Summary
Maskify currently detects and masks only email addresses. Users presenting screens also expose phone numbers, partial credit card numbers, IP addresses, and other PII. Expanding the detection surface makes Maskify useful for a broader set of demo and screen-sharing scenarios.
Proposed Pattern Categories
Start with three high-value additions alongside the existing email detection:
1. Phone numbers
US format: (555) 123-4567, 555-123-4567, +1 555 123 4567
International: +44 20 7946 0958, +49 30 12345678
Replacement strategy: preserve format structure, randomize digits (e.g. (555) 123-4567 → (555) 847-2931)
2. Credit card numbers
Full: 4111 1111 1111 1111, 4111-1111-1111-1111
Masked/partial: **** **** **** 4242, ending in 4242
Replacement: randomize visible digits, preserve spacing and prefix structure
3. IP addresses
IPv4: 192.168.1.100, 10.0.0.1
Replacement: randomize octets within valid ranges (avoid 0.x.x.x, 255.x.x.x)
Architecture: Pattern Registry
Rather than adding more regex cases to the existing masking function, introduce a pattern registry that each data type plugs into:
// Each pattern type is a self-contained module
const patterns = [
{
id : 'email' ,
category : 'contact' ,
label : 'Email addresses' ,
regex : / [ a - z A - Z 0 - 9 . _ % + - ] + @ [ a - z A - Z 0 - 9 . - ] + \. [ a - z A - Z ] { 2 , } / g,
generate : ( match , settings ) => getFakeEmail ( match , settings ) ,
enabled : true
} ,
{
id : 'phone-us' ,
category : 'contact' ,
label : 'Phone numbers (US)' ,
regex : / \( ? \d { 3 } \) ? [ - . \s ] ? \d { 3 } [ - . \s ] ? \d { 4 } / g,
generate : ( match ) => generateFakePhone ( match ) ,
enabled : true
} ,
// ...
] ; Benefits of this approach
Per-category toggles in the popup — users enable only what they needEasy to extend — adding a new type means adding one object, not changing scanner logicTestable — each pattern's regex and generator can be unit-tested in isolation
UX Considerations
Add a Data Types section to the popup with checkboxes per category
Emails should remain the default (and only enabled type on first install) for backward compatibility
The masking style per type may differ: emails → fake names (current behavior), phones/IPs → randomized digits, credit cards → randomized digits
This interacts with the masking style setting (Add redaction-style masking option (block characters / highlighted underscores) #30
maskCount in the toast should report totals per type (e.g. "Masked 12 emails, 3 phone numbers")
Phone Number False Positives
Phone regex is notoriously prone to false positives (order numbers, zip codes, dates). Mitigations:
Require 10+ digits for unformatted numbers
Require formatting characters (dashes, parens, dots, spaces) for shorter sequences
Skip numbers inside known non-phone contexts (e.g. # prefixed order numbers)
Consider a confidence threshold approach: only mask if the match also appears near keywords like "phone", "tel", "mobile", "cell", "fax"
Related
Summary
Maskify currently detects and masks only email addresses. Users presenting screens also expose phone numbers, partial credit card numbers, IP addresses, and other PII. Expanding the detection surface makes Maskify useful for a broader set of demo and screen-sharing scenarios.
Proposed Pattern Categories
Start with three high-value additions alongside the existing email detection:
1. Phone numbers
(555) 123-4567,555-123-4567,+1 555 123 4567+44 20 7946 0958,+49 30 12345678(555) 123-4567→(555) 847-2931)2. Credit card numbers
4111 1111 1111 1111,4111-1111-1111-1111**** **** **** 4242,ending in 42423. IP addresses
192.168.1.100,10.0.0.10.x.x.x,255.x.x.x)Architecture: Pattern Registry
Rather than adding more regex cases to the existing masking function, introduce a pattern registry that each data type plugs into:
Benefits of this approach
UX Considerations
maskCountin the toast should report totals per type (e.g. "Masked 12 emails, 3 phone numbers")Phone Number False Positives
Phone regex is notoriously prone to false positives (order numbers, zip codes, dates). Mitigations:
#prefixed order numbers)Related