The Self-Hosted Privacy Engine
Scrubbed is a high-performance, automated privacy tool designed to eliminate your digital footprint from the most persistent people-search data brokers.
The Data Broker Problem
Today, your name, home address, phone history, and even the names of your family members are listed on hundreds of "people-search" websites. These brokers scrape public records and social media to build detailed profiles on private citizens, selling this data to anyone with a credit card.
Manually removing yourself from these sites is a full-time job. Each broker requires a unique opt-out form, email verification, and constant re-checking as data often reappears weeks later when the broker refreshes their database. This is where Scrubbed steps in, providing a set-and-forget solution for individual privacy.
Scrubbed was born out of a necessity for transparent, low-cost privacy tools. While many commercial services claim to protect you, they often require you to trust them with the very data you are trying to hide. By making Scrubbed open-source, we invite the community to audit our methods and contribute to a growing library of broker definitions.
Our Solution
Scrubbed automates this entire lifecycle. By combining advanced browser automation (Playwright) with a sophisticated domain-specific language for broker definitions, Scrubbed searches, identifies, and submits removal requests on your behalf.
Our architecture is designed to be lean yet powerful. We don't just send a generic removal request; we replicate the exact behavior of a human user, which significantly increases the success rate of removals. This "human-emulation" approach is what sets Scrubbed apart from simpler, API-based removal scripts that are easily flagged by bot detection systems.
Because the engine is self-hosted, your sensitive data (like your address and date of birth) never leaves your own hardware. Unlike paid "privacy services," Scrubbed doesn't charge a subscription and doesn't store your data on a central cloud server, ensuring absolute residency and security.
Key Features
The engine is built for durability, stealth, and total user control.
Autonomous Removal
Scrubbed implements a "Scout-and-Scrub" methodology. It doesn't just fill out forms; it first acts as a researcher, navigating data broker search interfaces to find the exact URL where your data resides. This ensures that the opt-out request is pinpointed and effective, targeting the correct database entry every time.
Once a profile is found, the engine executes a series of "Scrub Steps" defined in YAML. These steps handle complex DOM interactions, including clicking hidden buttons, navigating shadow roots, and handling multi-page opt-out flows that are designed to frustrate manual users. The system is resilient to UI changes and can be updated easily via the definition system.
The engine's ability to navigate dynamic single-page applications (SPAs) means it can handle modern web interfaces that older scrapers fail on. It intelligently manages cookies, local storage, and session tokens to maintain a consistent identity during the removal process, preventing brokers from linking multiple removal attempts.
Local-First Residency
Your profile data is stored in a locally encrypted SQLite database. When you run Scrubbed, the communication happens directly between your IP address and the data broker. There is no middleman service that can see your search queries or the profiles we've discovered. You own the hardware, you own the database, and you own the privacy.
By using a master password, Scrubbed secures your IMAP credentials and sensitive profile fields using AES-256-CBC via Node.js's native crypto module. This ensures that even if your hardware is compromised, your privacy configurations remain unreadable without the key. We prioritize security at rest as much as we do privacy in transit, ensuring a zero-knowledge architecture.
How It Works
A deep dive into the three phases of a Scrubbed removal sweep.
Phase 1: The Scout Engine
The Scout phase is a specialized search operation. The Runner service launches a headless Chromium instance powered by Playwright. Using playwright-extra-stealth, the engine mimics a real user by randomizing user agents, spoofing WebGL fingerprints, and introducing natural mouse movements. This ensures brokers cannot easily block the engine as a bot.
The engine navigates to a broker's search page and inputs your profile details. It then parses the results page, using fuzzy matching algorithms to score each result. If a profile matches your criteria (City, State, Age, Relatives) with high confidence, the unique "Exposure URL" is saved to the database. This phase is critical for accurate removal without affecting people with similar names.
Fuzzy matching is used to distinguish between you and people with similar names. We look for "confirmatory data"—attributes like previous addresses or middle initials that brokers often hide behind paywalls. By cross-referencing this data, Scrubbed minimizes "false positive" removal requests that could lead to account locks or incorrect data removal.
Phase 2: Automated Opt-Out
Once an Exposure URL is validated, the Scrub phase begins. The engine follows the broker's specific opt-out workflow. This often involves navigating to a suppression request form, injecting your data into specific fields, and submitting a "reason for removal." The engine handles complex multi-step forms that require session persistence.
We handle diverse form technologies, from standard HTML forms to complex React/Vue-based interfaces. The engine can wait for specific network requests to complete or for specific text (like "Submission Successful") to appear before marking a task as "Pending Verification." This state-driven approach ensures high reliability across diverse broker systems.
Phase 3: Email Verification Logic
Most brokers require you to click a link in a confirmation email. Scrubbed solves this with an integrated IMAP listener. It polls your configured "Privacy Email" every few minutes, searching for new messages from known broker domains. It handles the complex authentication and SSL handshake required by modern mail providers.
When a relevant email is found, the listener uses regular expressions to extract the confirmation link. It then launches a one-time browser context to "click" that link, completing the opt-out flow without any human interaction. This automated loop is what allows Scrubbed to clear dozens of brokers while you sleep.
The IMAP listener is built for high reliability. It handles multi-factor authentication (MFA) challenges and app-specific passwords common in modern email providers. It can differentiate between marketing spam and critical verification links, ensuring that only the relevant actions are automated.
Web & API Architecture
A technical deep-dive into the backend systems that orchestrate the removal lifecycle.
┌─────────────────────────────────────────────────────────┐
│ Dashboard (React + Vite) :3000 │
│ State, profile management, live visualization │
└────────────────────┬────────────────────────────────────┘
│ RESTful API (JSON)
┌────────────────────▼────────────────────────────────────┐
│ API (Express + SQLite) :3001 │
│ The "Brain": State Manager, Log Buffer, Orchestrator │
└────────────────────┬────────────────────────────────────┘
│ Shared SQLite (WAL Mode)
┌────────────────────▼────────────────────────────────────┐
│ Runner (Playwright + xvfb) │
│ The "Muscle": Automation, IMAP Engine, Scheduler │
└─────────────────────────────────────────────────────────┘The Core API (Express)
The API service is the central nervous system of Scrubbed. Built on Node.js 20 and Express, it manages the persistent state of your profiles, the registry of data brokers, and the history of every scan "run." It provides a clean RESTful interface that the Dashboard and CLI use to query data, ensuring a unified state across all clients.
Crucially, the API and Runner share a single SQLite database. By utilizing WAL (Write-Ahead Logging) mode, we allow the Runner to perform high-frequency updates (like logging progress) while the API continues to serve read requests to the UI without blocking. Every data point is validated using Zod to ensure absolute schema integrity, preventing corrupted data from entering the automation pipeline.
The REST API is structured around the concept of "Task Atomicity." Every removal attempt is broken down into discrete steps. This allows the system to recover gracefully from network timeouts or broker UI glitches without having to restart the entire scan from scratch.
CLI Architecture
Technical details of the terminal interface and TUI engine.
┌─────────────────────────┐ ┌─────────────────────────┐
│ User Terminal │ │ Scrubbed CLI │
│ (Input / Key Events) ├─────►│ (Commander Dispatch) │
└─────────────────────────┘ └────────────┬────────────┘
▼
┌─────────────────────────┐ ┌─────────────────────────┐
│ Blessed UI Engine │ │ API Connector │
│ (Panel Rendering Loop) │◄─────┤ (Axios Polling) │
└─────────────────────────┘ └─────────────────────────┘The Blessed Engine
The CLI's interactive mode is powered by Blessed, a high-level terminal interface library. Unlike a basic command-line script, Blessed allows us to build a stateful, event-driven UI. We implement a grid-based layout where the Status, Brokers, and Log panels are independent widgets that update reactively. This architecture provides a desktop-class UI experience inside a standard terminal emulator.
The engine handles terminal-specific challenges like SIGWINCH signals (for window resizing) and complex keyboard focus management. The "Log Widget" uses a custom virtual scroll buffer, allowing you to scroll through thousands of lines of execution history without impacting the performance of the live stream. This makes the CLI as capable as the Web Dashboard for monitoring long-running operations.
Command Dispatching
Non-interactive commands (like scrubbed scan start) are handled by Commander.js. This architecture allows Scrubbed to be used in shell scripts and CI/CD pipelines. Each command is a standalone module that translates user arguments into optimized REST calls to the backend API. We use Chalk for rich colors and CLI-Table for structured data output, ensuring technical clarity at every step.
Installation
Deploy your instance in minutes using Docker Compose.
Setup Steps
| Phase | Step | Command |
|---|---|---|
| Initial | 1. Clone Repo | git clone https://github.com/muzamil-dev/leave-me-on-a-deserted-island |
| Setup | 2. Configure | cp .env.example .env |
| Run | 3. Launch | docker compose up --build |
Setup Steps
| Phase | Step | Command (PowerShell) |
|---|---|---|
| Initial | 1. Clone Repo | git clone https://github.com/muzamil-dev/leave-me-on-a-deserted-island |
| Setup | 2. Configure | copy .env.example .env |
| Run | 3. Launch | docker compose up --build |
Validation
After the containers are healthy, run these quick checks to ensure the engine can communicate with the browser environment and the database.
| Service | Check | Command / Output |
|---|---|---|
| API | Health Ping | curl http://localhost:3001/health |
| Runner | Polling Logs | docker compose logs runner |
| Web | Interface Access | Browse localhost:3000 |
Environment
Global configuration settings to tune your privacy engine.
Configuration Matrix
| Variable | Default | Description |
|---|---|---|
MASTER_PASSWORD | (Required) | Key used for AES-256 database encryption. |
SCHEDULE_CRON | 0 2 1 * * | Cron schedule for automatic sweeps. |
DB_PATH | /app/data/db | The internal storage path for the SQLite file. |
LOG_LEVEL | info | Verbosity of the Runner and API logs. |
Proper management of the .env file is critical for security. We recommend rotating your MASTER_PASSWORD periodically and ensuring that the file permissions are restricted to the user running the Docker containers. Never commit your .env file to a public repository.
Usage Guide
Interacting with the engine via terminal.
TUI Controls
| Key | Action |
|---|---|
s | Trigger an immediate, manual removal sweep |
r | Force the UI to refresh data from the API |
p | Toggle the profile details overlay |
e | Edit profile fields (available inside the profile overlay) |
? | Toggle the help overlay |
: | Open command prompt for advanced commands |
tab | Move focus to the logs panel |
↑ / ↓ or j / k | Navigate the brokers list |
enter | Open the selected broker's discovered profile URL in a browser |
esc | Unfocus the log panel / close overlays and return to brokers |
q or Ctrl+C | Safely terminate the CLI interface |
Command Prompt
Press : to open the command prompt, then type any of the following:
| Command | Alias | Action |
|---|---|---|
scan | s | Start a new scan |
refresh | r | Refresh all data |
clear | Clear the log output | |
profile | Show the profile overlay | |
profile edit | pe | Edit profile fields |
help | ? | Show the help overlay |
quit | q | Quit the application |
Shell Commands
The CLI is designed for speed and power. Below is a complete reference of all commands available in the scrubbed utility.
# Profile Management
scrubbed profile show # display current profile
scrubbed profile setup # interactive profile setup
# Scan Orchestration
scrubbed scan start # queue a new scan
scrubbed scan watch # start scan and stream logs until done
scrubbed scan status # show latest run progress
scrubbed scan status --id # check progress of a specific run
scrubbed scan results # per-broker results table for a run
# System & Data
scrubbed status # overview of profile and latest run
scrubbed brokers # list all brokers with status
scrubbed logs # show recent logs
scrubbed logs --follow # tail logs live
scrubbed discovered # list discovered profile URLs Broker Coverage
Scrubbed currently supports automated removal from these 12 major data brokers.
| Broker Name | Primary Domain |
|---|---|
| Whitepages | whitepages.com |
| Spokeo | spokeo.com |
| BeenVerified | beenverified.com |
| CheckPeople | checkpeople.com |
| ClustrMaps | clustrmaps.com |
| Intelius | intelius.com |
| MyLife | mylife.com |
| Nuwber | nuwber.com |
| PublicDataUSA | publicdatausa.com |
| Radaris | radaris.com |
| SmartBackgroundChecks | smartbackgroundchecks.com |
| ThatsThem | thatsthem.com |
| More to come... we are constantly expanding our coverage database. | |
Privacy Policy
Our commitment to your absolute data sovereignty.
Data Residency & Ownership
Scrubbed is built on the core principle of Local-First Data Ownership. Unlike commercial privacy services, Scrubbed does not require you to create a cloud account or upload your identity documents to our servers. Every piece of information—your name, address history, phone numbers, and found Exposure URLs—remains exclusively on your own machine. This decentralization is our strongest security feature.
The SQLite database that houses your profile is protected by AES-256 encryption at rest, using your `MASTER_PASSWORD` as the key. This password is never transmitted to us or any third party. Your data residency is 100% under your control, and your privacy instance operates as a closed loop between your hardware and the data brokers you choose to scrub. We have no way to "peek" into your database or see your removal history.
Because Scrubbed is self-hosted, the retention period for your data is determined entirely by you. You can purge your scan history, remove your profile, or wipe the entire database at any time. We do not maintain any logs of your activity, nor do we track which brokers are most active for our users. Your data sovereignty is absolute.
Network Transparency
All network traffic generated by Scrubbed is transparent and auditable. The Runner service communicates directly with data broker websites via an automated Chromium browser. There are no middleman proxy servers controlled by the Scrubbed project that can see or intercept your traffic. This direct communication model ensures that no third party can build a profile of your "removal activity."
We do not use any telemetry, tracking pixels, or third-party analytics (like Google Analytics) within the application or the dashboard. We believe that a privacy tool must, first and foremost, be invisible to everyone except its owner. Your usage of Scrubbed is entirely private, and we do not collect metadata about when or how you use the tool.
Encryption Standards
Sensitive credentials, such as your IMAP password for email verification, are never stored in plain text. Scrubbed uses Node.js's native crypto module to implement industry-standard encryption. We use a salted PBKDF2 derivation function to transform your MASTER_PASSWORD into a unique encryption key, making brute-force attacks on your local database computationally expensive.
This encryption applies not just to passwords, but to any field marked as "sensitive" in the database schema. This includes your specific search queries and the exact URLs where your profiles were found. We treat every piece of your identity as highly confidential, ensuring that your privacy is protected even from other users of the same machine.
Auditability & Open Source
The entire source code of Scrubbed is open and available for public audit. We encourage security-conscious users to review our Playwright implementation, our database schema, and our encryption routines. Our goal is to earn your trust through engineering transparency rather than legal marketing. By keeping the code open, we ensure that anyone can verify our privacy claims for themselves.
Credits & Acknowledgments
Scrubbed is built on the foundational research and technology provided by the open-source community.
Privacy Research
The core automation logic and broker mappings in Scrubbed were made possible by the incredible research found in the Big-Ass Data Broker Opt-Out List by Yael Grauer. This project provides a comprehensive database of removal procedures that served as the primary reference for our YAML broker definitions.
We utilized this list to understand the specific URL endpoints, form requirements, and verification steps for each broker, allowing us to translate manual instructions into stable, automated browser scripts.
Interface Technology
The high-performance Terminal UI is powered by the Blessed library. We chose Blessed because it allows for a stateful, widget-based interaction model that traditional terminal scripts cannot achieve. It provides the mouse support, dynamic layout grid, and event-driven architecture that makes the scrubbed CLI feel like a desktop application.