隱私政策

Last updated: July 2026

TLDR: FSB operates entirely within your browser. No browsing data is collected by FSB servers, and AI calls go directly from your browser to the provider you choose. API keys are encrypted locally with AES-GCM, and memory data stays on your device. The only data that ever leaves your machine for FSB is opt-out anonymous usage telemetry that powers the public /stats page. If you pair Remote Dashboard, transient live-preview frames can pass through the relay during the session, but they are not stored. Everything is open source and auditable.

資料收集

FSB operates entirely within your browser. When you initiate an automation task, the extension may inspect the active tab's DOM (Document Object Model) and, when you invoke a capability, make same-origin site API requests from your browser session.

  • 不收集或儲存當前會話之外的任何瀏覽歷史
  • DOM data and site API results are analyzed locally and discarded after each automation step unless you explicitly save them in memory
  • 不從你訪問的頁面採集任何個人資訊

Site API capabilities

FSB's capability layer can call a site's own first-party API from the page context, using your already-authenticated browser session. These requests run locally in Chrome; first-party cookies or site auth may be attached by the browser for that target site, but FSB does not return, store, log, or send cookies, tokens, CSRF values, request bodies, or response bodies to FSB servers.

Capability invocations follow FSB's consent controls and are recorded only in the redacted local audit log: origin, capability slug, method, side-effect class, consent decision, and outcome. The audit log never stores invocation arguments, request bodies, response bodies, cookies, tokens, CSRF values, or site response payloads.

FSB 請求的 Chrome 權限

為了執行網頁自動化,FSB 在其 Chrome 資訊清單中宣告以下權限。每項僅用於其記錄的用途;不會以任何一項為依據將資料傳送至裝置外。

  • DOM and tabs, activeTab, scripting, tabs, windows, sidePanel, and host permission <all_urls>: read and write the active tab, inject the automation content script, list and switch tabs, and render the side panel
  • Advanced automation, debugger: attach the Chrome DevTools Protocol for coordinate-based clicks, drag, and key-hold actions that the regular DOM API cannot perform. webNavigation: observe navigation start/finish events so automation waits for the right moment
  • Local storage, storage, unlimitedStorage: store your settings, credentials, payment methods, and memory in chrome.storage.local on your device. Unlimited storage lifts the default 10 MB quota so memory and session logs can grow without hitting a wall
  • UX helpers, clipboardWrite: write copy-to-clipboard results from automation. alarms: schedule background housekeeping. offscreen: host the speech-to-text recorder in a hidden document because service workers cannot capture audio directly

語音轉文字所需的麥克風存取權限在資訊清單中宣告。當你首次使用麥克風按鈕時,Chrome 會自行顯示權限提示。

資料儲存

所有設定和資料都儲存在 Chrome 擴充套件的本地儲存中。FSB 對 API Key 等敏感資料使用 AES-GCM 加密。

  • 配置儲存在 chrome.storage.local
  • API Key 在儲存前會使用 AES-GCM 加密
  • 會話日誌儲存在本地,可隨時清除
  • 分析資料(任務計數、成功率)保留在你的裝置上

外部服務

FSB 僅在你配置並使用託管提供商時,才與外部 AI 提供商通訊。如果你使用 LM Studio,AI 請求會透過其本地 OpenAI 相容伺服器留在本機。提供商選擇與傳送的資料完全由你掌控。

  • 託管 API 呼叫只會發往你選擇的提供商(xAIOpenAIAnthropicGoogleOpenRouter)
  • LM Studio 在你的裝置上使用本地 OpenAI 相容伺服器,且無需 API Key
  • Sent data includes: task description, DOM structure summary, and action context
  • If you pair Remote Dashboard or use legacy Background Agents sync, an optional relay server handles WebSocket messages for that session. Live-preview frames may pass through the relay transiently, but page content, DOM data, screenshots, AI prompts, AI responses, cookies, tokens, and site API payloads are not persisted on the server. This is opt-in only
  • 每個提供商都有自己的隱私政策,規定其如何處理 API 請求

Remote Dashboard and PhantomStream Live Preview

When you pair Remote Dashboard, FSB can show a live preview of the active browser tab using PhantomStream. The preview streams structured DOM data instead of pixels: an initial snapshot, MutationObserver diffs, scroll position, automation overlays, dialog state, media playback state, and remote-control messages over WebSocket.

  • The relay forwards those live-preview frames only to the paired dashboard session. FSB servers do not persist page DOM, page content, screenshots, AI prompts, AI responses, cookies, tokens, or site API payloads from the preview stream
  • FSB enables PhantomStream input masking (maskInputs: true), so passwords and form-control values are masked before they leave the captured page
  • The dashboard viewer renders mirrored content in a scriptless sandbox and sanitizes mirrored DOM and CSS before display
  • Images, video, and audio are mirrored by reference in current dashboard mode. Media bytes do not cross the relay; the viewer may fetch allowed public HTTPS asset or media URLs directly, while private, internal, non-HTTPS, or otherwise blocked origins are replaced with placeholders by PhantomStream's fail-closed fetch policy

無第三方跟蹤

FSB 不包含任何第三方分析、廣告追蹤器或跨站指紋識別。除你顯式設定的 AI 提供商 APIs 之外,沒有 Cookie,也沒有第三方指令碼。FSB 向自身傳送的唯一第一方資料是下方描述的可選退出的匿名使用遙測,僅用於驅動公開的 /stats 儀表板。

API Key

你的 API Key 會在儲存前透過 AES-GCM 在本地加密。除了你配置的 AI 提供商之外,絕不會傳送到任何地方,且只在 API 請求的身份驗證頭中使用。

  • Key 在 Chrome 儲存中以加密形式靜態儲存
  • 僅在 API 呼叫時在記憶體中解密
  • Key 絕不會被記錄、匯出或共享

自動密碼

FSB 提供可選的憑據管理器,將登入憑據加密儲存到你的裝置。密碼不會暴露給 AI 模型,而是由內容指令碼直接填入頁面,完全繞過 AI。

  • 憑據在靜態儲存時使用 256 位金鑰和 PBKDF2 派生金鑰的 AES-GCM 加密
  • AI 分析頁面時,密碼欄位的值會被替換為 [hidden]。真實密碼絕不會出現在任何 AI 提示中
  • Auto-fill is performed by the content script injecting values directly into the DOM, with no AI involvement in the credential flow
  • 憑據列表檢視僅顯示使用者名稱和域名。密碼只在自動填充需要時單獨解密
  • 憑據按域名儲存,並具備父域回退(例如 accounts.google.com 會繼承 google.com)

付款方式

FSB 包含一個可選的付款方式保險庫,將卡片資訊保存在你的裝置上以便結帳時自動填入。卡片採用與登入憑證相同的加密與 AI 隔離機制,完整的卡號絕不會傳送給任何 AI 模型。

  • 卡片資訊(卡號、有效期限、持卡人與郵遞區號)使用與憑證相同的保險庫衍生金鑰,透過 AES-GCM 在靜態時加密
  • 當 AI 分析結帳頁面時,偵測到的卡號欄位值會在建立提示之前被替換為 [hidden]。卡號、CVV 和有效期限絕不會被納入任何 AI 提示之中
  • 自動填入由內容指令碼直接寫入頁面的 DOM 欄位完成,完全繞過 AI
  • 清單檢視僅顯示卡片暱稱與後 4 碼。完整卡號僅在填入的當下在記憶體中解密
  • MCP 用戶端可透過 use_payment_method 請求執行付款自動填入,但在任何卡片資料寫入頁面之前,會在擴充套件內向使用者顯示確認提示
  • 除非你為某張卡片明確啟用,否則 CVV 永遠不會被持久保存;即使啟用,也會與紀錄的其餘部分一同加密

語音轉文字

FSB 在提示輸入框中包含一個可選的麥克風輸入。預設提供者完全在你的瀏覽器中執行;若你需要更高的準確性,可於設定中啟用可選的 OpenAI Whisper 後備方案。

  • Default provider: the browser's native SpeechRecognition API. Audio is processed by Chrome and never leaves your device through FSB
  • 可選的 Whisper 提供者:當 sttProvider 設定為 whisper 且已設定 OpenAI 金鑰時,錄製的音訊片段會從你的瀏覽器直接上傳到 OpenAI 的轉錄端點。FSB 從不查看或保存該音訊
  • 麥克風僅在你按住或已切換開啟麥克風按鈕期間處於作用狀態。首次使用時 Chrome 會要求權限;FSB 不會在擴充套件資訊清單中要求麥克風存取權限
  • 轉錄結果僅插入到提示文字框中,絕不會在你選擇傳送的作用中 AI 請求之外被記錄、保存或傳輸
  • 透過不觸碰麥克風按鈕,或在 Chrome 擴充套件儲存中清除可選的 Whisper 提供者,即可完全停用語音功能

防止提示詞注入

網頁可能包含旨在劫持 AI 智慧體的隱藏文字。FSB 透過多層防禦確保 AI 只遵循你的指令,絕不執行嵌入在頁面內容中的指令。

  • 所有頁面內容都被包裹在 [PAGE_CONTENT] 邊界標記內,並指示 AI 永遠不要執行其中的指令
  • 在內容到達 AI 之前,清洗引擎會剝離已知的注入模式(例如“忽略以上指令”、偽造的系統提示、覆蓋請求)
  • AI 生成的動作會在執行前進行驗證。危險 URL(javascript:data:)和指令碼注入嘗試將被阻止
  • Only a strict, fixed allowlist of known tools can be executed. The AI cannot invent or call arbitrary actions
  • 內容大小有上限(單值 500 字元,提示總上限 15K),限制有效載荷投遞
  • 網站嵌入的不可見 Unicode 控制字元會在處理前被剝離

後臺智慧體與伺服器同步

Deprecated in v0.9.45rc1. FSB's built-in Background Agents have been superseded by OpenClaw and Claude Routines, with remote control now handled by the Sync tab. The disclosures below are retained for users still running v0.9.44 or earlier; on current builds the relay server is only contacted when you pair a Sync session.

If you opt into legacy Background Agents server sync or pair Remote Dashboard, a relay server facilitates communication between your extension and the dashboard.

  • 伺服器會儲存:智慧體定義(名稱、計劃、目標 URL)、執行指標(Token 數、成本、時長、成功/失敗狀態)、會話配對令牌
  • The server does NOT persist: page content, DOM data, browsing history, screenshots, AI prompts, AI responses, cookies, tokens, site API payloads, or other data from the pages you visit
  • 身份驗證使用本地生成的雜湊 Key,以及 24 小時後失效的會話令牌
  • 一次性配對令牌在 60 秒後失效,無法重複使用
  • 伺服器同步預設關閉,需要你在“選項”中顯式啟用

記憶系統

FSB 的記憶系統會沉澱導航模式和站點情報,讓自動化隨時間持續最佳化。

  • 所有記憶資料(語義、情景、過程)都儲存在 chrome.storage.local
  • 記憶資料不會傳送到任何外部伺服器
  • 你可在選項控制檯中隨時檢視並清除記憶
  • 站點地圖和導航模式按域名隔離,互不影響

匿名使用遙測

FSB v0.9.69 引入了一個可選擇退出的匿名使用情況遙測管道,讓專案可以發布彙總的採用數據(參見 /stats),且絕不觸及你瀏覽的頁面。唯一的位置訊號是伺服器在接收時從你的請求 IP 衍生出的粗略國家/州標籤(絕不來自頁面內容),且僅以彙總形式保留——參見下方的 地區(州級)指標。遙測預設開啟,但可透過單一開關停用,並且可應請求刪除每次安裝的數據。

我們收集的內容

  • 每次安裝隨機產生的 UUID,儲存於 chrome.storage.local 的鍵 fsbInstallUuid 之下。UUID 於本機產生,永遠不會與你的身分關聯。
  • 所使用的 MCP 用戶端名稱(例如 Claude CodeCursorCodex),取自固定的允許清單。
  • 工作階段中使用的模型名稱(例如 grok-4-fastclaude-opus-4),取自固定的允許清單。
  • 每個工作階段的輸入/輸出 token 數量聚合值。
  • 你的安裝上活躍的 FSB 代理數量(一個整數值)。

我們不收集的內容

  • 頁面 URLs、主機名稱或瀏覽歷史紀錄。
  • 提示、指令、工作描述,或你傳送給模型供應商的任何自然語言文字。
  • Page DOM, screenshots, page content, site API payloads, or AI responses.
  • 明文 IP 位址。伺服器僅出於兩個目的暫時且內聯地使用請求 IP——用於限流的每日輪換加鹽雜湊,以及衍生粗略的國家/州標籤(見下文)——隨後立即將其丟棄。明文 IP 絕不會被儲存或記錄。
  • 姓名、使用者名稱、帳號代號,或任何自由文字身分欄位。
  • 電子郵件地址、電話號碼,或聯絡資訊。

地區(州級)指標

  • 伺服器在接收時,使用自我託管的 DB-IP IP-to-City Lite 資料集和我們自己的查找邏輯,從你的請求 IP 衍生出粗略的國家和美國州(行政區)標籤——並非即時的第三方地理定位服務,也絕不是 MaxMind。明文 IP 會被內聯處理並丟棄;僅保留衍生出的標籤。
  • 地區儲存在每日彙總中,且位於 k≥5 的匿名閾值之後:某一天內不同安裝數少於 5 的任何州都會合併到單一「Other」桶中(當該合併計數本身低於 5 時則完全抑制)。任何單一州標籤都絕不會代表少於 5 次安裝。
  • 不存在按安裝的位置剖析。粗略標籤僅存在於短暫的原始事件(由 7 天保留策略刪除)和經 k≥5 過濾的每日彙總中;我們絕不建立或保留從你的安裝到某個地點的持久對應。地理定位數據來自 DB-IPhttps://db-ip.com)。

保留期

原始事件保留 7 天。每日彙總(每安裝每天一列)保留 365 天。全域聚合(每天一列,無按安裝維度)無限期保留,以便 /stats 上的歷史圖表保持穩定。

如何選擇退出

開啟 FSB 控制面板,捲動至「進階設定」,將 傳送匿名使用資料 開關關閉。變更立即生效;之後不會再從你的安裝傳送事件。

如何抹除你的資料

To request erasure of all telemetry rows associated with your install (GDPR Article 17), look up your fsbInstallUuid in Chrome DevTools → Application → Storage → Extension storage, then send a single HTTP request:

curl -X POST -H "Content-Type: application/json" \
  -d '{"install_uuid":"<your-uuid>"}' \
  https://full-selfbrowsing.com/api/telemetry/forget

Limited Use 合規聲明

FSB 的匿名使用遙測僅用於計算在 full-selfbrowsing.com/stats 公開展示的聚合使用統計。資料從不出售、從不與第三方共享、從不用於廣告,且從不用於訓練任何機器學習模型。此承諾滿足 Chrome Web StoreLimited Use 要求。

聚合的公開指標

我們在 /stats 發布來自此遙測管線的聚合指標。僅展示計數和總數;每安裝的列從不公開。

FSB's automation posture is opt-out: non-denylisted origins inherit a user-configurable global default that currently ships as Auto, while explicit per-origin policies can set an origin to Off, Ask, or Auto. Audit-log retention is local and bounded, with export and clear controls available from the Control Panel.

  • The service denylist is still a hard block. Denied origins are non-enableable regardless of the global default or any stored per-origin policy.
  • Sensitive origins can run reads under Auto, but writes re-enforce the per-origin mutating opt-in before execution. Non-sensitive origins can be opted out or moved to Ask from the Control Panel's Consent & Audit section.
  • 每次能力呼叫都會記錄於經過遮蔽、僅可附加的本機稽核日誌中。絕不會儲存任何引數、權杖、Cookie 或回應內容。

開源

FSB is fully open source under the BSL 1.1 License. You can audit every line of code to verify these privacy claims. The source code is available on GitHub.

本政策的變更

若本政策更新,變更將體現在頁面頂部的“最後更新”日期。重要變更也會在專案的 GitHub 釋出說明中註明。

聯絡方式

If you have questions about this privacy policy or FSB's data handling, please open an issue on GitHub Issues.

政策歷史

Each entry below is a complete snapshot of the privacy policy as it stood on the date shown. Older versions are kept so you can audit what we promised at any point in time.

March 2026v9.0.2 — Background Agents, Memory System, Server Sync, Anonymous Usage Telemetry, Legal Posture (full archived text)

Archived copy of the privacy policy as it stood in March 2026, before the May 2026 update. This snapshot preserves the then-current policy body, including later telemetry and legal-posture additions that were present on the Angular page before this archive pass.

TLDR FSB operates entirely within your browser. No browsing data is collected. API keys are encrypted locally with AES-GCM. AI calls go directly from your browser to the provider you choose. The optional relay server for Background Agents stores only run metadata, never page content. Memory data stays on your device. Everything is open source and auditable.

Data Collection

FSB operates entirely within your browser. The extension only accesses the DOM (Document Object Model) of the currently active tab when you initiate an automation task.

  • No browsing history is collected or stored beyond the current session
  • DOM data is analyzed locally and discarded after each automation step
  • No personal information is harvested from pages you visit

Data Storage

All settings and data are stored locally in Chrome's extension storage. FSB uses AES-GCM encryption for sensitive data like API keys.

  • Configuration is stored in chrome.storage.local
  • API keys are encrypted before storage using AES-GCM
  • Session logs are stored locally and can be cleared at any time
  • Analytics data (task counts, success rates) stays on your device

External Services

FSB communicates with external AI providers only when you configure and use a hosted provider. If you use LM Studio, AI requests stay on your machine through its local OpenAI-compatible server. The choice of provider and what data is sent is under your control.

  • Hosted API calls are made only to the provider you select (xAI, OpenAI, Anthropic, Google, or OpenRouter)
  • LM Studio uses a local OpenAI-compatible server on your device and does not require an API key
  • Sent data includes: task description, DOM structure summary, and action context
  • If you use the Remote Dashboard or Background Agents sync, an optional relay server handles WebSocket messages and stores agent run metadata (task name, cost, duration, success/fail). No page content, DOM data, or AI responses are stored on the server. This is opt-in only
  • Each provider has their own privacy policy governing how they handle API requests

No Tracking

FSB does not include any analytics, telemetry, or tracking services. There are no cookies, no fingerprinting, and no third-party scripts beyond the AI provider APIs you explicitly configure.

API Keys

Your API keys are encrypted locally using AES-GCM before being stored. They are never transmitted anywhere except to the AI provider you configured, and only as authentication headers in API requests.

  • Keys are encrypted at rest in Chrome storage
  • Decryption only happens in-memory when making API calls
  • Keys are never logged, exported, or shared

Auto-Passwords

FSB includes an optional credential manager that stores login credentials encrypted on your device. Passwords are never exposed to AI models. They are filled directly into pages by the content script, bypassing the AI entirely.

  • Credentials are encrypted at rest using AES-GCM with 256-bit keys and PBKDF2 key derivation
  • When the AI analyzes a page, password field values are replaced with [hidden]. The actual password is never included in any AI prompt
  • Auto-fill is performed by the content script injecting values directly into the DOM, with no AI involvement in the credential flow
  • The credential list view only shows usernames and domains. Passwords are decrypted individually and only when needed for auto-fill
  • Credentials are stored per-domain with parent domain fallback (e.g., accounts.google.com inherits from google.com)

Prompt Injection Prevention

Web pages can contain hidden text designed to hijack AI agents. FSB implements multi-layered defenses to ensure the AI only follows your instructions, never instructions embedded in page content.

  • All page content is wrapped in [PAGE_CONTENT] boundary markers, and the AI is instructed to never follow instructions found within these markers
  • A sanitization engine strips known injection patterns (e.g., "ignore previous instructions", fake system prompts, override attempts) from all page content before it reaches the AI
  • AI-generated actions are validated before execution. Dangerous URLs (javascript:, data:) and script injection attempts are blocked
  • Only a strict allowlist of 50+ known tools can be executed. The AI cannot invent or call arbitrary actions
  • Content size is capped (500 chars per value, 15K total prompt cap) to limit payload delivery
  • Invisible Unicode control characters that websites embed are stripped before processing

Background Agents and Server Sync

If you opt into Background Agents server sync or Remote Dashboard pairing, a relay server facilitates communication between your extension and the dashboard.

  • The server stores: agent definitions (name, schedule, target URL), run metrics (token count, cost, duration, success/fail status), and session pairing tokens
  • The server does NOT store: page content, DOM data, browsing history, AI prompts, AI responses, or any data from the pages you visit
  • Authentication uses hash keys (generated locally) and session tokens that expire after 24 hours
  • One-time pairing tokens expire after 60 seconds and cannot be reused
  • Server sync is disabled by default. You must explicitly enable it in Options

Memory System

FSB's memory system stores navigation patterns and site intelligence to improve automation over time.

  • All memory data (semantic, episodic, procedural) is stored locally in chrome.storage.local
  • No memory data is sent to any external server
  • Memory can be viewed and cleared at any time from the Options dashboard
  • Site maps and navigation patterns are domain-specific and isolated from each other

Anonymous Usage Telemetry

FSB v0.9.69 introduced an opt-out anonymous usage telemetry pipeline so the project can publish aggregate adoption numbers (see /stats) without ever touching the pages you browse. Telemetry is on by default but can be disabled with a single toggle, and the per-install data can be erased on request.

What we collect

  • A random per-install UUID stored in chrome.storage.local under the key fsbInstallUuid. The UUID is generated locally and never tied to your identity.
  • The name of the MCP client used (e.g. Claude Code, Cursor, Codex), drawn from a fixed allowlist.
  • The model name used for a session (e.g. grok-4-fast, claude-opus-4), drawn from a fixed allowlist.
  • Aggregate input/output token counts per session.
  • The number of active FSB agents on your install (an integer count).

What we do NOT collect

  • Page URLs, hostnames, or browsing history.
  • Prompts, instructions, task descriptions, or any natural-language text you send to your model provider.
  • Page DOM, screenshots, page content, or AI responses.
  • Plaintext IP addresses. The server hashes the request IP with a daily-rotating salt for rate limiting and discards it.
  • Names, usernames, account handles, or any free-form identity fields.
  • Email addresses, phone numbers, or contact information.

Retention

Raw events are retained for 7 days. Daily rollups (one row per install per day) are retained for 365 days. Global aggregates (one row per day, no per-install dimension) are retained indefinitely so historical charts on /stats remain stable.

How to opt out

Open the FSB Control Panel, scroll to Advanced Settings, and toggle Send anonymous usage data off. The change takes effect immediately; no further events will be sent from your install.

How to erase your data

To request erasure of all telemetry rows associated with your install (GDPR Article 17), look up your fsbInstallUuid in Chrome DevTools → Application → Storage → Extension storage, then send a single HTTP request:

curl -X POST -H "Content-Type: application/json" \
  -d '{"install_uuid":"<your-uuid>"}' \
  https://full-selfbrowsing.com/api/telemetry/forget

Limited Use affirmation

FSB's anonymous usage telemetry is used only to compute aggregate usage statistics displayed publicly at full-selfbrowsing.com/stats. The data is never sold, never shared with third parties, never used for advertising, and never used to train any machine-learning models. This commitment satisfies the Chrome Web Store's Limited Use requirement.

Aggregated public metrics

We publish aggregated metrics derived from this telemetry pipeline at /stats. Only counts and totals are shown; no per-install row is ever exposed.

Legal Posture and Consent Model

FSB's automation posture, audit-log retention, and per-origin consent model were presented as explicit product controls. FSB does nothing on an origin until you explicitly allow it, automated read access never implies write access, and a conservative service denylist blocks automation on sensitive categories (financial and government services) outright.

  • Per-origin consent is default-off. Auto and write (mutating) access are separate, explicit opt-ins managed from the Control Panel's Consent & Audit section.
  • Every capability call is recorded in a redacted, append-only local audit log. No arguments, tokens, cookies, or response bodies are ever stored.
  • A service denylist renders sensitive origins non-enableable, enforced at the capability gate and not merely in the interface.

Open Source

FSB is fully open source under the BSL 1.1 License. You can audit every line of code to verify these privacy claims. The source code is available on GitHub.

Changes to This Policy

If this policy is updated, the changes will be reflected by the "Last updated" date at the top of this page. Significant changes will also be noted in the project's GitHub release notes.

Contact

If you have questions about this privacy policy or FSB's data handling, please open an issue on GitHub Issues.

February 2026v0.9 — Initial privacy policy (full archived text)

Archived copy of the initial privacy policy as it stood in February 2026. This snapshot is reproduced from the original static showcase page, with the page chrome removed and the policy content preserved.

Data Collection

FSB operates entirely within your browser. The extension only accesses the DOM (Document Object Model) of the currently active tab when you initiate an automation task.

  • No browsing history is collected or stored beyond the current session
  • DOM data is analyzed locally and discarded after each automation step
  • No personal information is harvested from pages you visit

Data Storage

All settings and data are stored locally in Chrome's extension storage. FSB uses AES-GCM encryption for sensitive data like API keys.

  • Configuration is stored in chrome.storage.local
  • API keys are encrypted before storage using AES-GCM
  • Session logs are stored locally and can be cleared at any time
  • Analytics data (task counts, success rates) stays on your device

External Services

FSB communicates with external AI providers only when you configure and use them. The choice of provider and what data is sent is under your control.

  • API calls are made only to the provider you select (xAI, OpenAI, Anthropic, or Google)
  • Sent data includes: task description, DOM structure summary, and action context
  • No data is sent to FSB servers -- there are none
  • Each provider has their own privacy policy governing how they handle API requests

No Tracking

FSB does not include any analytics, telemetry, or tracking services. There are no cookies, no fingerprinting, and no third-party scripts beyond the AI provider APIs you explicitly configure.

API Keys

Your API keys are encrypted locally using AES-GCM before being stored. They are never transmitted anywhere except to the AI provider you configured, and only as authentication headers in API requests.

  • Keys are encrypted at rest in Chrome storage
  • Decryption only happens in-memory when making API calls
  • Keys are never logged, exported, or shared

Auto-Passwords Beta

FSB includes an optional credential manager that stores login credentials encrypted on your device. Passwords are never exposed to AI models -- they are filled directly into pages by the content script, bypassing the AI entirely.

  • Credentials are encrypted at rest using AES-GCM with 256-bit keys and PBKDF2 key derivation
  • When the AI analyzes a page, password field values are replaced with [hidden] -- the actual password is never included in any AI prompt
  • Auto-fill is performed by the content script injecting values directly into the DOM, with no AI involvement in the credential flow
  • The credential list view only shows usernames and domains -- passwords are decrypted individually and only when needed for auto-fill
  • Credentials are stored per-domain with parent domain fallback (e.g., accounts.google.com inherits from google.com)

Prompt Injection Prevention

Web pages can contain hidden text designed to hijack AI agents. FSB implements multi-layered defenses to ensure the AI only follows your instructions, never instructions embedded in page content.

  • All page content is wrapped in [PAGE_CONTENT] boundary markers, and the AI is instructed to never follow instructions found within these markers
  • A sanitization engine strips known injection patterns (e.g., "ignore previous instructions", fake system prompts, override attempts) from all page content before it reaches the AI
  • AI-generated actions are validated before execution -- dangerous URLs (javascript:, data:) and script injection attempts are blocked
  • Only a strict allowlist of 30+ known tools can be executed -- the AI cannot invent or call arbitrary actions
  • Content size is capped (500 chars per value, 15K total prompt cap) to limit payload delivery
  • Invisible Unicode control characters that websites embed are stripped before processing

Open Source

FSB is fully open source under the MIT License. You can audit every line of code to verify these privacy claims. The source code is available on GitHub.

View the source code on GitHub

Summary

FSB processes data locally, encrypts sensitive information, never exposes passwords to AI models, defends against prompt injection attacks, communicates only with AI providers you choose, includes no tracking, and is fully auditable as open source software.