software

I Built an Open-Source Privacy Firewall for ChatGPT (Runs 100% Locally)

Published: (December 7, 2025 at 07:19 PM EST)
3 min read
Source: Dev.to

Source: Dev.to

Overview

Every developer I know uses ChatGPT or Claude daily, and every CISO is terrified of potential compliance violations or data‑breach notifications.
It’s not that AI is bad, but it’s far too easy to leak sensitive data without realizing it:

  • Customer emails
  • API keys
  • Logs with tokens
  • Stack traces with secrets
  • HR info
  • Employee names / internal IDs

We’ve all pasted something into ChatGPT and thought, “Wait… should I really be sending this?”

PrivacyFirewall is an open‑source, local‑first privacy shield that blocks sensitive data before it is sent to any AI tool.
👉 GitHub:

The Problem with Traditional DLP

Traditional Data Loss Prevention (DLP) tools were built for email, file uploads, and network traffic—they don’t protect AI prompts. When you paste something into ChatGPT:

  1. It instantly leaves your browser
  2. It goes to a third‑party server
  3. It becomes part of your company’s risk surface

Most leaks today aren’t malicious; they’re accidental. Developers paste logs, support teams paste customer messages, HR pastes resumes, engineers paste configs. Once it’s pasted, it’s gone.

Solution Overview

PrivacyFirewall intercepts data before the send button, giving you a chance to stop mistakes. The data never leaves your computer.

Key Features

  • Blocks risky paste events (emails, API keys, credit‑card patterns, tokens)
  • Warns as you type when text looks sensitive
  • Optional AI mode using a tiny local transformer (NER)
  • Zero cloud calls — everything runs offline
  • Chrome extension + optional local FastAPI agent
  • Open source under MIT

Benefits

  • ✅ Compliance‑friendly – no data leaves your machine
  • ✅ Zero latency – instant scanning, no network calls
  • ✅ Works offline – on flights, VPNs, air‑gapped systems
  • ✅ No subscription costs – run it forever, free

How It Works

PrivacyFirewall has two layers:

Lite Mode (no backend)

  • Loads immediately with the Chrome extension.
  • Detects via regex:
    • Email addresses
    • Phone numbers
    • JWT tokens
    • AWS keys
    • Private key blocks
    • Credit‑card patterns
    • IP addresses
    • Hash/API keys

Requirements: none – no Python, no downloads, no models, no server.

Advanced Mode (optional local FastAPI backend)

  • Run a FastAPI server at http://127.0.0.1:8765.
  • Uses the dslim/bert-base-NER transformer for on‑device Named Entity Recognition (NER).
  • No internet connection required; inference runs locally via Hugging Face.

This catches entities a regex can’t detect, such as:

  • People’s names
  • Organizations
  • Locations
  • Contextual clues

If the engine goes offline, PrivacyFirewall automatically falls back to Lite Mode, ensuring continuous protection.

Demo Paste Examples

InputExpected Result
john.doe@example.com“Email Detected” modal
AKIAIOSFODNN7EXAMPLEBlocked as AWS Access Key
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...Caught as JWT token
“Meeting notes from Sarah Thompson at HR…”Advanced Mode flags PERSON and warns

All detection happens locally inside your browser.

Installation & Quick Start

# Clone the repository
git clone https://github.com/privacyshield-ai/privacy-firewall.git
  1. Open Chrome → Extensions → Enable Developer mode.
  2. Click Load unpacked and select privacy-firewall/src/extension.
  3. (Optional) Run the FastAPI agent: 
    cd privacy-firewall
python -m uvicorn agent:app --host 127.0.0.1 --port 8765
  4. Open ChatGPT (or any AI tool), paste something sensitive, and observe the warning/block.

Full instructions are available in the repository README.

Technical Stack

  • Chrome Manifest V3 (content scripts + background worker)
  • FastAPI for the local agent
  • Hugging Face Transformers (dslim/bert-base-NER) for on‑device NER
  • Regex engine for deterministic detection

Current Focus / Roadmap

  • UI settings panel in the popup
  • Custom detection rules
  • Support for Slack, Jira, Notion AI
  • Firefox support
  • Quantized models for faster inference & smaller footprint
  • Packaging the agent as a small desktop app (Windows/macOS/Linux)
  • Better redaction instead of blocking

FAQ & Community

  • Does this slow down my typing?
    No. Lite Mode runs entirely in the browser with negligible overhead; Advanced Mode adds only local CPU inference.

  • Can I whitelist certain patterns?
    Yes. The upcoming UI will let you add custom allow‑lists.

  • Does it work with Claude, Gemini, or other AI tools?
    The extension monitors paste events in any web page, so it works with any AI web UI.

We’d love feedback from:

  • Security engineers
  • AI safety folks
  • Chrome extension developers
  • Anyone who’s accidentally pasted sensitive data into an AI tool 👀

Try It Out 🚀

  • ⭐ Star the repo
  • Share your feedback in the Issues section
  • Contribute if you have ideas or improvements

Have you ever accidentally pasted something sensitive into an AI tool? Thanks for reading — hope this helps make AI usage a little safer.

Back to Blog

Related posts

Read more »