Analysis runs entirely in this browser tab. There is no upload - no server ever sees your file.

Verify it yourself - no trust required

  1. Load this page.
  2. Turn on Airplane Mode (or unplug your network).
  3. Run your scan. Everything still works, because the analysis is a WebAssembly program running inside this tab.

You can also open your browser's developer tools on the Network panel during a scan: the only requests this page ever makes are downloads of public indicator lists - your file is never in any request. The page's security policy (CSP) forbids connections to anywhere else.

Drop your sysdiagnose file here

a file named like sysdiagnose_2026.07.07_…​.tar.gz

No file yet? See what results look like: ·

How to capture a sysdiagnose on your iPhone (no computer skills needed)
  1. Trigger it: press and hold both volume buttons and the side button together for about 1 to 1.5 seconds, then release. You should feel a short vibration. If the power-off slider appears, you held too long: cancel and try a shorter press. If you felt no vibration, don't worry; continue with the next steps, and if no file appears, simply press the buttons again.
  2. Wait 10 to 15 minutes. Your iPhone gathers diagnostics in the background; you can keep using it normally. Older phones take longer, so give it the full time before deciding it didn't work.
  3. Find the file: open Settings → Privacy & Security → Analytics & Improvements → Analytics Data. The list is long and alphabetical: scroll near the bottom, past hundreds of routine entries, to the files starting with sysdiagnose_. The right one ends with the date and time you pressed the buttons. Tap it.
  4. Send it to your computer: tap the share icon in the top corner. On a Mac, AirDrop it and it will land in Downloads. On Windows, choose Save to Files, pick iCloud Drive, then download it from icloud.com on the computer. The file is large (usually 200 to 400 MB), so the transfer can take a few minutes.
  5. Drop it above. The analysis runs on your own computer and usually finishes in well under two minutes.

What Trace is - and is not

Trace inspects three artifacts inside an iPhone sysdiagnose - the shutdown log, crash logs, and process listings - and compares them against public indicators of compromise published by Amnesty International's Security Lab and the Mobile Verification Toolkit indicator collection (Citizen Lab, Kaspersky, Google, Microsoft, and others). These artifacts are where several known implants, including Pegasus, have left visible traces.

A "no matches" result is not a clean bill of health. It means no known implant left known traces in the artifacts this tool reads. Spyware not yet publicly documented, or traces that live elsewhere (browsing history, message databases, network records), would not be found. If your risk is real - you are a journalist, activist, lawyer, or targeted person - treat this tool as a first look, not a verdict, and talk to the experts linked in every result.

Trace does not monitor in real time, cannot remove anything, and does not support Android yet. It inherits the time lag of public threat intelligence: commercial tools with private telemetry may know about newer indicators sooner. That is the honest trade for a tool you never have to trust with your data.