Open Source & Verification
Both our open-source crypto library and source-available extension are publicly accessible for independent verification. Here's how you can prove our encryption works and confirm we never collect your data.
@encryptedclipboard/crypto
Dependency-free: Our encryption library uses only the browser's native Web Crypto API. No external dependencies means fewer attack vectors and easier verification.
Chrome Extension Source
Publicly auditable: The entire extension source code is available under the PolyForm Noncommercial license. Security researchers, enterprises, and users can review every line — confirming that we collect nothing and encrypt everything.
Verify It Yourself
We believe security should never be a black box. Here's how you can verify our zero-knowledge claims:
1 Network Tab Inspection
- 01
Right-click the extension icon and select Manage Extension.
- 02
Enable Developer Mode and click on the service worker link under 'Inspect views'.
- 03
Go to the Network tab.
- 04
Copy some text — you'll see a request sent to our API.
- 05
Inspect the payload: it contains only unreadable ciphertext. Your raw data never leaves your browser.
2 AI Code Analysis
Modern AI models can analyze minified Chrome extension builds and determine exactly what the code does. You can:
- 01
Download the extension's source code from the Chrome Web Store (via CRX extractor or similar tools).
- 02
Paste the minified code into ChatGPT, Claude, or any AI coding assistant.
- 03
Ask: "Does this code send any clipboard content in plain text to any server? Does it steal user data?"
- 04
The AI will confirm that our extension only sends encrypted data and never transmits your actual clipboard content.
3 Browse Source on GitHub
No need to extract CRX files or run AI analysis. The complete, human-readable source code is on GitHub for anyone to browse:
- 01
- 02
Browse every directory — background service worker, sidebar UI, palette, content scripts, offscreen document, and build config.
- 03
Search for
fetch,XMLHttpRequest, oranalytics— confirm zero tracking, zero data collection. - 04
Check the commit history — no last-minute injection of hidden code. Every change is documented.
Why Browser Extensions Are More Transparent
Unlike desktop or mobile applications that compile to unreadable binaries, Chrome extensions remain as JavaScript, HTML, and CSS files that can be inspected by anyone — including AI.
| Platform | Code Type | Human Readable | AI Scannable |
|---|---|---|---|
| Desktop App | Binary/Compiled | ❌ No | ❌ No |
| Mobile App | Binary/Compiled | ❌ No | ❌ No |
| Chrome Extension | Minified JS | ⚠️ Partially | ✅ Yes |
Our Extension: Un-minified Encryption Library
We've specifically disabled webpack minification for our encryption library in the build process. This means:
You can directly search for
@encryptedclipboard/cryptoin our extension's .js filesThe library is imported and used in plain, readable code — not hidden behind minified blobs
Finding our encryption usage takes seconds, not hours of reverse engineering
How to Find Our Encryption Library in the Build
- 01
Download the extension CRX file from the Chrome Web Store (using a CRX extractor tool).
- 02
Extract the .zip and navigate to the folder containing the built JavaScript files.
- 03
Open any
.jsfile in a text editor or use grep/search. - 04
Search for
encryptedclipboard/crypto,CryptoEngine,encryptData, ordecryptData. - 05
You'll find the import statement showing exactly where and how we use our open source encryption library.
Yes! The entire extension source code is publicly available on GitHub under the PolyForm Noncommercial 1.0.0 license. Anyone can read every line, verify the encryption, and confirm zero data collection.
The license restricts commercial redistribution (someone can't repackage and sell my work), but the code is fully visible and auditable. The encryption core remains separately open source under Apache 2.0.
Absolutely. I'm fully open to any official security team or independent researcher auditing my codebase. I've nothing to hide — my zero-knowledge architecture means I physically cannot access user data even if I wanted to.
As a solo founder, I can't currently afford formal paid security audits, but I welcome any volunteer security researchers to review the code. If you're a security professional interested in auditing our encryption implementation, please reach out.
Security Researchers & Partners
Interested in security research or partnership opportunities? We'd love to hear from you.
support@encryptedclipboard.app