Working on a small browser extension — want quick feedback.
Posted by Extreme-Degree-58@reddit | sysadmin | View on Reddit | 9 comments
Idea: a fully local (offline) tool that masks sensitive data before you send anything to AI tools (ChatGPT, Gemini, etc.).
Key things:
- No backend — nothing leaves your machine
- Users define their own rules (regex / keywords)
- Select text → “Clean” → PII gets masked
- Can also paste text in extension
Extra features I’m exploring:
- Upload PDF → extract text + mask PII
- Upload image → detect text + mask
- Custom rule upload (so it works across industries/countries)
Example:
“John from Acme email is john@gmail.com”
→ “[NAME_1] from [ORG_1] email is [EMAIL_1]”
Questions:
- Would you actually use this?
- Is custom-rule approach better than auto detection?
- PDF/image support useful or overkill?
Looking for blunt feedback
didnthavemuch@reddit
No, PII redaction needs to have an audit trail and cannot be relegated to a tool that users may or may not install/ use.
oppositetoup@reddit
100% this. Needs to be automated, or just use a paid for and private LLM / Self hosted LLM. For the same effect but much more trusted.
Extreme-Degree-58@reddit (OP)
That’s fair. I agree this doesn’t replace enterprise DLP or audit requirements.What I’m building is more for the “last-mile” problem:
Even with policies/tools in place, people still copy-paste data into AI tools manually. That’s hard to fully control.
This is meant as a lightweight, user-side safety layer:
runs locally, lets users clean/redact before sending, no dependency on org rollout.
Not trying to replace audit trails or compliance systems, more of a practical guardrail for day-to-day usage.
Curious if you’ve seen anything that actually solves that “last-mile paste” problem reliably?
oppositetoup@reddit
I get what your saying, but the users that will be the biggest offenders won't use this tool, unless it was org rolled out and enforced and at that point, there are better solutions.
IT departments should be blocking all free AI tools anyway. Force use of approved tools only.
They should also be using DLP tools at the document level to stop copy/paste when required.
jort_catalog@reddit
Why can't people write anything themselves anymore
encrypttwice04@reddit
and i mean it's not wrong, but that's the world we live in no,w people copy-pasting entire codebases into chatgpt without a second thought. the extension isn't about writing, it's about trying to stop the inevitable accidental leak
encrypttwice04@reddit
but the whole point is it's not trying to replace your dlp, it's for the stuff that slips through anyway, and at least it's not a chrome extension phoning home (your threat model still matters though)
WEdaQRSA@reddit
It sounds like your program would be assuming that these services also don't grab every keystroke and input even before you send. That can be too much risk for some organizations.
mumblerit@reddit
I need it to be able to farm gold also