Achilles

• 

  Logo

• 

• 

  Website Overview

• 

  Sample Email

• 

  Email Overview

• 

  Profile

Inspiration

Every time our team visited a website, we were greeted by the infamous "Accept all cookies" prompt. This made us curious about the "magic" behind it and the type of information being taken from us. After deep research, we discovered how companies could extract sensitive user data, ranging from passwords to other services to even credit card information. This alarming revelation inspired us to create a solution to help users protect their personal data online. California also agreed with our worries and passed the CCPA(California Consumer Privacy Act) which requires companies to delete user info of any Californian if they are requested to.

What it does

Our solution offers a comprehensive approach to managing online privacy through a Chrome extension. Once installed, the extension tracks the user's browsing history and collects data on cookies submitted to various domains. It then performs an in-depth analysis of these cookies, analyzing personal cookies, and SSL configuration tests to ensure secure communication and using external services to understand the purpose and functionality of each cookie. This detailed examination helps us determine whether companies are adhering to ethical data practices or crossing privacy boundaries.

Additionally, we present this information in a user-friendly dashboard. This dashboard allows users to view comprehensive data on their cookie usage and provides the option to select specific companies from which they prefer to withhold their data. By offering these insights and controls, our tool empowers users to make informed decisions about their online privacy and take action against potential overreach by companies.

How we built it

To bring our solution to life, we began by setting up a cron job for our Chrome extension. This job was responsible for periodically sending a large volume of data from the extension to our Django backend. The backend then processed and analyzed this data using a range of tools to generate a high-level summary of each domain's security status and data practices.

For the analysis, we employed Retrieval-Augmented Generation (RAG) techniques, leveraging online services and web-scraped information to gain insights about each domain. We used Selenium, BeautifulSoup, and ChromeDriver for web scraping, ensuring that we could render and extract content accurately from dynamic web pages.

The collected data was fed into our Large Language Model (LLM), which synthesized the information into coherent summaries. We incorporated services from Cookieserve and SSL Labs to enhance our evaluation of cookie practices and SSL configurations.

After processing, the data was uploaded to our PHP server, which hosts our MySQL database. This server not only stores user data but also manages the emails sent by users. The final output is presented on a sleek, user-friendly dashboard. Here, users can view detailed data on their privacy and take action by sending automated emails to customer service departments of the domains they are concerned about. Our automated email system simplifies this process, drafting and sending messages on behalf of the users to request the deletion of their data, thus addressing legal concerns without requiring users to handle the details themselves.

Challenges we ran into

We ran into many challenges with Google OAuth for sending information from a JS frontend to our backend. We had several backend databases, so it was challenging to connect the PHP database with the other ones. We also faced many challenges with web scraping, having to add extra elements of Selenium and ChromeDriver in order to be able to react to websites with dynamic loading elements.

Accomplishments that we're proud of

What our team is proud of is creating a program that addresses a critical issue in data privacy. Many people realize that their data is being tracked, but they don't understand the extent of how their data is tracked. Our product helps effectively safeguard users' data from leaks helping users' safety. By enforcing strict protocols, it ensures that these companies are compelled to remove all stored data, enhancing user privacy and security. This accomplishment not only demonstrates our commitment to protecting personal information but also sets a new standard in data security and privacy management. The positive impact on users' digital safety and the proactive approach to addressing a widespread issue are key highlights of our achievement.

What we learned

We learned about how to implement skills in several areas that our team members had never worked in before. One was how to create a Chrome extension and its front end. We also learned how to web scrape in Python using BeautifulSoup and how to respond to dynamic elements in web scraping using Selenium. We see our newfound knowledge and comfortability with these topics unlocking a host of new possibilities as we continue coding and hacking in the future.

What's next for Achilles

We can see Achilles expanding with more features and automation. For example, we could have use our Chrome extension to scan websites and cookies as your browsing

Built With

• beautiful-soup
• chrome
• chromedriver
• django
• google-oauth
• html5
• mysql
• nextjs
• phpserver
• python
• react
• rest
• selenium
• web-scraping