FinePrint

FinePrint is a private Chrome extension that uses LLaMA 3.3 via Groq to instantly scan TOS and cookie banners, delivering an on-page safety verdict without slowing down your browsing.

Comment

Inspiration

We’ve all done it: clicked "Accept All" or "Agree to Terms" without reading a single word. Legal teams deliberately construct massive, opaque walls of text to bury data-harvesting practices, invasive tracking clauses, and aggressive permission requests. The average user doesn't have the time or legal expertise to read hundreds of pages of documentation just to browse a website safely. We wanted to build a tool that flips the script—putting a team of AI privacy lawyers directly into the user's browser to read between the lines instantly, transparently, and automatically.

What it does

FinePrint is a privacy-first Chrome Extension (Manifest V3) that monitors your browsing context in real time to protect your data.

  • Smart Detection: It silently scans active pages to identify Terms of Service, Privacy Policies, cookie consent prompts, and system permission triggers.
  • On-Page Verdicts: It extracts the core text, runs a lightweight analysis pipeline, and renders a non-intrusive fixed overlay in the top-right corner containing an immediate risk evaluation: Safe (🟢), Warning (🟡), or Danger (🔴).
  • Deep Insight: Along with the verdict, it surfaces a precise risk score out of 100 and highlights the top data-handling flags found in the text.
  • Local Auditing: Everything is saved to an on-device local storage vault, allowing users to view a comprehensive historical breakdown of their web exposure via a clean, unified dashboard.

How we built it

The extension is engineered for performance, relying on zero external build tools or heavy packages to maintain an incredibly small footprint.

  • Frontend Overlay & Scanner (content.js, style.css): Built using vanilla JavaScript and modular CSS. It implements custom DOM traversal heuristics to detect legal headers or banner components, pulling up to 3,000 characters of critical text without blocking main-thread rendering.
  • Background Service Worker (background.js): Acts as the orchestrator. It manages asynchronous data transport, state persistence with chrome.storage.local, and securely communicates with the Groq API.
  • AI Analysis Pipeline: We leveraged the LLaMA 3.3 70B model via Groq's high-throughput infrastructure. By enforcing JSON-mode formatting in our background prompts, we guaranteed structured, reliable data feeds directly into our UI scripts.
  • Dashboard & Configuration (popup.js, dashboard.js): Created standalone, fast-loading control interfaces using native browser APIs to filter, aggregate, and display historic data.

Challenges we ran into

One of the biggest hurdles was developing an optimal extraction strategy. Pulling an entire 50,000-word privacy document would instantly hit context window boundaries or result in high API latency. We had to create specific substring heuristics to extract the most volatile sections—such as "Data Sharing," "Third Parties," and "Jurisdiction"—compressing the footprint down to an efficient 3,000-character payload.

Additionally, handling state across asynchronous content scripts without causing visual lag or duplicate API calls required a robust caching solution. We resolved this by implementing an algorithmic 1-hour domain deduplication gate in local storage, ensuring that jumping between subpages on the same site won't flood the API or re-trigger intrusive layout shifts.

Accomplishments that we're proud of

We successfully built a highly functional, secure, and production-ready tool with zero external dependencies. FinePrint doesn't rely on Webpack, Vite, npm packages, or intermediate backend wrappers.

Achieving a sub-second response time for complex text classification using LLaMA 3.3 via Groq was a major win. We are also incredibly proud of our rigid privacy architecture: your API keys and raw legal data never hit a proprietary third-party tracking server—everything is kept explicitly under the user's control.

What we learned

Building under Manifest V3 reinforced the importance of strict security boundaries and efficient resource lifecycles, especially when handling modern background service workers that can terminate unpredictably. We also learned how to master deterministic prompt engineering to ensure that an LLM consistently yields predictable, error-free JSON structures without requiring heavy validation libraries on the client side.

What's next for FinePrint

The immediate roadmap focuses on making FinePrint even more automated and analytical:

  • Automated Action: Moving from passive analysis to active mitigation by integrating automated opt-out triggers that automatically reject cookie tracking based on the detected text patterns.
  • Differential Analysis: Highlighting exactly what changed in a privacy policy since the last time you visited the domain.
  • Local LLM Execution: Testing WebGPU-accelerated on-device models to perform the text classification locally in the browser, eliminating external API calls entirely for an absolute zero-knowledge privacy workflow.
Share this project:

Updates