Inspiration
The spark for TraceBack came from a friction point I face constantly as a student: the loss of digital privacy.
The idea originated when I was researching enterprise cybersecurity and learned about "Canary Tokens"—digital tripwires that companies hide in their servers to catch hackers. It clicked: Why do only big companies get sophisticated tools to track intruders?
I realized I could adapt that high-level security concept for everyday users—giving regular people the power to set traps for companies that betray their trust. When the Hoobit Ideathon announced the theme "Friction Points," I knew immediately that this was the problem I needed to solve.
How I Built It
I approached this project with a "Security First" mindset. The core architecture relies on a permanent forwarding mechanism rather than temporary inboxes.
The system is built on a specific logic flow:
- The Injection: A Browser Extension (manifest V3) detects a signup form.
- The Generation: It calls an API to generate a unique alias using a high-entropy mapping function: $$f(User_{ID}, Service_{URL}) \rightarrow Alias_{Hash}$$
- The Forwarding: The backend (built on AWS SES/Postfix) acts as a relay. It maintains an encrypted lookup table. When an email arrives at the alias, the system verifies the sender using the following logic: $$\text{If } (Sender_{Domain} \neq Expected_{Domain}) \rightarrow \text{Trigger Leak Alert}$$
I designed the MVP to be platform-agnostic, ensuring that users retain ownership of their accounts even if they stop using the extension.
Challenges I Faced
Building this solo presented unique hurdles.
- The "Cat-and-Mouse" Game: The biggest technical challenge was designing a system that hostile companies couldn't easily block. I had to devise a Domain Rotation and Randomized Alias strategy to ensure that my privacy tools couldn't be detected by anti-spam filters.
- The "Page Prohibited" Scare: During the hackathon, the event page became prohibited/inaccessible for a period of time. It was a moment of genuine panic—worrying if the platform was down or if I had missed a critical update. However, I stayed focused on the documentation and continued building offline, which ultimately kept the momentum going.
What I Learned
This project pushed me to think beyond just "coding" and focus on System Design. I learned deeply about:
- Email Protocols: The intricacies of SMTP headers and how to verify sender identity to prevent false positives.
- Product Psychology: How to build a security tool that doesn't scare the user, but empowers them.
- Resilience: Pushing through technical blocks and platform issues to deliver a polished concept.
TraceBack isn't just a tool; it's a shift in power dynamics, turning the user from a passive victim into an active auditor of their own digital life.
Built With
- aws-lamda
- aws-ses
- css3
- express.js
- html5
- javascript
- manifest-v3
- node.js
- postgresql
Log in or sign up for Devpost to join the conversation.