Ig Topic Filter Prototype
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
Take control of what you see on Instagram.
This Chrome extension lets you filter your Instagram feed by topics you actually care about — so you spend less time doom-scrolling and more time consuming content that aligns with your interests.
Whether you want more fitness, running, coding, design, business, or learning, you choose the topics and the extension curates your feed accordingly.
✅ What You Can Do
Select topics you want to see in your feed
Hide posts that don’t match your chosen interests
Instantly switch topics anytime
Reduce distractions & mindless scrolling
Build a healthier relationship with Instagram
🧠 Why This Extension Exists
Instagram decides what you see.
This extension gives that power back to you.
Instead of being fed random content, you can intentionally design your feed around:
Learning
Creativity
Fitness
Career growth
Mental well-being
Small change. Big impact.
🔒 Privacy-Friendly
No data is collected
No login required
Everything runs locally in your browser
🚀 Who Is This For?
Creators
Developers
Students
Entrepreneurs
Anyone tired of addictive, low-value feeds.
Disclaimer -
Filtering is based on post captions and available text. Since some posts don’t include sufficient caption data, results may not always be 100% accurate.
Tags
Privacy Practices
Security Analysis — Ig Topic Filter Prototype
Permissions
Code Patterns Detected
Package Contents 10 files · 73KB
What This Extension Does
The 'Ig Topic Filter Prototype' is a Chrome extension designed to help users curate their Instagram feed by filtering content based on specific topics like fitness or coding. It aims to reduce mindless scrolling by allowing users to manually select interests, thereby giving them more control over the algorithmic feed. The extension operates locally within the browser without requiring user login credentials, targeting creators, students, and anyone seeking a healthier relationship with social media.
Permissions Explained
- storageexpected: This permission allows the extension to save your selected topics (e.g., 'fitness', 'coding') and filter settings in your browser's local memory. It is necessary for the extension to remember your choices so they persist when you close or reopen Chrome.
Technical: Accesses the chrome.storage API to read/write key-value pairs. Data remains encrypted within the browser profile and is not sent to external servers unless explicitly coded to do so. If compromised, an attacker could theoretically read stored settings, but this permission alone does not grant access to cookies or session tokens. - https://www.instagram.com/*expected: This permission allows the extension to run code on Instagram pages. It is required for the extension to read post captions and text content so it can determine if a post matches your selected topics before showing it to you.
Technical: Grants access to the DOM, network requests, and storage of the specific domain 'instagram.com'. This enables Content Scripts to execute within the page context. The primary risk vector is that the extension has full visibility into the content of Instagram pages it monitors. If the developer code is malicious or buggy, this could lead to data leakage (capturing captions/images) or injection of unwanted scripts.
Your Data
The extension accesses text content from Instagram posts (captions and visible text) on your device to perform local filtering. Based on the provided network activity analysis, no data is detected being sent to external servers; all processing appears to occur locally within your browser.
Technical Details
Code Findings
Because the extension needs to read text from every post you visit, it has access to all captions and visible text on your Instagram feed. While this is necessary for its function, it means the extension can technically see everything you scroll past.
Technical: The permission 'https://www.instagram.com/*' combined with Content Script injection allows execution of JavaScript in the page context. This grants read access to document.querySelectorAll('*') and text content within <p>, <div>, and caption elements. The risk is that if the extension's code contains a vulnerability or is compromised, an attacker could exfiltrate this data.
💡 Content filtering extensions must inspect page content to apply rules (e.g., 'hide posts containing #gaming'). Without reading the text, the filter cannot function.
The extension loads scripts from external sources to manage its background logic. This is a common practice but adds a small layer of complexity regarding where code originates.
Technical: Analysis indicates the service worker loads external scripts. In Manifest V3, service workers are restricted in what they can do (no direct DOM access), but they can fetch and execute remote code for background tasks. This increases the attack surface if those external scripts are hosted on untrusted domains or contain supply chain vulnerabilities.
💡 Extensions often load libraries (like jQuery or utility functions) from CDNs to reduce bundle size in the main extension file.
The extension does not enforce strict security rules on which scripts are allowed to run. This is a minor oversight that could make it slightly easier for malicious code to execute if injected.
Technical: The Content-Security-Policy header or meta tag is not set within the extension's manifest or runtime context. Without a CSP, the browser relies on default permissions granted by the 'https://www.instagram.com/*' permission. A well-configured CSP could restrict script sources to only those required for the filter logic.
💡 Many simple extensions omit CSPs to ensure maximum compatibility with all Instagram page layouts and third-party widgets.
The 'Ig Topic Filter Prototype' is a low-risk utility tool that aligns well with its stated purpose of curating social media feeds. While it requires broad access to read Instagram content, this is inherent to its functionality and does not inherently compromise user privacy provided the developer maintains code integrity. Users should be aware that the extension has full visibility into post text but benefits from a lack of network activity logs suggesting no data exfiltration. It is recommended for users seeking feed control who understand the trade-off of granting content access to a local browser tool.
