Tackl

Tackl reads the fine print so you don’t have to! With one click, learn how your information is being used and how to protect yourself in the digital environment.

Comment

Inspiration

We noticed a scary trend that Terms & Conditions are becoming longer and more aggressive. For women, digital privacy isn’t just about ads, it’s about safety. With T&C’s becoming increasingly more invasive regarding biometric and location data, we wanted to build a tool that doesn’t just warn you that an app or website is sketchy, but actually gives you the steps to take action. Whether that is showing hidden changeable settings, or legal emails to opt you out of unwanted features or even delete your account and data entirely.

What it does

We created a chrome extension which scans terms & conditions pages in order to help users protect their privacy. The extension will either scan the current terms and conditions page you are on or find a link, and use Gemini AI to analyze the page. The extension will identify 8 possible privacy risks, as well as 5 recommendations to the user to maximize their safety after they have already accepted the terms. Additionally, there's a feature which allows them to easily delete their account and data or generate a formal email to opt out of the website's data collection. The user must input their own Gemini API key in order for the extension to work.

How we built it

Tackl is a Chrome Extension designed to encourage safety and privacy in the digital space. Our frontend framework was built using TypeScript, Vite and React, which allowed us to maintain the flow of data between the popup, the browser tab, and background scripts. We also integrated the Gemini API to analyze web pages and scrape information from the webpage. Our project started with a simple Chrome extension structure, and next we began prompting the Gemini API using Google AI Studio. We built the frontend and backend separately, and used the API as the bridge between the two.

Challenges we ran into

A huge challenge we encountered was setting up the API. In previous projects, we had simply hidden our API key into a .env file, which would be ignored when pushed to GitHub. However, Chrome extensions operate differently. If we had a key in the build, it would be possible for anyone to steal it. Our solution was to have a model where the user inputs their own API key through the settings page. This allowed us to keep the project as free, as well as ensure there were no leaks with the API key.

Accomplishments that we're proud of

One of our biggest accomplishments was creating a tool that does more than just identifying privacy risks, it gives users simple solutions. We're also proud of our implementation of the Gemini API into the Chrome extension, especially with the issues we experienced surrounding API management. The extension has a clean connection between the popup, background scripts, and browser tab. The user experience is simple and intuitive.

What we learned

We learned a lot about how Chrome extensions differ from simple websites or apps, including the service worker and scripts. We learned that their basic security restraints differ drastically as well, and we were forced to overcome a hurdle we were not expecting at all. We learned about how AI APIs work and the process of implementing them into a project, and how to prompt them to return our desired input. Another learning moment was when it came time to scrape the information from the web browser. What had initially seemed like a simple task turned out to be a lot more difficult in practice. We were forced to experiment with DOM querying and work within a limited amount of tokens.

What's next for Tackl

In order to build on Tackl, we would like to add a feature where users are able to see recent policy changes and how that might make their experience with the website different. Our current project also relies heavily on Gemini API, but using a single model has its limitations. Using multiple AI models for support would improve consistency and reduce risk of downtime. In terms of user experience, ideally in the future we would find a way to implement an API without requiring users to input their own key, whether it be through a server or any other method.

Built With

Share this project:

Updates