone else — proactively, before the next person is targeted.

01/ BEFORE YOU JOIN

See threats before you connect

When you scan for WiFi, the app checks every network it can see against what the community has flagged. If someone else’s WifiThreatWatch confirmed an evil twin or a spoofing attack on that network, the warning is already waiting in your network list — before you ever tap connect.

Terminal_Free_WiFino reports
Free Airport WiFichecking…
Gate_C_Guestno reports
looked up by hashed fingerprint — and warnings never say who reported them
SEE THREATS BEFORE YOU JOINevery nearby network checked against the shared database — before you tap connect
02/ WHILE YOU’RE ON IT

Watched after you’ve joined, too

Protection doesn’t stop the moment you connect. The app re-checks the network you’re on about every 30 seconds — so if another user’s device flags it after you joined, you’re warned in the app on the next re-check, not the next time you happen to scan.

CoffeeShop_WiFiconnected
00:00
00:30
01:00
RE-CHECKED ~EVERY 30sflagged after you already joined? you’re warned in the app on the next re-check, not at your next scan
03/ WITH EVERY USER

Stronger every time someone joins

This database is young — and we’d rather say so than pretend to a giant catalogue. It grows with the community, and that’s the whole point: every device that joins makes the next warning likelier to already exist when someone needs it. One person’s bad afternoon at a café becomes everyone else’s heads-up.

SHAREDDB1 device sharing · grows with every user
IT COMPOUNDSthe database is young — every device that joins makes the next warning likelier to already be there
/ TWO CHANNELS — EASY TO MIX UP

One database in the cloud. One sentry on your WiFi.

“Shared intelligence” is really two separate systems that never blur together: a global, anonymous database your devices can ask, and a Nano announcing itself on your own network. Neither one ever pushes anything to your other devices — and your alerts never come from either. Keeping the three straight answers most questions about how this works.

SHARED DB · CLOUDSHARED DBguarded attack reportsYOUR DEVICEasks · gets an answer?PULL — IT NEVER RINGS YOUR DEVICESNANO · YOUR WIFINANOLAPTOP“protected by Nano”DESKTOP“protected by Nano”LOCAL — SAME WIFI ONLY, NO CLOUD
TWO CHANNELS, NOT ONEthe cloud database answers questions your device asks · the Nano announces itself only on your own WiFi
CLOUD · GUARDED · PULL

The shared database

A crowd-sourced pool of confirmed attacks. Your devices ask it questions and it answers — that’s the entire relationship. It has no way to ring you, and the warnings it serves never say who reported them.

YOUR WIFI · LOCAL ONLY

Nano discovery

A Nano (in prototype) announces itself on your own network so the app can say “protected by Nano” the moment it opens at home. Same WiFi only, no cloud — it works with the internet down.

ON-DEVICE · ALWAYS

Detection & alerts

Every warning you see comes from your own device — its local detectors and the questions it asked. Nothing remote can pop an alert onto your screen.

/ HOW A WARNING TRAVELS

Up as a fingerprint. Down as an answer.

When your device confirms an attack, the guarded report climbs into a single shared row. Other devices meet it coming the other way: as the answer to a question they asked during their own scan.

That’s the entire route. No broadcast to everyone at the coffee shop, no remote pop-ups, no devices ringing each other. A warning reaches other devices on their next check — the network you’re on is re-checked about every 30 seconds — and every device still runs its own local detectors, so a live attack is usually caught on the spot anyway.

guarded report · no reporter shownanswered — because B askedNEVER DEVICE-TO-DEVICEDEVICE Aattack confirmedSHARED DBone shared rowDEVICE Bwarned on its next scan
NO PUSH, NO BROADCASTa detection climbs into one shared row; the next device finds it only when it asks — devices never message each other
REPORTS COMING IN
PC Acounted
PC A · re-send
PC B
NANO
WHAT EVERYONE READS
⚠ EVIL TWIN · CRITICALcorroborated by 1 deviceone shared row · one warning on your screen
STRONGER, NOT LOUDERevery extra reporter raises one shared count — it never multiplies the warnings on your screen
/ MANY REPORTERS, ONE VERDICT

Corroboration, not spam

If ten devices catch the same evil twin, the database doesn’t hold ten screaming entries — it holds one verdict, corroborated by ten. Extra witnesses make the flag more trustworthy, not louder. A device re-sending the same report is counted once.

And alerts stay local: your device warns you once, from its own checks, and won’t re-nag you about the same flagged network every half-minute.

/ WHAT IT IS — AND ISN’T

A warning system, honestly framed

The fastest way to lose your trust would be to overstate this. So here’s exactly what it does and doesn’t do.

IT WARNS — IT DOESN’T BLOCK

A flag tells you what the community has seen so you can decide. The app won’t silently stop you from connecting to anything.

EVERY COPY CONTRIBUTES

Reporting confirmed attacks is a required part of the free app — it cannot be turned off. The database only exists because every device that catches an attack says so; that’s the deal, stated plainly.

A FLAG ISN’T A VERDICT ON THE PLACE

Attacks happen at coffee shops, not because of them. A flag means “an attack was confirmed here recently” — a reason for caution, not a condemnation.

IT’S EARLY ACCESS

We’re building this with the first wave of users. The database is new and grows with every person who joins.

/ AND WHEN THINGS GO WRONG

Built to fail safe

A shared system is only as trustworthy as its worst day. These are the boring guarantees that hold when the network is down, a client misbehaves, or someone tries to feed the database junk.

OFFLINE OR SIGNED OUT
Lookups quietly return nothing and the scan carries on. Reputation is advisory — it never gates your connection.
DUPLICATE REPORTS
A device re-sending the same report is counted once, so corroboration numbers stay honest.
GARBAGE REPORTS
The server accepts only known attack types and well-formed fingerprints. Anything else is rejected, not stored.
IDENTIFIERS IN THE WRONG LANE
Real names and hardware addresses are accepted only where they belong — the attacker’s access point. A report that carries them anywhere else is stripped, so the hash-your-network contract holds even against a buggy client.
/ YOUR QUESTIONS, ANSWERED

The four questions everyone asks

They all come down to the same worry: does this thing broadcast? It doesn’t. Devices ask; nothing pushes.

LOCAL · NO CLOUD

How would the app know a Nano is on my WiFi?

The Nano (still in prototype) announces itself on your home network, and the app listens for that announcement — so the moment you open it at home, it can show “protected by Nano.” That’s same-WiFi-only and needs no internet. It’s a completely separate channel from the shared database, which serves warnings without reporter identities and couldn’t tell you a Nano is nearby even if it wanted to.

NO PUSH

If a Nano catches something, does it send it to all my PCs?

No. Like the app, it contributes a guarded report to the shared database — it doesn’t message anybody’s computer. Your other devices learn about it the next time they ask: for a network they’re currently on, that’s about every 30 seconds. A paired computer on the same WiFi can also read the Nano’s own log directly — but that’s still your device asking, on demand.

NO BROADCAST

When one PC detects an attack, does it notify every other PC on that WiFi?

There’s no device-to-device messaging at all — devices never ring each other. The detection travels up to the shared database and appears on other devices when they next check. And every device still runs its own local detectors, so in a live attack each one usually catches it on its own within seconds anyway.

NO STORM

If every device catches the same attack, do I get buried in alerts?

No — two layers prevent it. In the shared database, extra reporters raise a corroboration count on one verdict; they don’t multiply entries. And on your screen, alerts only ever come from your own device — one attack, one warning — and it won’t re-nag you about the same flagged network every half-minute.

NANO
managed radio · stays connected
monitor radio · sniffs the air
LOCAL ATTACK HISTORY
02:14⚑ ARP_SPOOF
02:11✓ clear
01:47⚑ ROGUE_DHCP
01:32✓ clear
00:58⚑ DEAUTH
🛡 advertises “Nano-protected” on your LAN
WIFITHREATWATCH NANOa headless sensor running the same detectors 24/7 — even when your PC is asleep
/ AROUND THE CLOCK

Eyes that never blink

Today the community’s eyes are the devices running the app. On our workbench: the WifiThreatWatch Nano, a small always-on sensor that would watch your home network 24/7 — even with every laptop in the house asleep — and feed the same shared intelligence. It’s in prototype, not yet for sale.

See what’s on the workbench →

Every device makes it stronger.
Join the early access.