Self-hosted, polyglot personal digital-footprint erasure. Find where your identity is exposed across the web, then exercise your data-protection rights to get it removed — the core of what Aura / DeleteMe / Incogni do, done locally, without a subscription, and with a wider surface.
SCAN ──▶ ERASE ──▶ MONITOR ──▶ HARDEN
(find) (opt out) (re-check) (reduce)
Scope & intent. Obscura operates on your own identity to help you exercise GDPR (Art. 17 / Art. 21) and CCPA/CPRA rights. Every profile carries an explicit self-attestation + consent timestamp, and nothing is dispatched without it. It is not a tool for investigating or removing information about other people, and it does not scrape or store third-party personal data. See SPEC.md.
Four cooperating modules, each in the language best suited to its job, decoupled
through a shared workspace (~/.obscura/) and stable JSON contracts:
| Module | Language | Job |
|---|---|---|
core/ |
Rust | The obscura binary you run. Owns the SQLite source-of-truth, orchestrates the pipeline, renders reports, serves the dashboard. |
recon/ |
Go | Concurrent exposure scan — username sweep across ~30 platforms, HaveIBeenPwned breach lookup, data-broker presence probing. |
broker/ |
Python | Opt-out engine — GDPR/CCPA letter generation (Jinja2), SMTP dispatch, optional Playwright form automation. Hard consent gate. |
dashboard/ |
TypeScript / React | Local offline console — footprint score, exposure map, opt-out timeline, monitor alerts. |
No module imports another; they meet only at the JSON contracts defined in SPEC.md. This build was scaffolded module-by-module with Codex against that single spec, then integrated and verified end-to-end.
# 1. Build the pieces
cd recon && go build -o obscura-recon ./cmd/obscura-recon && cd ..
cd broker && python -m pip install -e . && cd ..
cd dashboard && npm install && npm run build && cd ..
cd core && cargo build --release && cd ..
# 2. Create your profile (captures self-attestation + consent)
core/target/release/obscura init --name "Your Name" --email you@example.com \
--username yourhandle --city Austin --region TX --country US --yes
# 3. Scan for exposure → review → erase (dry-run first!)
obscura scan
obscura report --html # opens footprint score + exposure report
obscura erase --dry-run # shows exactly what would be sent
obscura erase --confirm # actually dispatches GDPR/CCPA requests
# 4. Watch it and reduce
obscura status # confirmation state of every request
obscura monitor # re-scan, diff, list new exposures
obscura dash # local dashboard at http://127.0.0.1:7666
obscura harden # footprint score + reduction checklistEverything lives under ~/.obscura/ (override with OBSCURA_HOME): the SQLite
DB (source of truth), the JSON I/O contracts (profile.json, findings.json,
requests.json, store.json), rendered reports, per-run snapshots for monitor
diffing, and saved confirmation receipts under evidence/. Secrets (HIBP key,
SMTP creds) go in ~/.obscura/config.toml and are never committed.
[hibp]
api_key = "..." # optional; breach lookup is skipped without it
[smtp]
host = "smtp.example.com"
port = 587
user = "you@example.com"
pass = "..."
from = "you@example.com"- Consent gate — no dispatch without
self_attestation:true+consent_ts. - Dry-run first —
eraseshows what would be sent; real dispatch needs--confirm. - Politeness — recon uses a bounded worker pool, per-host delay, and a descriptive User-Agent; it never hammers a host and never solves CAPTCHAs.
- Evidence, not trust — every dispatched request saves a receipt.
- No third-party PII — findings only ever concern your own identifiers.
.github/workflows/obscura.yml runs a monthly
footprint sweep in CI: it builds the modules, rebuilds your workspace from two
encrypted repo secrets (OBSCURA_PROFILE_JSON, OBSCURA_CONFIG_TOML), scans,
and does a dry-run erase. Real dispatch happens only on a manual run with the
confirm input checked — human-in-the-loop by design.
The workflow is written to be safe on a public repo: no personal data ever reaches the Actions log or an artifact (only non-PII broker slugs + request state via
obscura status). For full report output in CI, fork into a private repo.
All four modules build and test green, and the full cross-language pipeline
(init → scan → report → erase → dash) is verified against the shared contracts.
The broker registry in data/brokers.json ships 36
well-known US/EU brokers and people-search sites (26 people-search, 10 data
brokers) with real opt-out routes, meant to be extended and re-verified over time.
MIT.
