Back to the Recovery Room
Security

Hard Blocks & Soft Blocks: How Our Smart Filter Protects Your Privacy

A deep dive into the real-time filtering engine that ensures Form Recover only saves what you need, and never what you don't.

MH
3 min read

When you use a tool that “saves what you type,” the first question should always be: “How do you know what to leave alone?”

At Form Recover, we don’t just guess. We’ve built a real-time filtering engine that acts as a gatekeeper for every single field you interact with. To make this process transparent, we’ve categorized our logic into two main layers: Hard Blocks and Soft Blocks.

The Real-Time Filtering Engine

As soon as you focus on a form field, Form Recover’s engine analyzes it. It doesn’t just look at the type of the field; it scans the entire environment:

  • Attributes: ID, Name, Class, Placeholder, and ARIA labels.
  • Context: Surrounding labels and even the parent form’s purpose.
  • Patterns: Is the input following a structure that looks like a credit card or a security code?

This all happens in milliseconds, locally in your browser, before a single character is ever saved.

Layer 1: The Hard Block (The “No-Touch” Zone)

Hard Blocks are non-negotiable. These are fields that Form Recover is hard-coded to ignore entirely. There is no setting to turn this off because some data is simply too sensitive to exist in a recovery vault.

What’s in the Hard Block?

  • Authentication: Passwords, MFA/OTP codes, and login tokens.
  • Financial Secrets: CVV/CVC codes and full credit card numbers.
  • Hidden Data: System-level tokens and tracking IDs that you don’t actually “type.”

The Result: Even if you wanted to save your password for “recovery,” Form Recover would politely refuse. Security comes before convenience.

Layer 2: The Soft Block (Privacy by Default)

Soft Blocks are for data that is sensitive but sometimes necessary to recover—like your home address, email, or username.

For these fields, we take a “Privacy by Default” stance.

  • Auto-Save is Disabled: By default, the extension won’t automatically capture this data.
  • Manual Control: You can still use the “Manual Save” button if you’re filling out a long application form and want to be safe, but the extension won’t do it behind your back.

This layer protects your Personally Identifiable Information (PII) from filling up your history while still giving you the power to save it when the stakes are high.

Why We Are This Strict

Other extensions might try to save everything to be “helpful,” but we believe that omission is a feature. By being incredibly picky about what we save, we reduce the “attack surface” of your local vault.

If your device is ever compromised, the less sensitive data we have stored, the safer you are.

Full Transparency

We want you to know exactly which keywords and patterns we look for. That’s why we’ve published a Detailed Technical Breakdown of our filter rules.

We believe that a recovery tool should be like an airbag: invisible when things are going well, reliable when they aren’t, and smart enough to know when not to deploy.

Form Recover v0.2.0 is now available on the Chrome Web Store with improved filtering logic for modern web frameworks.

#Security #Privacy #Engineering
Share this
The airbag for your browser