Skip to content

Makeph/obscura

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Obscura

Self-hosted, polyglot personal digital-footprint erasure. Find where your identity is exposed across the web, then exercise your data-protection rights to get it removed — the core of what Aura / DeleteMe / Incogni do, done locally, without a subscription, and with a wider surface.

   SCAN ──▶ ERASE ──▶ MONITOR ──▶ HARDEN
  (find)   (opt out)  (re-check)  (reduce)

Obscura local dashboard — footprint score, exposure map, opt-out timeline, and monitor alerts

Scope & intent. Obscura operates on your own identity to help you exercise GDPR (Art. 17 / Art. 21) and CCPA/CPRA rights. Every profile carries an explicit self-attestation + consent timestamp, and nothing is dispatched without it. It is not a tool for investigating or removing information about other people, and it does not scrape or store third-party personal data. See SPEC.md.

Why polyglot

Four cooperating modules, each in the language best suited to its job, decoupled through a shared workspace (~/.obscura/) and stable JSON contracts:

Module Language Job
core/ Rust The obscura binary you run. Owns the SQLite source-of-truth, orchestrates the pipeline, renders reports, serves the dashboard.
recon/ Go Concurrent exposure scan — username sweep across ~30 platforms, HaveIBeenPwned breach lookup, data-broker presence probing.
broker/ Python Opt-out engine — GDPR/CCPA letter generation (Jinja2), SMTP dispatch, optional Playwright form automation. Hard consent gate.
dashboard/ TypeScript / React Local offline console — footprint score, exposure map, opt-out timeline, monitor alerts.

No module imports another; they meet only at the JSON contracts defined in SPEC.md. This build was scaffolded module-by-module with Codex against that single spec, then integrated and verified end-to-end.

Quick start

# 1. Build the pieces
cd recon     && go build -o obscura-recon ./cmd/obscura-recon && cd ..
cd broker    && python -m pip install -e . && cd ..
cd dashboard && npm install && npm run build && cd ..
cd core      && cargo build --release && cd ..

# 2. Create your profile (captures self-attestation + consent)
core/target/release/obscura init --name "Your Name" --email you@example.com \
    --username yourhandle --city Austin --region TX --country US --yes

# 3. Scan for exposure  →  review  →  erase (dry-run first!)
obscura scan
obscura report --html          # opens footprint score + exposure report
obscura erase --dry-run        # shows exactly what would be sent
obscura erase --confirm        # actually dispatches GDPR/CCPA requests

# 4. Watch it and reduce
obscura status                 # confirmation state of every request
obscura monitor                # re-scan, diff, list new exposures
obscura dash                   # local dashboard at http://127.0.0.1:7666
obscura harden                 # footprint score + reduction checklist

Workspace

Everything lives under ~/.obscura/ (override with OBSCURA_HOME): the SQLite DB (source of truth), the JSON I/O contracts (profile.json, findings.json, requests.json, store.json), rendered reports, per-run snapshots for monitor diffing, and saved confirmation receipts under evidence/. Secrets (HIBP key, SMTP creds) go in ~/.obscura/config.toml and are never committed.

Configuration (~/.obscura/config.toml)

[hibp]
api_key = "..."            # optional; breach lookup is skipped without it

[smtp]
host = "smtp.example.com"
port = 587
user = "you@example.com"
pass = "..."
from = "you@example.com"

Safety model

  • Consent gate — no dispatch without self_attestation:true + consent_ts.
  • Dry-run firsterase shows what would be sent; real dispatch needs --confirm.
  • Politeness — recon uses a bounded worker pool, per-host delay, and a descriptive User-Agent; it never hammers a host and never solves CAPTCHAs.
  • Evidence, not trust — every dispatched request saves a receipt.
  • No third-party PII — findings only ever concern your own identifiers.

Automation (optional)

.github/workflows/obscura.yml runs a monthly footprint sweep in CI: it builds the modules, rebuilds your workspace from two encrypted repo secrets (OBSCURA_PROFILE_JSON, OBSCURA_CONFIG_TOML), scans, and does a dry-run erase. Real dispatch happens only on a manual run with the confirm input checked — human-in-the-loop by design.

The workflow is written to be safe on a public repo: no personal data ever reaches the Actions log or an artifact (only non-PII broker slugs + request state via obscura status). For full report output in CI, fork into a private repo.

Status

All four modules build and test green, and the full cross-language pipeline (init → scan → report → erase → dash) is verified against the shared contracts. The broker registry in data/brokers.json ships 36 well-known US/EU brokers and people-search sites (26 people-search, 10 data brokers) with real opt-out routes, meant to be extended and re-verified over time.

License

MIT.

About

Self-hosted polyglot personal digital-footprint erasure suite (Rust + Go + Python + TypeScript). Scan exposure, exercise GDPR/CCPA opt-outs, monitor, harden.

Topics

Resources

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors