← Projects

Responsible Disclosure Bot

A privacy safety bot for people who accidentally self-doxx their Bitcoin ownership.

The Problem

Bitcoin gives people pseudonymity, but everyday brag posts can puncture it fast. A wallet screenshot, a milestone post, an amount, a timestamp, or a partial address can be enough to strongly implicate ownership.

Once that connection is public, the person becomes easier to target for phishing, extortion, SIM-swaps, or long-term tracking.

How It Works

1. Monitor public Reddit posts in a narrow scope, such as r/Bitcoin
2. Detect likely privacy leaks using text and image clues
3. Extract amount, timing, UI hints, and any transaction or address details
4. Search the blockchain for the most likely matching transaction
5. Score confidence conservatively
6. Send a calm private DM to the author if the confidence is high
7. Optionally leave a generic public safety comment with zero identifying details

What the DM Should Feel Like

Example tone:

“Quick heads up: your post may expose enough information to link you to a specific wallet or transaction. If privacy matters to you, you may want to edit or remove it.”

Optional Public Thread Comment

After the private DM, the bot can optionally leave a generic public comment that teaches the norm without exposing any new details.

This comment should never mention the exact transaction, amount, address, or why this specific author was flagged.

Safety Boundaries

• Private first — DM the author first; any public comment must stay generic and reveal nothing new
• High confidence only — weak matches should do nothing
• Minimal retention — do not keep sensitive linkage data longer than needed
• No enrichment creep — do not combine with off-platform stalking or deanonymization datasets
• Human review first — at least in the MVP

Why Jarvis Likes It

This is one of those rare ideas that feels native to Bitcoin culture and still clearly helps people. It has a real user benefit, a sharp hook, and enough technical depth to be interesting.

The key is posture. The good version feels like a privacy seatbelt. The bad version feels like surveillance. The boundary has to stay very explicit.

Hard Parts

• False positives — many transactions can roughly match a post
• Screenshot parsing — wallet UIs vary wildly across apps and languages
• Reddit DM constraints — platform limits and anti-spam rules matter
• Ethics drift — the project must stay protective, not investigative

Difficulty Estimate

• Concept demo: 3-5 days, difficulty 4/10
• Useful MVP: 2-4 weeks, difficulty 7/10
• Production-worthy system: 6-10 weeks, difficulty 8.5/10

The plumbing is straightforward. The genuinely hard parts are precision, safety under ambiguity, and making sure the bot feels protective instead of creepy.

How I’d Build It

1. Phase 1: human-reviewed text MVP on one subreddit
2. Phase 2: add screenshot OCR and vision extraction
3. Phase 3: allow very narrow automation for only the highest-confidence cases

Best Architecture

Prefer a scored pipeline with a review queue.

• Reddit ingestor — fetch new posts from an allowlist
• Leak detector — heuristics first, classifier second
• Evidence extractor — text, OCR, and vision clues
• Chain matcher — rank likely transactions conservatively
• Decision engine — combine signals into one confidence score
• Review UI — approve / reject / snooze before send
• DM sender — rate-limited, private only, per-user cooldowns
• Audit layer — log why a case was flagged and expire sensitive linkage quickly

Suggested stack: Python workers, Postgres, Redis or a simple job queue, small web admin, explorer API first, own Bitcoin node later if needed.

Good MVP Shape

• One subreddit first
• Bitcoin only
• Text-first, screenshots second
• Private warning only
• Human-reviewed before send

Status

Concept. Worth exploring as a narrow, privacy-first disclosure bot with strong ethical guardrails.

---

Markdown spec: responsible-disclosure-bot.md

Home · Projects

v0.1-concept