When you open ChatGPT or some other AI Chat website and start typing a message, you probably assume your words are private until you click Send. That's not always the case...
The chat website — like any website — runs JavaScript in your browser. That JavaScript has full access to every keystroke you make inside its native input field, in real time, as you type. This is by design: it powers features like auto-completion, resizing, and field validation. But it also means the page's own scripts — and potentially third-party scripts loaded by the page — can read your text at any moment and send it to a remote server...
See it for yourself
The video below demonstrates a real browser DevTools experiment: open the console on the ChatGPT page, and watch background request to ChatGPT server. This is not a vulnerability — it is just how the it works.
Live demo: text typed in the native chat input is immediately visible to in-page scripts.
How ChatWall solves this
ChatWall takes a fundamentally different approach. Instead of working inside the chat site's input field, it opens a secure editor overlay that runs in an isolated browser-extension context that the host website's scripts cannot access.
- You type your message in the ChatWall editor, not in the chat's native input.
- PII (names, emails, IBANs, phone numbers…) is detected and replaced with neutral tokens like
[NAME_1]entirely client-side. - Only the already-masked text is pasted into the chat input — the chat site never sees the original.
- All processing runs in your browser. No data is sent to our servers.
Open source & verifiable
We believe privacy tools must be auditable. ChatWall's source is available on GitHub so you can verify exactly what the extension does before you install it. The Trust page also explains how to use browser DevTools to confirm no sensitive data leaves your machine.
🛡️ Protect your prompts with ChatWall
Free to install. No account needed. Works on ChatGPT, Gemini, Claude, Grok, Copilot, and DeepSeek.
Download Free Extension →