Private - C | Devpost

Inspiration

Inspiration We live in an era where "I have read and agree to the terms" is the biggest lie on the internet. Our team was inspired by the realization that privacy is no longer just about blocking ads; it’s about defending against biometric inference and predatory data modeling. We saw how sites can now "infer" your heart rate from a camera feed or surge prices based on your 1% phone battery. We wanted to build a tool that doesn’t just block trackers, but acts as a Privacy Intelligence Agency for the everyday user.

What it does

Private-C is an intelligent browser privacy extension that creates a protective "Sandbox" between you and the web.

AI Policy Scanning: Uses Google Gemini to instantly scan 50-page legal documents and flag "Red Alert" clauses like data selling or biometric tracking.

Tactical Audio (ElevenLabs): Features Sergeant Sherlock, an AI voice mascot that gives real-time tactical briefings on intercepted threats.

Active Deception: Instead of breaking sites by blocking everything, it injects "Null Noise"—fake battery levels and randomized sensor data—to poison the trackers' data.

Enterprise Dashboard: A Vultr-hosted IT dashboard that aggregates privacy risks across multiple devices, turning personal protection into a managed infrastructure.

How we built it

We prioritized a high-performance, scalable architecture to ensure privacy doesn't slow down the user:

Frontend: A Chrome Extension (Manifest V3) using JavaScript for request interception, cookie management, and DOM manipulation for "Null Value" injection.

AI Engine: Integrated Google Gemini API to perform NLP on complex privacy policies, categorizing risks into human-readable alerts.

Voice Interface: ElevenLabs API powers our mascot, Sergeant Sherlock, providing low-latency, expressive audio feedback.

Infrastructure: Deployed a Vultr Load Balancer and Cloud Compute nodes to handle backend API traffic and centralize threat intelligence.

Database: MongoDB Atlas stores "Privacy Caches," allowing us to deliver instant policy summaries if another user has already scanned a domain.

Challenges we faced

Manifest V3 Restrictions: Google’s new extension rules limited our ability to block scripts in real-time. We overcame this by shifting our heavy logic to a Vultr-hosted Proxy and using declarativeNetRequest for baseline protection.

Latency vs. Intelligence: Running an AI scan on every page load is slow. We built a Hashed Caching System in MongoDB so that common policies are served instantly, only calling Gemini when a policy version changes.

"Site Breakage": Aggressive blocking often breaks websites. We solved this by implementing Heuristic Sandboxing—categorizing sites (e.g., "Utility" vs. "High Risk") to apply different levels of restriction.

Accomplishments that we're proud of

Successfully detecting and "spoofing" the Battery Status API to prevent price discrimination.

Developing a Biometric Defense concept that addresses 2026-level threats like rPPG (heartbeat detection).

Creating a seamless bridge between the browser (Extension) and a professional IT environment (Vultr Dashboard).

What we learned

We learned that the "Privacy Arms Race" is moving toward Inference. It’s not about what you type anymore; it’s about how your hardware (accelerometers, light sensors, cameras) "leaks" your physical state. We also gained deep experience in deploying Load Balanced architectures on Vultr and prompt engineering for legal document analysis.