Real-time personal info protection for kids, powered by privacy.
Built at FOSSASIA Hackathon 2026 - Secure by Design: Privacy-First Digital Safety for Young Users
Children frequently share personal information online without understanding the consequences. In chat rooms, comment sections, game lobbies, and social media, kids routinely type their real names, home addresses, phone numbers, school names, and ages -- information that can be exploited by bad actors. Existing parental controls either block entire websites (too restrictive) or monitor everything the child does (surveillance). There's a gap: real-time protection that respects the child's privacy too.
AmShield is a Chrome browser extension that warns children in real-time when they're about to type or send personal information into any website input field. It works on every website -- chat boxes, comment sections, search bars, forums, games -- anywhere a child might type.
When AmShield detects sensitive information, it shows a clean, approachable warning overlay that explains the risk and lets the child choose what to do: remove the info, allow it, or dismiss the warning.
AmShield is built on a fundamental principle: safety WITHOUT surveillance.
- 100% on-device processing - All text detection and pattern matching runs locally in the browser. No keystrokes, typed text, or field contents are ever transmitted to any server.
- Zero network calls - The extension makes absolutely no API calls, no analytics, no telemetry. Verifiable by inspecting the Network tab in DevTools.
- Parents see only aggregate counts - The dashboard shows "3 warnings today" never what was typed or which sites were visited.
- Architecturally incapable of surveillance - There is no server endpoint, no data collection code, no transmission mechanism. The extension physically cannot leak what the child types.
- Encrypted local storage - Protected information (child's name, address, etc.) is encrypted with AES-256-GCM via the Web Crypto API before being stored in
chrome.storage.local. Even if someone accesses the extension data directly, they cannot read the protected info without the device-specific encryption key.
- Real-time detection - Detects personal info as the child types, before it's sent
- Two-layer detection engine:
- Layer 1: Exact/fuzzy matching against parent-configured protected information (names, addresses, phone numbers, school, email, custom phrases)
- Layer 2: Regex-based pattern detection for phone numbers, email addresses, age declarations, home addresses, location sharing, and school names
- Context-aware risk scoring - Reduces false positives by analyzing field context (login forms = low risk, chat boxes = high risk)
- Clean warning overlay - Professional, approachable design with SVG icons and clear choices (Remove / Allow / Dismiss)
- Shadow DOM isolation - Warning overlay styles never conflict with host page CSS
- Dynamic field detection - MutationObserver + document-level event delegation + periodic polling covers all editors including CodeMirror, React, Vue, and SPAs
- AES-256-GCM encryption - All protected info is encrypted at rest using the Web Crypto API
- Parent dashboard - Stats display with hidden edit access (triple-click to reveal)
- Daily warning badge - Extension icon shows today's warning count
- Works everywhere - Any website, any input field, any chat box
- Download or clone this repository
- Open Chrome and navigate to
chrome://extensions/ - Enable Developer mode (toggle in the top-right corner)
- Click "Load unpacked"
- Select the
AmShieldfolder - Click the AmShield icon in the toolbar to set up protected information
- Start browsing - AmShield is now active on all websites
Layer 1 - Protected Info Matching: Parents enter their child's personal information (name, address, school, phone, email, family names, custom phrases). The detection engine normalizes text and performs fuzzy substring matching against this list on every keystroke.
Layer 2 - PII Pattern Detection: Even without configured info, AmShield detects common PII patterns using regex:
- Phone numbers in multiple formats
- Email addresses
- Age declarations ("I'm 12", "13 years old", "born in 2013")
- Street addresses and postal codes
- Location-sharing phrases ("I live in...", "my address is...")
- School name mentions
Context-Aware Risk Scoring: Each input field is scored for risk level:
- Low risk (no warning): Login forms, known sign-in pages (Google, Microsoft, Apple)
- Medium risk (warning): Search bars, signup forms
- High risk (warning): Chat boxes, comment sections, social media composers, forums, game chat, contenteditable fields
- Pure JavaScript - No frameworks, no build step, no dependencies
- Chrome Extension Manifest V3 - Modern extension architecture
- Web Crypto API - AES-256-GCM encryption for stored data
- Shadow DOM - Style-isolated warning overlay
- MutationObserver - Dynamic content detection
- chrome.storage.local - Encrypted local-only data storage
- chrome.alarms - Daily stat reset scheduling
AmShield/
├── manifest.json # Extension manifest (V3)
├── background.js # Service worker (badge, stats, messaging)
├── content/
│ ├── content.js # Detection engine + input listeners
│ ├── overlay.js # Warning overlay UI (Shadow DOM)
│ └── overlay.css # Overlay styles reference
├── popup/
│ ├── popup.html # Parent setup & dashboard
│ ├── popup.js # Popup logic + encryption
│ └── popup.css # Popup styles
├── icons/
│ ├── icon16.png
│ ├── icon48.png
│ └── icon128.png
├── README.md
└── LICENSE
MIT License - See LICENSE for details.
Built at FOSSASIA Hackathon 2026
- Nichapa Jongsakulsiri (Film)
- Theerawat Patthawee (Champ)
- Nang Hayman Aye Mya (Alora)
- Khin Nadi Ko (Nadi)
- Napat Chang-Ekwong (Pat)
- Yossapan Rujipornprasert (Belle)