FormerLab, a self-described open-source intelligence collective, published shadow-fleet-tracker-light — a locally run monitoring tool that cross-references more than 1,200 vessels against live Baltic Sea Automatic Identification System (AIS) data, flagging those that approach undersea cables or display sanctions-evasion behaviour. The project is available on GitHub under an MIT licence. Author details were not available at time of publication.
- Tracks 1,200+ vessels drawn from the Ukrainian GUR War & Sanctions catalogue against a live AISStream WebSocket feed
- Triggers proximity alerts when a monitored vessel comes within 10 kilometres of a mapped undersea cable segment
- Detects loitering (vessels slow or stationary for 20+ minutes) and Russia-to-West transshipment patterns within a 21-day rolling window
- Runs entirely on local hardware with no cloud dependency; requires only a free AISStream API key
What Happened
FormerLab released shadow-fleet-tracker-light as a free tool that monitors Baltic Sea vessels associated with Russia-linked trade networks by cross-referencing a live AIS data stream against the Ukrainian GUR War & Sanctions catalogue — a publicly maintained registry of more than 1,200 vessels — and alerting when those vessels approach mapped undersea cable routes or display known sanctions-evasion patterns.
The repository carries an MIT licence and has accumulated 39 stars on GitHub. FormerLab describes its mission in the README as building “open, privacy-first tools on old hardware with no VC backing” as part of what it calls a “sovereign intelligence toolchain,” positioning the tracker as a civilian-accessible alternative to commercial maritime surveillance products that typically require paid subscriptions.
Why It Matters
Baltic Sea undersea infrastructure — gas pipelines and fibre-optic data cables — has sustained multiple unexplained incidents since 2023, and shadow fleet monitoring has simultaneously become a priority for governments enforcing Russian oil sanctions, creating demand for civilian-accessible tracking tools that operate without government data access or commercial licences.
In October 2023, the Balticconnector gas pipeline between Finland and Estonia was damaged; Finnish and Estonian authorities attributed the incident to anchor dragging by a passing vessel. A series of data cable outages followed in 2024 and 2025, prompting NATO to increase naval patrols in the region. Tools that provide open visibility into vessel movements near this infrastructure represent a growing category of civil-society monitoring capability.
Technical Details
Shadow-fleet-tracker-light stores its vessel watchlist as Maritime Mobile Service Identity (MMSI) numbers in a local SQLite database (Vessels1.db) and cross-references each entry against AIS position reports pulled in real time from the AISStream WebSocket API, updating a browser-accessible map every three minutes while writing all position records back to the database for offline analysis.
Cable proximity detection relies on two KML geometry files — cables.kml and filtered_cables.kml — encoding the routes of Baltic undersea cables. An alert fires when a tracked vessel’s reported position falls within 10 kilometres of a cable segment. The dedicated loitering module (loitering_module.py) flags vessels that remain at low speed or stationary for 20 consecutive minutes or more within a defined geographic area.
The transshipment module (transshipment_module.py) identifies a specific sanctions-evasion pattern: a vessel that logs a port call in Russia and then docks at a Western hub within 21 days. That window reflects the approximate transit time for cargo moving between Russian Baltic ports and northern European terminals. The system also performs warm restarts, pre-populating the map with last known positions from the local database on launch rather than waiting for fresh AIS pings.
Map popups expose vessel metadata including MMSI, IMO number, flag state, speed, heading, and stated destination. Each popup links to MarineTraffic, VesselFinder, and the War & Sanctions database for cross-reference, and displays each vessel’s OpenSanctions designation status inline.
Who’s Affected
Researchers, investigative journalists, and civil society organisations focused on sanctions compliance are the tool’s most likely users — groups that rely on open-source methods and typically lack the budgets required for commercial maritime intelligence platforms offering equivalent AIS aggregation, alerting, and historical track replay at scale.
Infrastructure operators with assets in the Baltic — cable owners, pipeline operators, and port authorities — may find the 10-kilometre proximity alert functionality useful as a supplementary layer, though the tool is designed for research and monitoring rather than operational incident response.
What’s Next
As of early April 2026, shadow-fleet-tracker-light has seven commits on its main branch, no open issues or pull requests, and no published development roadmap, placing it at an early stage that has not yet undergone broad community review or formal versioning.
The tracker depends on AISStream’s free API tier; users monitoring vessel counts at or above the current 1,200-vessel watchlist at high query frequencies should verify whether free-tier rate limits affect data completeness. Installation scripts are provided for Windows (start.bat, start.ps1), Linux, and macOS (start.sh).
Related Reading
- Ente Launches Ensu, a Free Open-Source On-Device LLM App
- Miasma: Open-Source Rust Tool Traps AI Scrapers in Poisoned Data Loop
- US Advisory Body Warns China Open-Source AI Strategy Creates Self-Reinforcing Advantage Over American Labs
- Open-Source ATLAS System on a $500 GPU Outperforms Claude Sonnet on Coding Benchmarks
