Chat Authentication via Personality and Intent

A behavioral trust layer that detects when someone isn’t you anymore—even if they have your account. Leverage an understanding of personality and the intent of messages to improve digital safety.

Comment

About the Project

Inspiration

Nearly everyone communicates through messaging platforms, and we trust those conversations because we trust the person behind them.

But we noticed something subtle: accounts look valid even if they are hijacked.

After seeing compromised accounts and scam messages from friends or mutuals, the question became: how do you know it’s still the same person talking to you?

Current systems verify access — passwords, sessions, devices — but they don’t verify behavior.

People have a strong gut feeling, and leveraging a digital synonym is achievable.

That led to a simple idea: identity is not a login event, it’s a pattern over time.

What We Built

We built a Behavioral Trust Layer for messaging.

Instead of asking “is this account logged in?”, we ask: “does this message still feel like the same person?”

The system works in three parts:

  1. Behavioral profiling

    • Learns how a user typically communicates (tone, structure, emoji use, cadence)

  2. Real-time message scoring

    • Detects tone drift and suspicious signals (urgency, financial requests, etc.)

  3. Pattern + spread detection

    • Links suspicious messages across users to identify recurring scam patterns

We also introduced a lightweight experimental idea:

Identity has two layers:

  • how you usually express yourself (personality)
  • what you are trying to do (intent)

Even if an attacker mimics tone, intent is harder to fake.

How We Built It

We focused on a lightweight, explainable system that could be demoed clearly in a hackathon setting.

  • Built a client-heavy Next.js app with a small API layer
  • Used simple statistical features to model tone:
    • message length, punctuation, emoji density, vocabulary patterns
  • Applied rule-based signals for scam detection:
    • urgency, financial requests, authority language
  • Added similarity matching to detect repeated scam patterns across users
  • Structured the UI as a story-first experience:
    • from one suspicious DM → to platform-wide spread

The system intentionally avoids heavy ML dependencies so that:

  • results are explainable
  • the demo is reliable
  • the core idea is easy to understand

Challenges

  • Making “tone” measurable without making it feel vague or magical
  • Keeping the system simple enough to explain in under 2 minutes
  • Balancing personal detection (one DM) with platform-level value (pattern spread)
  • Avoiding overengineering while still showing a forward-looking system

What We Learned

  • The emotional story matters as much as the technical implementation
  • Users recognize tone shifts intuitively, but need help explaining them
  • Behavioral signals can be surprisingly effective even without heavy ML
  • Platform-level value becomes clear when patterns are connected, not isolated

We also learned that:

people connect fastest with “this could happen to me” before they care how it works

Future Work

  • Add embedding-based semantic similarity for paraphrase-aware scam detection
  • Detect intent drift, not just tone drift
  • Analyze multi-message sequences instead of single messages
  • Explore platform policies:
    • when to warn users vs when to intervene (password reset for example)
  • More intelligent filtering as human chats are as variable as our lives, which are ever-changing.

Recent advances in embeddings and lightweight models make it possible to detect not just how messages are written, but what they mean — without requiring heavy infrastructure.

Closing Thought

We don’t replace authentication.

We add a behavioral warning layer for when trust silently breaks.

Built With

  • behavioral-analysis
  • cloudflared
  • jaccard-similarity/token-matching
  • local-json
  • next.js
  • node.js
  • react
  • scam-detection
  • typescript
Share this project:

Updates