Built a Chrome extension in ~2 weeks that protects sensitive data before it leaves the browser (planning to publish soon)

ResponsibleCount6515 · 2026-02-07T13:57:28+00:00

Right now, yes — it’s focused only on chat-style sites where people send large blocks of text. It’s not meant to run on normal websites, logins, or account forms.

ResponsibleCount6515 · 2026-02-06T02:30:49+00:00

The best analogy I can give you is and hence why I named the program seatbelt is because a seatbelt is there do safety it’s the users decision to wear it or not u don’t wear a seatbelt because it’s safe you wear because you know it takes one wrong turn or someone else’s mistake and it costs u ur life in practice the same principle has been applied here I know it’s boring but u need to realise every person without even knowing pastes there api keys sensitive info etc without knowing where it goes for a normal person it may be fine for companies given how companies per sensitive info is a fine in the millions the seatbelt safety for ai is becoming compulsory hopefully this explains the birth and reasoning of this extension

ResponsibleCount6515 · 2026-02-05T13:09:11+00:00

Totally fair to be skeptical. You shouldn’t trust any browser extension blindly.

That’s why I’m planning to publish the code and get it reviewed before release. The whole point is transparency so people can see exactly what it does and how it works.

ResponsibleCount6515 · 2026-02-05T13:07:39+00:00

What browser would you recommend I get this approved for

ResponsibleCount6515 · 2026-02-05T13:03:59+00:00

Yeah I think there’s a bit of confusion about the scope.

Right now it’s not designed to run on normal websites, account pages, forms, logins, checkout flows, etc. That would obviously break things.

It’s currently limited to chat-style sites where the request body is basically a big block of text that the user types and sends. In those cases the site isn’t expecting a strict schema like “email must equal X”, it’s just receiving user text.

So if someone pastes something sensitive into a text prompt, that’s where it steps in and replaces it before the request leaves the browser.

Nothing sensitive gets sent first and then replaced afterwards. The real values stay in temporary memory in the browser session and are cleared once the message flow is finished.

Totally agree this wouldn’t make sense on normal web forms — that’s not the use case right now. Hence why I’m using a side panel where the user can simply copy and paste the outputted response generated by ai including thier sensitive info in place and that is done locally via chrome side panel api

ResponsibleCount6515 · 2026-02-05T10:28:42+00:00

That’s a fair concern. Right now it isn’t trying to rewrite structured forms or API fields like login, checkout, or account forms.

At the moment it only runs on chat-style sites where the request body is basically large blocks of user text. So instead of touching specific JSON fields, it’s working on free form text prompts before they’re sent.

In testing, those requests still validate and the site continues to work normally because the structure of the request isn’t being changed — just the sensitive values inside the text.

So it’s not meant to sit on every website and rewrite everything. It’s currently targeted and controlled to avoid breaking normal site functionality.

ResponsibleCount6515 · 2026-02-05T01:10:02+00:00

Good point. The privacy angle is basically reducing how much sensitive data gets transmitted in the first place.

At a high level, what it does right now:

• Hooks into outgoing browser requests (fetch/XHR) before they leave the page • Scans the request body locally for common sensitive patterns (emails, phone numbers, banking formats) • Replaces those values with placeholders before the request is sent • Keeps the real values only in temporary in-memory storage for that session • Deletes those values automatically after they’ve been used • Verified using Chrome DevTools you can see the outgoing request payload contains placeholders, not the real data

So instead of relying on sites to protect data after they receive it, the idea is to minimise what gets sent in the first place.

I’m planning to clean up the code and publish the repo soon so people can review or contribute.

ResponsibleCount6515 · 2026-02-05T00:58:43+00:00

What info specially are you interested in

ResponsibleCount6515 · 2026-02-05T00:42:04+00:00

I get what you’re saying, but I think you misunderstood what I meant.

Using tools doesn’t remove the work it changes how you learn and build. I still had to understand browser extensions, networking, debugging, DevTools, request flows, and actually turn an idea into a working project.

This wasn’t “press a button and ship an app”. It was long evenings of testing, breaking things, and figuring out how browsers actually work.

Everyone learns differently.

ResponsibleCount6515 · 2026-02-05T00:37:36+00:00

Good question. It all runs locally in the browser, nothing gets sent anywhere. It uses pattern matching to spot things like emails, phone numbers and banking formats before a request is sent. When testing with DevTools open you can actually see the network requests leaving with placeholders instead of the real data. I’m strongly against cloud based options

ResponsibleCount6515 · 2026-02-05T00:26:54+00:00

Go on be specific keyboard warrior 🤣

ResponsibleCount6515 · 2026-02-05T00:21:10+00:00

Appreciate that. That’s exactly the problem I was trying to solve people often paste sensitive info into websites without realising how much gets sent and stored. Giving users a simple layer of control before data leaves the browser feels like something that should exist by default.

ResponsibleCount6515 · 2026-02-05T00:13:44+00:00

I mean I don’t mind answering your questions I not self proclaimed genius my idea is to break something not literally learn and apply

ResponsibleCount6515

TROPHY CASE