👻 GhostOut — The Story Behind the Shield
💡 Inspiration
Every woman in our team has experienced it — the unsettling feeling of a suspicious DM, a fake profile sending threats, an anonymous account that knows too much. We looked for tools to protect ourselves and found nothing proactive. Every platform waited for us to report abuse. By then, the damage was already done.
That's why we built GhostOut — not as a hackathon project, but as something we genuinely needed.
"87% of cyberstalking victims are women. We built the tool we wish existed."
🛠️ How We Built It
We designed a 4-engine parallel architecture:
Engine 1 — NLP Threat Detection
Using VADER sentiment analysis, we score every message in real-time. The threat score is calculated as:
$$S_{nlp} = (V_{compound} \times 0.20) + (K_{hits} \times 35 \times 0.50) + (E_{hits} \times 50 \times 0.30)$$
Where:
- $V_{compound}$ = VADER negativity score
- $K_{hits}$ = Threat keyword matches
- $E_{hits}$ = Escalation phrase matches
Engine 2 — Graph Bot Detection
NetworkX maps connections between accounts. A bot farm is detected when:
$$\text{Bot Farm} = \exists \text{ victim} : |{a \in Accounts : score(a) > 60}| \geq 3$$
Engine 3 — Predator Database
All predator IDs are stored as SHA-256 hashes:
$$H = SHA256(platform + ":" + user_id)$$
This ensures zero raw data is ever stored — completely privacy-safe and legally compliant.
Engine 4 — Master Threat API
All 3 engines fire in parallel. Final score:
$$S_{master} = (S_{nlp} \times 0.35) + (S_{bot} \times 0.35) + (\min(R \times 25, 100) \times 0.30)$$
Where $R$ = number of community reports.
📚 What We Learned
- How to build multi-engine parallel APIs with FastAPI
- Real-world application of NLP sentiment analysis
- Graph theory for social network threat detection
- Privacy-first design using cryptographic hashing
- How to deploy full-stack applications on Netlify + Render
⚡ Challenges We Faced
1. VADER Scoring Limitation
VADER is general-purpose — it couldn't detect stalking language like "I know where you live" as threatening. We solved this by building a custom keyword boosting system with weighted scoring.
2. Neo4j Network Blocking
Our hostel WiFi blocked port 7687 (Neo4j's port). We pivoted to NetworkX — an in-memory graph library that achieved the same bot farm detection with zero network dependency.
3. Privacy vs Functionality
Storing predator IDs creates privacy risks. We solved this with SHA-256 hashing — matching threats without ever storing raw identities.
4. CORS & Deployment
Connecting frontend (Netlify) to backend (Render) required careful CORS middleware configuration across all 4 engines.
🏆 What Makes GhostOut Different
| Feature | GhostOut | Others |
|---|---|---|
| Proactive detection | ✅ | ❌ |
| Privacy-first (SHA-256) | ✅ | ❌ |
| Community predator DB | ✅ | ❌ |
| Legal evidence package | ✅ | ❌ |
| Works before harm occurs | ✅ | ❌ |
🔮 What's Next
- Browser extension for real-time social media scanning
- Multilingual threat detection (Tamil, Hindi, Bengali)
- Mobile app with one-tap SOS
- Integration with cybercrime.gov.in API
- Pan-India NGO partnerships
Built with purpose. Driven by lived experience. Powered by AI.
"Every stalker starts as a stranger with a fake name. GhostOut makes sure he never gets past hello."
What we learned
Log in or sign up for Devpost to join the conversation.