What I learned building Sorinify — a privacy-first anti-phishing extension

After almost a decade of experience as a developer, I have been working on Sorinify for a while now and I want to be upfront: I am here looking for honest feedback and real users willing to try it.

The problem that got me started:

Most security extensions protect you by watching everything you do online. They inject scripts into your pages, log URLs, and track your browsing. I kept thinking — why do I have to give up my privacy to stay safe?

What I built:

Sorinify is a Chrome extension that blocks phishing and scam sites before they load — without ever seeing your browsing history. The URL gets checked server-side, a verdict comes back, and the URL is immediately discarded. Your browser never touches the malicious page. No scripts injected, no data stored, no browsing profile built.

A few things I learned the hard way:

1. Privacy and security are usually sold as opposites. They are not. Most extensions inject content scripts into every page you visit — they read the DOM, watch form fields, and phone home with your URLs. To avoid all of that, I had to move the entire detection pipeline server-side. The extension sends only the URL to our API before the page loads, our servers fetch and analyse the page content independently, run it through ML models, and return a verdict. Then the URL is discarded — never logged, never linked to your account. That means the extension itself has no access to your passwords, page content, or browsing history. It is a fundamentally different architecture, and it took months of iteration to get the latency under 30ms, so it would not feel like it slows down your browsing.

2. Nobody trusts a security tool they have never heard of. This is the cold start problem. I can explain the architecture all day, but people still ask "why should I trust you?" Fair question. All servers run in Germany under strict EU/GDPR jurisdiction, and you can check the Chrome Web Store permissions yourself — we request the bare minimum. But trust is earned through use, not through words. That is why I am here.

3. ML on 10M+ sites still is not enough. The model catches fake logins, brand impersonation, homograph attacks (scammers using Cyrillic "а" instead of Latin "a"), typosquatting, and suspicious new domains. But phishing evolves daily. Community reporting has been the missing piece — every flagged false positive or missed threat makes the system smarter.

What I am asking:

Install it, use it for a few days, and tell me what you think. The premium trial is 180 days, no credit card required. I genuinely want to know what is working and what can be improved.

Link to Chrome Web Store: https://chromewebstore.google.com/detail/sorinify-anti-phishing-pr/jckhipndgaabihmhfhphocgbcbegffpj

I would love your thoughts — don't hold back.