PrivacyMyst reads each page the way a data broker would, warns you the instant a site starts building a profile, and blocks known trackers, malware and phishing. The analysis runs entirely on your machine — the text you read never touches a server.
Watch a profiling attempt fall apart.
Open a page that wants your data and PrivacyMyst scores the risk on-device, then severs every tracker, fingerprinter and malware host before it phones home. Scroll to run it.
0
Scanning…
On-device classifier · WebGPU
Illustrative recreation of the extension UI. Page text is classified locally and discarded — nothing is uploaded.
Three layers, all running inside your browser.
It reads the page like a profiler would
A local model scores every page for sensitive context — health, finance, identity — and tells you the moment a visit could become a profiling event. The text never leaves the tab.
It blocks the network behind the page
A curated, license-clean list of trackers, malware and phishing domains is enforced everywhere. On a page the AI flags as sensitive, blocking escalates to a stricter tier scoped to that site only.
It tells you exactly why
Every block is labelled with the reason and the source list, so you can see precisely which broker or malware host was about to receive your data.
A full privacy toolkit — not a single trick.
Six defenses that layer together. The first two are live and verifiable today; the rest are in active development.
AI Deep Dive
A local language model and classifier flag profiling and manipulation risk on the page you're reading.
On deviceRisk-adaptive blocking
Loose baseline everywhere, scorched earth on sensitive pages — driven by the page risk score, not a fixed rule.
Signed feedLink Guard
Checks links on hover with zero network calls and adds a short cool-down before risky clicks.
Zero networkMailGuard
Reads rendered webmail locally to flag sender spoofing, risky attachments and known campaign patterns.
On deviceFingerprint defense
Bionic Blur softens canvas, audio and motion signals so trackers can't stitch your sessions together.
Per originHoneypot & noise
Poisons tracker parameters and injects believable noise, so the profile that gets built is simply wrong.
ActivePrivacy software you can't verify is just a promise.
This one is built to be checked — by you, line by line.
The AI never phones home
Models run in your browser over WebGPU and WebAssembly. There's no server to send your page text to — because there is no server.
Updates are signed, not trusted
The blocklist is delivered as data, never code, and every update carries an Ed25519 signature the extension verifies before applying. A broken or hostile server can't poison your install.
It fails safe
If an update is missing, stale or unsigned, the extension keeps the last good list. The worst a bad update can do is block too much — never unblock malware or leak data.
Threat feeds are open-source and license-clean. Overlapping lists are deduplicated so the same bad domain is never counted twice.
Don't trust us. Read the code.
Every layer — the on-device models, the signature checks, the blocklist pipeline — is public and auditable. Fork it, build it, break it, send a PR. Privacy you can't inspect isn't privacy.
A developer preview for Chromium browsers.
No sign-up, no account, no email. The package ships its full on-device AI models, so it builds from source rather than a casual download.
Build from source
Clone the repo and run the build script: npm run build.
Enable developer mode
Open your browser's extensions page and switch on developer mode.
Load unpacked
Choose Load unpacked and select the build output folder.
PrivacyMyst — Developer Preview
Local page analysis & the signed blocklist are live and verifiable today.