-
-
Working Diagram
-
JS Object behind the scenes to show its not hard coded
-
The backend API
-
Example Toast
-
Highlights view
-
Example clause detail
-
Example Scroll Details view
-
Happy puppy that has nothing to do with this code, but I'll still include it
CLOSED CAPTIONS.
Please enable them if you have trouble understanding my bad mic. It took me way too long to transliterate my speech into text.
🎯 Inspiration
Would you sell your soul for video games? In 2010, a gaming company added a clause in their Terms of Service to own the souls of their customers, y'know as an April Fools prank. If someone read the clause, they were offered 10% discount! Out of the 7,500 people who purchased something that day, none of them found the clause. And that's because...
No one reads the Terms of Service.
This story was hilarious to me.
A study from Carnegie Mellon found it would take the average person 76 workdays a year to read all the privacy policies they encounter. Companies know this, and some hide questionable practices in plain sight.
Like the 2019 company FaceApp, that quietly slipped in a clause giving them
"A perpetual, irrevocable, royalty-free, worldwide, fully-paid, transferable license"
to use your face however they liked.
Millions uploaded selfies. Most didn’t know they signed away biometric data, potentially forever.
Why current solutions don't work
Companies make it extremely easy for you to agree to their Terms and Conditions. It's usually just checking this tiny box:
On the other hand, actually trying to make sense of the Terms requires a lot of cognitive load. These documents are often:
- Long — the average privacy policy is over 2,500 words
- Dense — packed with legal jargon like “third-party affiliates”, “arbitration clauses”, and “waiver of rights”
- Deliberately vague — using language that gives companies flexibility but leaves users confused
Taking the time to understanding them is way too much cognitive load to take on a regular basis.
In fact, these documents feel less like documents, and more like ancient scrolls full of puzzles. So, y'know, maybe a wizard can help you up there.
🪄 What it does
Gandalf The Red is a Chrome extension that does the heavy reading for you. Crucially, without increasing any cognitive load.
The main feature of this extension is it's scraper. As soon as you land on a website, the scraper scrapes the privacy and terms policies on different pages, and compiles them in a format to be processed. It then sends this data to an AI model, and gives you:
- A grade (A to E) based on user-friendliness and data respect
- Highlighted concerns (like data sharing or vague clauses)
- A summary in human-readable language
- A LOTR-styled popup interface with a touch of fantasy
🧾 Grade System
I took the grade system prompted in the style of ToS;DR
| Grade | Meaning | Gandalf's Response |
|---|---|---|
| A | Very Good (transparent, respects user rights) | “Gandalf Smiles Upon You” |
| B | Good (minor issues, mostly user-friendly) | “Second Breakfast Approved” |
| C | Average (some mildly problematic clauses) | “Proceed with Caution” |
| D | Poor (many concerning or vague clauses) | “The Eye of Sauron Watches” |
| E | Very Poor (major rights/privacy concerns) | “YOU SHALL NOT PASS” |
🛠️ How we built it
| Component | Tech Stack |
|---|---|
| Chrome Extension | JavaScript, Manifest V3 |
| Backend | Node.js (Express) |
| AI Scoring | GPT-4 with custom prompt based on ToS;DR principles |
| Theming | LOTR-style colors, GIFs, and phrases |
I wrote a custom prompt to extract summaries, grade content, and output structured JSON from raw policy text.
🧗 Challenges we ran into
- Parsing messy or oddly-formatted HTML policy content
- Making the AI output structured and predictable
- Designing a UI that was fun without being gimmicky (not sure if I managed this)
- Keeping the Chrome extension responsive with large text payloads
🏆 Accomplishments we're proud of
- I convinced a Chrome extension to cosplay as Gandalf. Yes, really.
- Built an end-to-end AI pipeline that scans ToS documents and judges them with more clarity than we usually have reading them ourselves.
- Pulled off LOTR references without making it too cringe (I think).
- Got GPT to not hallucinate elves into Amazon's Privacy Policy — mostly.
What we learned
TL;DR: We learned that privacy literacy doesn't have to be boring — and that a wizard with a laptop and a gradebook can go a long way.
🧙 What's next for Gandalf The Red
I’m planning to add smarter AI grading (with memory!), more context-aware flagging, and maybe even support for other languages. I would also like to create a centralised database for checks, because AIs hallucinates and need humans to check over and be able to edit their work. For now, at least.
Also on the wishlist: mobile support, real-time popups when a site tries something fishy, and a button to say, “uhhh Gandalf, explain this please.”
Basically: more wizard, less headache.
Built With
- chrome-manifest
- hopes-and-prayers
- javascript
Log in or sign up for Devpost to join the conversation.