Ainode Privacy Glossary · Auditor: Tomás Maria Vaz de Noronha
The term forensic implies that the audit follows reproducible rules, captures evidence (PCAPs) that survives scrutiny, and produces conclusions a third party could re-verify with the same dataset. This contrasts with self-attestation (vendor privacy policy) and with surface-level network monitoring (which often misses TLS-encrypted payload flows).
Pass 1: DNS resolution capture — every domain queried during 72 hours of usage, mapped to hosting country. Pass 2: Traffic surveillance — full PCAP of every packet, with TLS metadata + payload sizes + timing. Pass 3: 6-dimension classification — disclosure transparency, data minimisation, geographic risk, encryption hygiene, third-party leakage, account dependency. Final score: 0-100 (lower is better) + tier classification. See /methodology for the full procedure.
A forensic network audit shows where data goes during the capture window, not what happens to it afterwards. It cannot prove what the manufacturer does with the data once it lands on their server. It can only verify the network-layer flow. Combined with the vendor's privacy policy, however, it gives a far stronger evidence base than either alone.