Digital Shadow

Inspiration

This project started after I was hacked out of one of my online accounts and temporarily lost access to it. In that moment, I realized how quickly control over my own digital identity could disappear. Content I had posted, messages I had sent, and personal information I thought I “owned” were suddenly no longer private or even accessible to me. What felt unsettling wasn’t just the breach itself, but how little visibility I had into why it happened or what information may have been used against me. That experience made it clear that most people don’t lack concern about privacy...they lack tools that show how exposed they really are. Digital Shadow was built to close that gap by turning invisible risk into something users can actually see and understand.

What it does

Digital Shadow is a visual OSINT audit tool that helps users understand how public information and past data breaches translate into real personal risk. Instead of presenting scattered data points, the app maps a user’s public footprint into an interactive “Digital Constellation,” showing how things like LinkedIn roles, GitHub activity, and leaked credentials connect to form a higher-risk profile. To keep privacy at the center of the experience, sensitive insights are hidden behind a Privacy Gate. Users verify their identity through Google OAuth before accessing their Verified Core, where risks are reframed into a clear, personalized resilience checklist rather than overwhelming or fear-driven alerts.

How we built it

We built Digital Shadow using Next.js with the App Router and Tailwind CSS to create a modern interface that feels lightweight but intentional. The constellation visuals were implemented using React Force Graph and Framer Motion to animate relationships between data points. Authentication and identity verification are handled through NextAuth.js with Google OAuth, allowing us to gate sensitive information without permanently storing user data. On the backend, we developed a TypeScript-based deduction engine that cross-references breach data with public social metadata to generate inferred threat models. To support a zero-persistence security approach, we relied on volatile React state for session-based exposure rather than long-term storage.

Challenges we ran into

One of our biggest challenges was translating messy, nested OSINT API responses into a clean and readable visualization. Preventing node overlap and text collisions in the force-directed graph required custom positioning logic and iterative tuning. We also ran into issues syncing authentication with search behavior, especially preserving user context across OAuth redirects without saving sensitive queries to permanent storage. Finally, we struggled with how to visualize inferred risks in a way that felt helpful rather than alarming. Turning raw breach strings into human-centered insights required careful calibration so the tool empowered users instead of relying on fear-based security messaging.

Accomplishments that we're proud of

We’re proud that we were able to take a pretty abstract cybersecurity idea and turn it into something visual and understandable. Instead of just telling users their data is exposed, Digital Shadow shows how different pieces of public information connect and why that matters. We also put a lot of thought into privacy while building this. We didn’t want to create a tool that could be misused, so we designed it so sensitive insights are only shown to people who can verify that the data actually belongs to them. For us, one of the biggest wins was realizing that even non-technical users could use the app and immediately understand their risk.

What we learned

We learned that privacy and usability are much harder to balance than we expected. Making something powerful without making it scary or invasive took a lot of iteration. We also learned how easily public data can be combined into a much more detailed profile than we initially assumed. On the technical side, we gained a better understanding of workflows, identity verification, and how to design with threat models in mind rather than just features. Overall, the project pushed us to think more carefully about how security tools should communicate risk to real people.

What's next for Digital Shadow

Next, we want to expand the types of data sources we analyze and improve how the risk insights are prioritized. Not all exposures are equally dangerous, and we want the app to better reflect that. We’re also interested in adding more guided recommendations so users don’t just see problems, but know exactly what steps to take to reduce their digital footprint, and possibly also redirect them to the solutions in a more direct approach. Long term, we see Digital Shadow becoming a preventative privacy tool that people check in on regularly, not just after something goes wrong.

Built With

• breachdirectoryapi
• browsersessionstorage
• geminiapi
• github
• googleoauth2.0
• identityprovider-googlecloudconsole
• javascript
• next.js
• nextauth.js
• reactstate
• serperapi
• typescript
• vercel