[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-73602":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":40,"readmeContent":41,"aiSummary":42,"trendingCount":16,"starSnapshotCount":16,"syncStatus":43,"lastSyncTime":44,"discoverSource":45},73602,"device-activity-tracker","gommzystudio\u002Fdevice-activity-tracker","gommzystudio","A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp \u002F Signal)","",null,"TypeScript",4985,688,62,19,0,6,11,41,18,82.11,"Other",false,"master",true,[27,28,29,30,31,32,33,34,35,36,37,38,39],"baileys","exploit","messenger","nodejs","phone-number","poc","privacy","react","signal","tracking","typescript","vulnerability","whatsapp","2026-06-12 04:01:10","\u003Ch1 align=\"center\">Device Activity Tracker\u003C\u002Fh1>\n\u003Cp align=\"center\">WhatsApp & Signal Activity Tracker via RTT Analysis\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FNode.js-20+-339933?style=flat&logo=node.js&logoColor=white\" alt=\"Node.js\"\u002F>\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FTypeScript-5.0+-3178C6?style=flat&logo=typescript&logoColor=white\" alt=\"TypeScript\"\u002F>\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FReact-18+-61DAFB?style=flat&logo=react&logoColor=black\" alt=\"React\"\u002F>\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-yellow.svg\" alt=\"License MIT\"\u002F>\n\u003C\u002Fp>\n\n> ⚠️ **DISCLAIMER**: Proof-of-concept for educational and security research purposes only. Demonstrates privacy vulnerabilities in WhatsApp and Signal.\n\n## Overview\n\nThis project implements the research from the paper **\"Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers\"** by Gabriel K. Gegenhuber, Maximilian Günther, Markus Maier, Aljosha Judmayer, Florian Holzbauer, Philipp É. Frenzel, and Johanna Ullrich (University of Vienna & SBA Research).\n\n**What it does:** By measuring Round-Trip Time (RTT) of WhatsApp message delivery receipts, this tool can detect:\n- When a user is actively using their device (low RTT)\n- When the device is in standby\u002Fidle mode (higher RTT)\n- Potential location changes (mobile data vs. WiFi)\n- Activity patterns over time\n\n**Security implications:** This demonstrates a significant privacy vulnerability in messaging apps that can be exploited for surveillance.\n\n## Example\n\n![WhatsApp Activity Tracker Interface](example.png)\n\nThe web interface shows real-time RTT measurements, device state detection, and activity patterns.\n\n## Installation\n\n```bash\n# Clone repository\ngit clone https:\u002F\u002Fgithub.com\u002Fgommzystudio\u002Fdevice-activity-tracker.git\ncd device-activity-tracker\n\n# Install dependencies\nnpm install\ncd client && npm install && cd ..\n```\n\n**Requirements:** Node.js 20+, npm, WhatsApp account\n\n## Usage\n\n### Docker (Recommended)\n\nThe easiest way to run the application is using Docker:\n\n```bash\n# Copy environment template\ncp .env.example .env\n\n# (Optional) Customize ports in .env file\n# BACKEND_PORT=3001\n# CLIENT_PORT=3000\n\n# Build and start containers\ndocker compose up --build\n```\n\nThe application will be available at:\n- Frontend: [http:\u002F\u002Flocalhost:3000](http:\u002F\u002Flocalhost:3000) (or your configured `CLIENT_PORT`)\n- Backend: [http:\u002F\u002Flocalhost:3001](http:\u002F\u002Flocalhost:3001) (or your configured `BACKEND_PORT`)\n\nTo stop the containers:\n```bash\ndocker compose down\n```\n\n### Manual Setup\n\n#### Web Interface\n\n```bash\n# Terminal 1: Start backend\nnpm run start:server\n\n# Terminal 2: Start frontend\nnpm run start:client\n```\n\nOpen `http:\u002F\u002Flocalhost:3000`, scan QR code with WhatsApp, then enter phone number to track (e.g., `491701234567`).\n\n### CLI Interface (only WhatsApp)\n\n```bash\nnpm start\n```\n\nFollow prompts to authenticate and enter target number.\n\n**Example Output:**\n\n```\n╔════════════════════════════════════════════════════════════════╗\n║ 🟡 Device Status Update - 09:41:51                             ║\n╠════════════════════════════════════════════════════════════════╣\n║ JID:        ***********@lid                                    ║\n║ Status:     Standby                                            ║\n║ RTT:        1104ms                                             ║\n║ Avg (3):    1161ms                                             ║\n║ Median:     1195ms                                             ║\n║ Threshold:  1075ms                                             ║\n╚════════════════════════════════════════════════════════════════╝\n```\n\n- **🟢 Online**: Device is actively being used (RTT below threshold)\n- **🟡 Standby**: Device is idle\u002Flocked (RTT above threshold)\n- **🔴 Offline**: Device is offline or unreachable (no CLIENT ACK received)\n\n## How It Works\n\nThe tracker sends probe messages and measures the Round-Trip Time (RTT) to detect device activity. Two probe methods are available:\n\n### Probe Methods\n\n| Method | Description                                                                                                     |\n|--------|-----------------------------------------------------------------------------------------------------------------|\n| **Delete** (Default) | Sends a \"delete\" request for a non-existent message ID.                                                         |\n| **Reaction** | Sends a reaction emoji to a non-existent message ID. |\n\n### Detection Logic\n\nThe time between sending the probe message and receiving the CLIENT ACK (Status 3) is measured as RTT. Device state is detected using a dynamic threshold calculated as 90% of the median RTT: values below the threshold indicate active usage, values above indicate standby mode. Measurements are stored in a history and the median is continuously updated to adapt to different network conditions.\n\n### Switching Probe Methods\n\nIn the web interface, you can switch between probe methods using the dropdown in the control panel. In CLI mode, the delete method is used by default.\n\n## Common Issues\n\n- **Not Connecting to WhatsApp**: Delete the `auth_info_baileys\u002F` folder and re-scan the QR code.\n\n## Project Structure\n\n```\ndevice-activity-tracker\u002F\n├── src\u002F\n│   ├── tracker.ts         # WhatsApp RTT analysis logic\n│   ├── signal-tracker.ts  # Signal RTT analysis logic\n│   ├── server.ts          # Backend API server (both platforms)\n│   └── index.ts           # CLI interface\n├── client\u002F                # React web interface\n└── package.json\n```\n\n## How to Protect Yourself\n\nThe most effective mitigation is to enable “Block unknown account messages” in WhatsApp under\nSettings → Privacy → Advanced.\n\nThis setting may reduce an attacker’s ability to spam probe reactions from unknown numbers, because WhatsApp blocks high-volume messages from unknown accounts.\nHowever, WhatsApp does not disclose what “high volume” means, so this does not fully prevent an attacker from sending a significant number of probe reactions before rate-limiting kicks in.\n\nDisabling read receipts helps with regular messages but does not protect against this specific attack. As of December 2025, this vulnerability remains exploitable in WhatsApp and Signal.\n\n## Ethical & Legal Considerations\n\n⚠️ For research and educational purposes only. Never track people without explicit consent - this may violate privacy laws. Authentication data (`auth_info_baileys\u002F`) is stored locally and must never be committed to version control.\n\n## Citation\n\nBased on research by Gegenhuber et al., University of Vienna & SBA Research:\n\n```bibtex\n@inproceedings{gegenhuber2024careless,\n  title={Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers},\n  author={Gegenhuber, Gabriel K. and G{\\\"u}nther, Maximilian and Maier, Markus and Judmayer, Aljosha and Holzbauer, Florian and Frenzel, Philipp {\\'E}. and Ullrich, Johanna},\n  year={2024},\n  organization={University of Vienna, SBA Research}\n}\n```\n\n## License\n\nMIT License - See LICENSE file.\n\nBuilt with [@whiskeysockets\u002Fbaileys](https:\u002F\u002Fgithub.com\u002FWhiskeySockets\u002FBaileys)\n\n---\n\n**Use responsibly. This tool demonstrates real security vulnerabilities that affect millions of users.**\n\n\n## Star History\n\n[![Star History Chart](https:\u002F\u002Fapi.star-history.com\u002Fsvg?repos=gommzystudio\u002Fdevice-activity-tracker&type=date&legend=top-left)](https:\u002F\u002Fwww.star-history.com\u002F#gommzystudio\u002Fdevice-activity-tracker&type=date&legend=top-left)\n","Device Activity Tracker 通过分析WhatsApp和Signal消息的往返时间（RTT）来检测设备的活动状态。该项目利用TypeScript编写，结合Node.js和React构建，能够识别设备是否处于活跃、待机或离线状态，并能推测出用户的潜在位置变化和活动模式。它适合用于隐私安全研究和教育目的，揭示了即时通讯应用中存在的隐私漏洞。通过测量消息传递的时间差，研究人员可以监控用户的设备使用情况，这为理解和防范相关安全威胁提供了重要参考。",2,"2026-06-11 03:46:22","high_star"]