Wintlab is short for Wireless Intelligence Lab. It is a small research unit built around one idea: pulling meaningful intelligence out of the wireless signals already floating around us.

Wintlab is a passive surveillance system that shows how much private information modern devices leak on their own. Phones, tablets, and laptops constantly send out "Probe Requests," small broadcasts asking whether previously saved networks are nearby (for example "Home WiFi" or "Starbucks").

By quietly listening to these requests, Wintlab builds a profile of a device owner without any interaction with them. It runs on a portable #raspberry-pi node and collects enough data to infer travel history, social circles, and even daily habits.

System Architecture

The project has two parts: a field-deployed Physical Device that collects data, and a centralized Backend Server that turns it into a graph.

Physical Device (The Ear)

The collection node is a #raspberry-pi running a stripped-down #arch-linux ARM build. To push the wireless adapter's capture rate as high as possible, the hardware runs past its stock settings.

Overclocking

The default 700 MHz CPU clock could not keep up in dense signal environments. The ARM frequency was raised to 1000 MHz with over_voltage set to 6, enough to handle heavy incoming packet volume in real time.

The scanner is written in #python with #scapy and runs as two parallel processes:

•
Scanner: handles channel hopping (via iwconfig) and raw packet capture.
•
Daemon: compresses the JSON logs and uploads them to the server.

Loading diagram...

Backend (The Brain)

The backend is a #flask web app sitting on top of a #neo4j graph database. A graph fits the data naturally, since it is all about relationships: Person A is linked to Person B because both visited Location C around Time T.

Loading diagram...

Key Capabilities

Wintlab never decrypts traffic. It only reads what devices announce in the open.

Mobility Tracking

The SSIDs a phone looks for reveal where its owner has been. By cross-referencing WiGLE and Wifimap, an SSID like "Tahin Moda" can be resolved into real GPS coordinates.

•
Result: the system tracked a target's movement and found they regularly visited specific restaurants in the Moda district.

Social links are inferred from co-occurrence and shared networks.

•
Co-occurrence: two MAC addresses repeatedly seen together across different places and times probably belong to people who know each other.
•
Shared History: two strangers who both carry the same private company #wifi in their probe lists are likely colleagues.

Habit & Demographics Profiling

#wifi network names give away surprisingly personal details.

•
Social Habits: a device probing for "Tahin Moda," a falafel place, hints that its owner likes vegetarian food.
•
Language Detection: the character sets and words in SSIDs (for example "Fenerbahce" or "ÖmerEren") are a strong signal of the owner's native language.

Field Results

In a field test around Sabanci University and its surroundings, the prototype captured:

•
381,265 total Probe Requests
•
70,700 unique SSIDs

That was enough to build a rough "Map of Life" for random passersby, and a clear demonstration that leaving #wifi on in Active Discovery Mode is a real privacy risk.

Wintlab is short for Wireless Intelligence Lab. It is a small research unit built around one idea: pulling meaningful intelligence out of the wireless signals already floating around us.

System Architecture

The project has two parts: a field-deployed Physical Device that collects data, and a centralized Backend Server that turns it into a graph.

Physical Device (The Ear)

The collection node is a #raspberry-pi running a stripped-down #arch-linux ARM build. To push the wireless adapter's capture rate as high as possible, the hardware runs past its stock settings.

Overclocking

The scanner is written in #python with #scapy and runs as two parallel processes:

•
Scanner: handles channel hopping (via iwconfig) and raw packet capture.
•
Daemon: compresses the JSON logs and uploads them to the server.

Mermaid Diagram

Rendering diagram...

Loading diagram...

Backend (The Brain)

Mermaid Diagram

Rendering diagram...

Loading diagram...

Key Capabilities

Wintlab never decrypts traffic. It only reads what devices announce in the open.

Mobility Tracking

The SSIDs a phone looks for reveal where its owner has been. By cross-referencing WiGLE and Wifimap, an SSID like "Tahin Moda" can be resolved into real GPS coordinates.

•
Result: the system tracked a target's movement and found they regularly visited specific restaurants in the Moda district.

Social links are inferred from co-occurrence and shared networks.

•
Co-occurrence: two MAC addresses repeatedly seen together across different places and times probably belong to people who know each other.
•
Shared History: two strangers who both carry the same private company #wifi in their probe lists are likely colleagues.

Habit & Demographics Profiling

#wifi network names give away surprisingly personal details.

•
Social Habits: a device probing for "Tahin Moda," a falafel place, hints that its owner likes vegetarian food.
•
Language Detection: the character sets and words in SSIDs (for example "Fenerbahce" or "ÖmerEren") are a strong signal of the owner's native language.

Field Results

In a field test around Sabanci University and its surroundings, the prototype captured:

•
381,265 total Probe Requests
•
70,700 unique SSIDs

That was enough to build a rough "Map of Life" for random passersby, and a clear demonstration that leaving #wifi on in Active Discovery Mode is a real privacy risk.

Wintlab

System Architecture

Physical Device (The Ear)

Backend (The Brain)

Key Capabilities

Mobility Tracking

Social Graph Inference

Habit & Demographics Profiling

Field Results

Wintlab

System Architecture

Physical Device (The Ear)

Backend (The Brain)

Key Capabilities

Mobility Tracking

Social Graph Inference

Habit & Demographics Profiling

Field Results