"Anonymous" is a claim, not a feature. Many sites that call themselves anonymous don't require sign-up but still load Google Analytics, Meta Pixel, AppNexus, Chartbeat, and a long tail of audience-measurement vendors that profile you across the web regardless of whether you typed an email at the door. The combination of "no sign-up" and "no tracker stack" is what we mean when we say WeSearch is genuinely anonymous.
This page is the verifiable, technical version of the anonymity claim — what's actually in the request layer, what's in the response, what's in browser storage, and what we have on the server.
What the request layer looks like
Open DevTools on any WeSearch page and watch the Network tab during a load. You will see HTML, CSS, JS, fonts, and (on story pages) an OG image proxied through our origin. You will not see any of the following: google-analytics.com, googletagmanager.com, connect.facebook.net, doubleclick.net, chartbeat.com, quantserve.com, scorecardresearch.com, amazon-adsystem.com, criteo.com, appnexus.com, pubmatic.com, rubiconproject.com, openx.net, bidswitch.net, casalemedia.com, contextweb.com, mathtag.com, adnxs.com, everesttech.net, tapad.com, krxd.net, or any of the dozens of other vendors that fire on a typical news site.
What the response layer looks like
Look at HTTP response headers on any WeSearch page. Cache-Control, Content-Type, Content-Encoding — that's what's there. You won't see Set-Cookie: __ga=..., you won't see Set-Cookie: _fbp=..., you won't see Set-Cookie: __qca=..., and you won't see any cookie at all that survives a tab close on a fresh visit.
What's in localStorage
On your first reaction or comment, the site writes a single key: your local API key (32 bytes of random hex). It also writes small UI preferences (last category picked, tour-completed flag, BYOK keys you entered). None of these get sent to our server except the API key in the Authorization header. Inspect with DevTools → Application → Local Storage → wesearch.press.
What we have server-side
For each reaction or comment you post: a hash of your API key (which we cannot reverse), the URL, and the body or reaction code. For each push subscription: an opaque endpoint id from the browser vendor's push server, again tied to a hashed key. For story view counts: aggregate integer counters per story, not per-user. For server access: standard rotated logs with IP, user-agent, and request path, kept 30 days.
Why this is rare
Most news sites would lose their primary revenue stream (advertising) if they removed the third-party tracker stack, because the auction layer behind display ads requires those vendors to be in the request path. WeSearch is funded by community donations instead of advertising, which means we can run without the tracker stack at all. Not because we're more virtuous; because we picked a funding model that doesn't require it.
Anonymity in the comment layer
Comments appear under a generated handle ("Plain Loom 638"). Two people who comment on the same story have no way to tell whether the other person is one of their friends, a coworker, or a stranger. The platform doesn't have that information either; we have a hashed key, not an identity. Full anonymity stance.