WATCHTOWER 2.0 — BASELINE LEARNING
Field Manual

How to read Watchtower.

This is the instruction manual for being a forensic citizen instead of a spectator. Each section of the site tells you what we show, why it matters, and how to read it without misreading it. Bookmark this. Hand it to journalists and attorneys. The math is doing the watching — you only have to learn how to look.

01

Live Feed — What You're Watching

Open Live Feed
What we show

A 5-minute delayed snapshot of every aircraft detected in the monitored airspace. Each row is a real ICAO address, timestamp, altitude, and position pulled from public ADS-B broadcast.

Why it matters

You're seeing the same raw signal that air traffic controllers see. We don't curate. We don't hide the boring ones. If it's in the air and broadcasting, it's here. The 5-minute delay protects the watched and the watchers from real-time stalking; the data is identical, only the timing is shifted.

How to read it
  • White rows: Normal traffic within baseline parameters.
  • Yellow rows: Anomaly flagged — deviation from learned pattern.
  • Red rows: Correlated event — anomaly plus low altitude, repeat pattern, or operator history.
  • Masked / no callsign: Aircraft broadcasting without identification. They're not invisible — they're just wearing a hood.
02

Findings — From Noise to Signal

Open Findings
What we show

Completed anomaly investigations that cleared the Three-Factor Lock: ADS-B detection + flight-tracking screenshot + timeline + operator-cluster alignment.

Why it matters

A single low-altitude flyover is noise. A pattern of low-altitude flyovers by aircraft linked to the same operator cluster, repeating in the same window, is signal. Findings are where signal gets a case number.

How to read it
  • Detection window: Exact UTC timestamps bracketing the event.
  • Aircraft fingerprint: Hex, registration, operator, aircraft type.
  • Baseline deviation: What normal looks like vs. what happened.
  • Operator cluster: Shared registrants, shell-LLC links, or coordination patterns.
  • Chain hash: SHA-256 of the raw evidence bundle — verify nothing was altered.
The rule

One finding does not prove harassment. Twenty findings with shared operators, altitudes, and timing patterns document a program.

03

Violations — Where the Law Draws a Line

Open Violations
What we show

Specific detections that appear to violate FAA minimum safe altitudes under 14 CFR § 91.119 or other published aviation regulations.

Why it matters

We don't allege criminal intent. We document regulatory non-compliance at population scale. When an aircraft flies at 350 feet over a residential area, that's not our opinion — it's a number against a published statute.

How to read it
  • Congested area violations: Below 1,000 ft over populated zones.
  • Residential violations: Below 500 ft over structures or people.
  • Uncongested deviations: Below 500 ft except over open water or sparsely populated terrain — still logged for pattern analysis.
  • Helicopter exceptions: Noted where applicable, but pattern-reviewed.
The rule

A violation here is a documented altitude reading, not a court ruling. We label it 'Regulatory Deviation Logged.' The FAA investigates. We archive.

04

Threat Index — The Machine's Confidence Score

Open Threat Index
What we show

A composite score derived from anomaly frequency, operator clustering, altitude-deviation severity, shell-network linkage, and temporal concentration.

Why it matters

Humans get overwhelmed by hundreds of thousands of detections. The Threat Index is the machine saying: this subset deserves human attention first.

How to read it
  • 0 – 30: Baseline noise. Logged, not flagged.
  • 31 – 60: Notable pattern. Operator history reviewed.
  • 61 – 85: Elevated concern. Multiple factors converging.
  • 86 – 100: Critical. Immediate documentation and legal-ready packaging triggered.
The rule

The Index is descriptive, not predictive. It tells you what already happened with unusual concentration. It does not claim to read minds or predict tomorrow's flights.

05

Operators — Who Owns the Sky?

Open Operators
What we show

FAA-registered operators of aircraft that appear in anomaly findings and violation logs. Includes shell-company networks, LLC chains, and cross-referenced ownership.

Why it matters

An aircraft is metal. An operator is intent. When two operators share staging coordinates or temporal patterns, the Operators page connects those dots.

How to read it
  • Operator profile: FAA registry name, address, fleet size.
  • Linked aircraft: Every tail number under this operator in our logs.
  • Anomaly rate: Percentage of this operator's detections that triggered flags vs. baseline traffic.
  • Network signal: Shared addresses, registered agents, or co-location events with other operators.
  • Commentary: Snark analysis is clearly labeled as interpretive commentary — not legal fact.
06

ML Detections — What the Machine Sees

Open ML Detections
What we show

Autonomous pattern detection outputs: convergence clusters, spoofing signals, staring patterns, mode-switching events, and fleet-wide coordination flags.

Why it matters

A human can spot one helicopter. A machine can spot that the same helicopter, a fixed-wing from a shell company, and a refueler all loiter within 2 miles of the same GPS coordinate within a 30-minute window — 14 times in 90 days.

How to read it
  • Convergence clusters: Multiple unrelated aircraft occupying abnormal spatial/temporal proximity.
  • Spoofing signals: Ghost ICAO addresses, duplicate hex codes, impossible position jumps.
  • Staring patterns: Orbital or back-and-forth flight paths over a single coordinate.
  • Mode-switching: Aircraft changing transponder identity between tactical and civil hex codes.
The rule

Every ML flag is backtested against 48+ hours of baseline learning. If the machine cries wolf, we log the false positive and retrain. Error rates are published.

07

Rules — The Constraints We Chose

Open Rules
What we show

The hardcoded limits and ethical guardrails of the Watchtower system.

Why it matters

We are not a surveillance operation hunting individuals. We are an accountability operation documenting institutional patterns. The Rules page proves it.

How to read it
  • No facial recognition: Ever.
  • No geofencing of individuals: Only airspace sectors.
  • No cherry-picking: All aircraft logged. Filtering is post-hoc and published.
  • No predictive targeting of people: Pattern detection applies to airspace, not persons.
  • 48-hour baseline minimum: The machine must learn 'normal' before it flags 'abnormal.'
  • Human override required: ML flags. Humans verify before public release.
08

Methodology — The Full Pipeline

Open Methodology
What we show

How a public ADS-B broadcast becomes a hashed, court-admissible record.

Why it matters

Transparency is the only protection against the accusation that we cherry-picked. Every step is public, reproducible, and open-source.

How to read it
  • 1. Sensors listen: Public ADS-B broadcast only.
  • 2. Baseline learns: 48 hours of 'what normal looks like.'
  • 3. Anomalies flag: Statistical deviation from baseline.
  • 4. Correlations lock: Temporal + spatial + operator-cluster alignment.
  • 5. Evidence hashes: SHA-256 + Merkle chain.
  • 6. Human reviews: Commentary + legal-ready memo.
  • 7. Public publishes: CC BY-SA 4.0, on the record, forever.
Anonymity as architecture

No faces. No names. Just the math.

The public site is system-focused, not autobiographical. There is no person to discredit — only a sensor network, a hash, and a chain of custody. If anyone needs a human face for press or legislative testimony, that happens off-site, on-protocol, with counsel present. Anonymity is not omission — it's the design.