←back to thread

Show HN: Local Privacy Firewall-blocks PII and secrets before ChatGPT sees them

(github.com)
111 points arnabkarsarkar | 7 comments | 09 Dec 25 16:10 UTC | HN request time: 1.319s | source | bottom

OP here.

I built this because I recently caught myself almost pasting a block of logs containing AWS keys into Claude.

The Problem: I need the reasoning capabilities of cloud models (GPT/Claude/Gemini), but I can't trust myself not to accidentally leak PII or secrets.

The Solution: A Chrome extension that acts as a local middleware. It intercepts the prompt and runs a local BERT model (via a Python FastAPI backend) to scrub names, emails, and keys before the request leaves the browser.

A few notes up front (to set expectations clearly):

Everything runs 100% locally. Regex detection happens in the extension itself. Advanced detection (NER) uses a small transformer model running on localhost via FastAPI.

No data is ever sent to a server. You can verify this in the code + DevTools network panel.

This is an early prototype. There will be rough edges. I’m looking for feedback on UX, detection quality, and whether the local-agent approach makes sense.

Tech Stack: Manifest V3 Chrome Extension Python FastAPI (Localhost) HuggingFace dslim/bert-base-NER Roadmap / Request for Feedback: Right now, the Python backend adds some friction. I received feedback on Reddit yesterday suggesting I port the inference to transformer.js to run entirely in-browser via WASM.

I decided to ship v1 with the Python backend for stability, but I'm actively looking into the ONNX/WASM route for v2 to remove the local server dependency. If anyone has experience running NER models via transformer.js in a Service Worker, I’d love to hear about the performance vs native Python.

Repo is MIT licensed.

Very open to ideas suggestions or alternative approaches.

Show context
postalcoder ◴[11 Dec 25 14:08 UTC] No.46231530[source]
Very neat, but recently I've tried my best to reduce my extension usage across all apps (browsers/ide).

I do something similar locally by manually specifying all the things I want scrubbed/replaced and having keyboard maestro run a script on my system keyboard whenever doing a paste operation that's mapped to `hyperkey + v`. The plus side of this is that the paste is instant. The latency introduced by even the littlest of inference is enough friction to make you want to ditch the process entirely.

Another plus of the non-extension solution is that it's application agnostic.

replies(2): >>46231627 #>>46233200 #
1. bjord ◴[11 Dec 25 16:12 UTC] No.46233200[source]
out of curiosity, what's the motivation behind trying to reduce your extension usage everywhere?
replies(1): >>46233306 #
2. postalcoder ◴[11 Dec 25 16:19 UTC] No.46233306[source]
Multiple things: 1) extensions are overly permissive, 2) so many of them are sold to shady entities without peep from the developer, and 3) it's never been easier to generate my own tooling.
replies(2): >>46233885 #>>46234187 #
3. bjord ◴[11 Dec 25 16:58 UTC] No.46233885[source]
brutal. I just typed out a much longer response and lost it when my time wasting extension saw the url change (time for a text area cache extension?)

you might find this useful: https://github.com/classvsoftware/under-new-management

my port (and now fork): https://github.com/maxtheaxe/under-new-management-firefox

they currently (PRs are welcome!) only check listing info. mine doesn't route requests through an external (non addon store) server.

a couple PRs are overdue on mine due to linting making the diffs impossible. I'll get to it. (see the wxt-migration branch)

4. sgc ◴[11 Dec 25 17:20 UTC] No.46234187[source]
I just download the extension file, check it out, and install it locally. No worries about future updates until something breaks (doesn't tend to happen).
replies(1): >>46234639 #
5. bjord ◴[11 Dec 25 17:52 UTC] No.46234639{3}[source]
at least on firefox, you can also just disallow automatic updates
replies(1): >>46236575 #
6. sgc ◴[11 Dec 25 20:17 UTC] No.46236575{4}[source]
I want to see the source, and I don't want to worry about future browser changes messing with my settings..
replies(1): >>46241862 #
7. bjord ◴[12 Dec 25 07:54 UTC] No.46241862{5}[source]
fair enough. I'll add that one fantastic use I've found for LLMs is quickly checking the source of a given addon (though obviously this is no replacement for a real audit or finely-grained permissions).

I'd be doing this type of thing a lot more if browsers didn't make it difficult to load unpacked addons (in which case I could be modifying things I didn't like on the fly).