Most browser extensions that call external APIs route your traffic through the developer's backend. The stated reason is usually key management — you can't safely bundle an API key in a Chrome extension, so you proxy through a server you control. The real side effect is that every query you make is logged somewhere you don't control.
When I built rabbitholes — a Chrome extension that surfaces inline explanations for any text you highlight — I wanted the architecture to match the use case. You're reading medical papers, legal documents, news articles with sensitive context. The extension sees everything you ask about. A proxy server that accumulates those queries is a liability, not a feature.
The fix was straightforward but requires the user to bring their own API key: requests go directly from the browser to api.anthropic.com and api.search.brave.com. No intermediary server. The key is stored in chrome.storage.sync, which Chrome encrypts and ties to the user's Google account — it never touches my infrastructure.
// No proxy. The extension calls Anthropic directly.
const response = await fetch('https://api.anthropic.com/v1/messages', {
method: 'POST',
headers: {
'x-api-key': userApiKey, // from chrome.storage.sync
'anthropic-version': '2023-06-01',
'content-type': 'application/json',
},
body: JSON.stringify(payload),
});
The tooltip itself renders in a shadow DOM so it can't read or mutate the host page's DOM, and the host page can't inspect the tooltip's internals. No analytics, no telemetry, zero data leaves the browser except the API calls the user explicitly triggers.
The tradeoff is real: you have to get your own Anthropic key and paste it into the extension settings. For most consumer extensions that's a dealbreaker. For an extension designed around reading and research, it felt like the right constraint — the people who want this are exactly the people who understand what an API key is.
The extension is Manifest V3. Every explanation ends with two suggested rabbit-hole topics, there's a pencil icon for free-form follow-ups that inherit the current context, and a globe icon re-runs the query enriched with Brave Search results. A hop counter tracks how deep you've gone — hit 'philosophy' from anywhere and you'll find out.
Top comments (0)