Protecting older adults from AI-powered scams with Chrome’s built-in Gemini Nano APIs. ScamLight analyses text, images, and audio entirely on-device, explains risks in plain language, and gives seniors the confidence to browse without fear.
- Why ScamLight?
- Features
- Quick Start
- Try the Guided Demo
- How It Works
- Testing & Quality Assurance
- User Research Highlights
- Roadmap
- Repo Structure
- Contributing
- License
- Acknowledgements
- Older adults in the United States lose $3 billion+ every year to scams that increasingly rely on AI voice cloning, deepfake videos, and perfectly written phishing emails.
- Traditional security tools focus on malware and malicious URLs; modern scams happen on legitimate platforms like Gmail, Facebook, Amazon, or YouTube.
- Interfaces filled with jargon, tiny fonts, and confusing alerts exclude seniors, leading to loss of independence and trust.
ScamLight gives older adults a browser-native guardian that respects their privacy, teaches them what scammers are doing, and keeps the experience dignified and accessible.
- Real-time badge alerts — every page is scanned automatically; the toolbar badge highlights Low, Medium, or High risk within seconds.
- Quick Safety Check — paste suspicious text, drop in images, or upload voicemails directly in the popup for on-device analysis.
- Plain-language explanations — Chrome’s Summarizer API adds a “Key Takeaway,” and ScamLight highlights the specific scam tactics it found.
- On-device privacy — all analysis runs with Gemini Nano locally; no content ever leaves the machine.
- Multilingual support — when Chrome’s Translator API is available, explanations can be viewed in Spanish, French, or German (gracefully falling back to English if not).
- Accessibility-first experience — Large Text toggle, Read Aloud button (Web Speech API), keyboard navigation, and color+shape indicators for color-blind users.
- Educational-by-design — every warning explains the scam tactic, building long-term digital literacy instead of fear.
A short screencast will be published with the Devpost submission. (Link coming soon.)
-
Clone and install
git clone https://github.com/yourusername/scamlight.git cd scamlight npm install -
Build the extension
npm run build
-
Load into Chrome
- Go to
chrome://extensions/ - Enable Developer mode
- Click Load unpacked and select
scamlight/dist - Pin the ScamLight shield icon so it’s easy to see alerts
- Go to
-
(Optional) Enable Gemini Nano flags for full AI support:
chrome://flags/#optimization-guide-on-device-modelchrome://flags/#prompt-api-for-gemini-nano
Use the local test pages (found in test-pages/) to see ScamLight’s behaviour:
| Scenario | Page / Action | Expected Outcome |
|---|---|---|
| High-risk phishing | test-pages/ai-generated.html |
Badge switches to High risk, popup shows urgency & credential requests |
| Legitimate content | test-pages/human-written.html |
Badge stays Low with reassuring explanation |
| Ambiguous professional tone | test-pages/ambiguous-professional.html |
Badge shows Medium risk |
| Quick Safety Check — text | Paste a suspicious email into the popup | Popup analysis mirrors page scan |
| Quick Safety Check — image | Upload a fake giveaway screenshot | Highlights QR bait, urgency, or fake UI |
| Quick Safety Check — audio | Upload AI-cloned voicemail | Flags urgent tone and scripted cadence |
| Accessibility | Toggle Large Text or Read Aloud | UI scales to 20 px; speech synthesis plays |
| Multilingual | Switch language selector | Inline translation to ES/FR/DE |
Additional testing tips
- Open the service worker console (
chrome://extensions→ ScamLight → Service Worker) to confirm whether Gemini Nano ran (analysisMode: full) or heuristics took over. - To simulate Gemini being offline, disable the Prompt API flags and reload—ScamLight still warns users and clearly labels that AI features are unavailable.
- Exercise the accessibility controls by tabbing through the popup, toggling Large Text, and pressing Read Aloud. Switching languages updates all text instantly without reloading.
┌────────────┐ ┌────────────────────┐ ┌────────────────────────┐
│ Content │ │ Service Worker │ │ React Popup UI │
│ Script ├────► │ (Gemini + Heuristics├────► │ (Quick Safety Check, │
│ (extracts │ │ + Badge + Storage) │ │ evidence, accessibility)│
└────────────┘ └────────────────────┘ └────────────────────────┘
- Content script gathers visible text, high-signal images, and audio sources for each page.
- Service worker coordinates heuristic detectors and Chrome AI calls, updates the badge, and caches per-tab results.
- React popup presents explanations, evidence, safety tips, accessibility controls, and manual file analysis.
| API | Role in ScamLight |
|---|---|
| Prompt API (Gemini Nano) | Analyses text for scam tactics; structured JSON ensures consistent outputs. Multimodal hooks are ready once rolled out in Chrome Stable. |
| Summarizer API | Produces a one-sentence “Key Takeaway” that leads the alert. |
| Proofreader (Rewriter) API | Supplies a “perfect grammar” signal, which boosts AI suspicion scores when text is unnaturally flawless. |
| Translator API | Provides instant translations for explanations and evidence with zero network calls. |
- Large text (18–20 px) and high-contrast “Trusted Guardian” colour palette.
- Keyboard-only navigation and ARIA labelling for screen readers.
- Shape-coded badges (circle, triangle, square) for colour-blind users.
- Read Aloud via Web Speech API for low-vision or fatigued readers.
- Quick Safety Check prevents the need to copy/paste sensitive content into third-party tools.
- Automated build:
npm run build - Type safety:
npm run typecheck - Optional:
npm run devfor hot rebuilds during UI iteration
Detector decisions and timing are visible in the service worker console (chrome://extensions → ScamLight → Service Worker).
- Swap heuristic image/audio detectors for the multimodal Prompt API as soon as Chrome exposes it broadly.
- Warn before sending or forwarding suspicious content (for example, Gmail Drafts integration).
- Offer optional, anonymised community submissions to improve detection while preserving privacy.
- Remember trusted senders/scammers so families can tag common threats together.
- Package for the Chrome Web Store and partner with senior centres, libraries, and credit unions.
scamlight/
├── public/ # Icons and static assets
├── src/
│ ├── ai/ # Prompt, Summarizer, Proofreader, Translator clients
│ ├── detection/ # Unicode, linguistic, scam, image, audio heuristics
│ ├── popup/ # React UI (Quick Safety Check, accessibility controls)
│ ├── content.ts # Page extractor
│ ├── sw.ts # Background service worker orchestrator
│ └── types.ts # Shared types & constants
├── test-pages/ # Demo scenarios for judges
└── ...
ScamLight was built for the Google Chrome Built-in AI Challenge 2025. Bug reports and suggestions are welcome via GitHub issues. Larger enhancements (e.g., adding new heuristics or languages) should start with an issue so we can triage after the hackathon submission window.
This project is licensed under the MIT License.
- Google Chrome team for early access to Gemini Nano APIs.
- Seniors who participated in our usability sessions and shaped the accessibility strategy.
- The broader gerontechnology community advocating for inclusive AI.
“I don’t feel stupid anymore. Now I have a tool to help me.” — Participant, age 72
ScamLight helps vulnerable internet users feel safe, informed, and independent again. If you’re excited to partner, reach out through the repo’s issue tracker.