PhishLink

Inspiration

The Web today is plagued with too much information and we as the seeders and feeders of the web always want more. We want to solve this problem of "information overload" with GraphQL (Graph Query Language) by providing a finer grained access to widely available data on the internet, thats not only trustable but also preserves privacy and gives its users empowered freedom of expression.

What it does

PhishLink was built with the motivation of allowing users to trust the links or URL's (Universal Resource Locators) they click, on the internet. It checks this information from reliable information sources like Google Safe (Lookup API). Although there are other services on the internet that already do this, however they all use REST API (Representational State Transfer Application Programming Interface) which is not sustainable for the only reason that they don't provide privacy, safety and freedom of expression to its users. A GraphQL API on the other hand provisions fine grained access control to data thus preserving privacy of its users and thus empowering freedom of expression.

How we built it

PhishLink was built using the GraphQL Apollo server that allows the schema of REST API services, like Google Safe Browser API to be replicated in GraphQL API. The Apollo server backend then sends requests from the newly created Schema to the Google REST API to check if a URL is a trustable source of information. The GraphQL API is made public by deploying the subgraph using Railway and accessible through the Apollo Studio.

Challenges we ran into

One of the biggest challenges we ran into with this project, was that we started it with the LiftOffSeries Tutorials on the Apollo Server Website. The schema implementations of the project used for these tutorials are not standard (using .js instead of .graphql file extensions).

We also faced challenges with replicating the the Google Safe API Schema onto GraphQL as the structure doesn't use straight forward data types.

Accomplishments that we're proud of

We are confident that PhishLink even though in its nascent stages today will serve as a platform for both security and education. With its ability to facilitate for URL checking through Google Safe API it will provision a safer internet, yet maintaining privacy for its users by allowing fine grained access control to those who connect to this publicly available GraphQL API, thus laying the foundation for a more cyber secure and sustainable internet. Especially for people like us that are prey to phishing attacks through social engineering tactics and don't want to share our information of our whereabouts in the wider web. We do not earn any fee for this application, and provision it completely free to serve as an educational content. We are also proud of PhishLink's future vision in building a Web of Trust and extend its services to other cyber security issues that plague the internet due to unreliable and excessive information.

What we learned

Writing and deploying GraphQL API's using Apollo Server, Railway and Apollo Studio Writing and deploying a serverless API's using node.js Integrating third party API’s like Google Safe Browsing Lookup REST API for readily available information. Querying information from the GraphQL schema to the REST API interface

What's next for Phishlink

We would like to deliver the Web of Trust to users using GraphQL API's and build supergraphs that would integrate multiple such GraphQL API's as subgraphs. The subgraphs would get their information from multiple REST API and microservices with the aim of provisioning privacy, safety and cyber security information which can be fine grained at the subgraph level.

Built With

• apollo
• graphql
• node.js
• railway
• rest
• serverless