How does this page prove files never leave my device?

It actually attempts a real network request to a third-party origin from your browser, then reports the true outcome. On the production site the browser's Content-Security-Policy (connect-src 'self' blob: data:) blocks the request before it leaves your machine, and the page shows the blocking event. Nothing is faked — if the request did go out, the page would say so.

What is connect-src 'self'?

connect-src is the Content-Security-Policy directive that controls where the page may open network connections (fetch, XHR, WebSocket, sendBeacon). 'self' means only this same origin is allowed, so the browser refuses any connection to a third-party server — which is what makes off-origin exfiltration impossible from forensics and file-processing tools.

// live transparency demo

watch the data fail to leave

“files never leave your device” is a claim. this page makes it a test you can run yourself. press the button and your browser will actually try to contact a third-party server — then show you the browser refusing, the live policy that refused it, and what that means.

1 · run the test

this will attempt a genuine network request from your browser to https://example.com/ — a different origin than fatcousin. on the production site the browser blocks it. you can also watch it in your dev-tools network tab.

no request attempted yet. the result you see below will be the real outcome — nothing is pre-canned.

2 · the policy in force right now

read live from the actual http response header of this page — not a stored copy. this is the rule the browser is enforcing this second:

reading the response header…

3 · what this proves (and what it doesn't)

it proves egress is blocked at the browser, not just promised. the content-security-policy is enforced by your browser's engine — it does not depend on us behaving. even if our code tried to phone home, the browser would refuse the connection.
forensics and file-processing tools run under the strict tier. their connect-src is 'self' blob: data: — no third party reachable. a handful of explicitly networked tools (lookups, p2p, map tiles) use a looser, named-host tier; those are the documented exceptions, never the file tools.
it is a transparency demo, not a court exhibit. it shows the policy your browser received. for cryptographic proof of which code ran, see the signed bundle provenance.

/provenance →verify the exact code that loaded was signed by fatcousin and not tampered with./formats →the open .fc-* file formats — your data stays in portable files you control.

1 · run the test

no request attempted yet. the result you see below will be the real outcome — nothing is pre-canned.

3 · what this proves (and what it doesn't)

it proves egress is blocked at the browser, not just promised. the content-security-policy is enforced by your browser's engine — it does not depend on us behaving. even if our code tried to phone home, the browser would refuse the connection.

forensics and file-processing tools run under the strict tier. their connect-src is 'self' blob: data: — no third party reachable. a handful of explicitly networked tools (lookups, p2p, map tiles) use a looser, named-host tier; those are the documented exceptions, never the file tools.

it is a transparency demo, not a court exhibit. it shows the policy your browser received. for cryptographic proof of which code ran, see the signed bundle provenance.