Teaching Claude to Spot Sketchy Websites
Building a Privacy Tool with Claude AI
I guess I am tired of guessing what websites to trust. Every time I open my browser's network tab, I see dozens of domains I have never heard of. Some look sketchy. Others seemed fine. But I never know for sure.
Living in the EU, I'm supposed to have strong privacy rights under GDPR. In practice, exercising those rights meant spending hours reading privacy policies written by lawyers for lawyers. There has to be a better way, even if it involves consulting the wobbly world of LLM & Chatbots.
The Problem Was Simple
Modern websites load content from everywhere. A single page might connect to twenty different domains. Analytics trackers, content delivery networks, advertising platforms, social media widgets: they all phone home with your data.
Privacy tools like ad blockers help. Sidenote: I use Kaylee Calderolla's Wipr 2 for Mac and I love it! I also use a tool called Little Snitch to approve domains manually, but is a blunt instrument without knowing what' you're looking at. Block too little and your data leaks everywhere. Block too much and websites break. The tools assume you already know which companies to trust.
I don't. And I suspected most people don't either.
Building a Solution
I decided to build something I wanted to use: a tool that analyzes website domains and explains whether to trust them. Not just "this domain is bad" but "here's why, here's what data they collect, and here's how it affects your GDPR rights."
The core idea was straightforward. Paste a list of domains from your browser's network activity. Get back a clear recommendation for each one, plus context about the company's privacy practices.
I built this using Claude's AI capabilities to analyze privacy policies and generate structured recommendations. Instead of building a traditional backend with databases of privacy information, I leveraged Claude's knowledge to provide real-time analysis of any domain cluster.
What struck me most was how Claude handles like retrieval-augmented generation (RAG) without the complex infrastructure. Instead of maintaining databases of privacy policies and company information, Claude synthesizes its training knowledge with current context to provide relevant analysis. It's like having a privacy expert who's read thousands of privacy policies and can instantly connect dots between companies, their practices, and regulatory frameworks. The user simply brings their account and their compute quotas to another user's application.
Technical Challenges
Making AI Output Useful
The biggest challenge was getting consistent, structured responses from Claude's API. AI tools are great at analysis but terrible at formatting. Therefore, I asked it to prioritize the same six-section structure every time:
- Quick bottom-line recommendation
- Company privacy approach
- Compliance certifications
- Legal details in a table
- Domain-by-domain trust ratings
- Additional context
This required careful prompt engineering. The system prompt had to specify everything: tone, format, table structure, even specific phrases to use.
Parsing Complex Responses
Here's an improved version that better explains Claude's artifact generation process:
Claude typically returns simple markdown, but when generating artifacts, it uses specific HTML structures like tables. To handle this, I developed a parser with the following approach:
Claude's Artifact Generation Process: Claude wraps generated content in <artifact> tags with metadata:
type="text/html"for interactive contenttype="text/markdown"for documentationtype="application/vnd.anthropic.react"for React components
Parser Implementation: The parser extracts content between artifact tags and renders it appropriately. The trickiest part was handling edge cases:
- Malformed HTML tables with missing tags or incorrect nesting
- Responses mixing artifact syntax with regular markdown
- Incomplete artifact blocks due to length limits
Fallback Strategy: Claude's artifact syntax includes built-in fallbacks. If the artifact can't render (malformed syntax, unsupported type, etc.), it falls back to displaying the raw content as plain text. This ensures users always see something meaningful, even when the structured format fails.
Robust Error Handling: The parser validates artifact structure before rendering, sanitizes HTML content, and gracefully degrades to markdown when artifacts aren't properly formed.
This approach ensures reliable content delivery regardless of Claude's output format variations.
State Management Without Memory
Each API call to Claude is independent - no memory of previous conversations. This meant cramming all context into each prompt. The system prompt grew to include user location (EU), tool preferences (privacy-focused blockers), and detailed formatting requirements.
What I Learned
Structure Beats Intelligence Constraining AI output to a specific format made the tool far more useful than letting it write freely. Users want actionable recommendations, not privacy theory essays.
Context Is Everything Raw privacy policy data isn't helpful. What matters is how company practices affect you as an EU resident. The tool's value comes from transforming abstract into tabulated effects and roles of these domains.
Claude's Knowledge Synthesis Is Remarkable Claude synthesizes knowledge across privacy law, company practices, technical implementations, and regulatory compliance to provide contextual analysis. It reasons about relationships between information rather than just retrieving facts.
Privacy Tools Need Better UX Most privacy tools assume technical knowledge. By explaining why to block domains, even non-technical users can make informed data decisions.
The Result
The tool bridges privacy policies and user understanding, turning complex legal documents into simple trust decisions with clear recommendations, EU-specific GDPR context, and plain English explanations.
Privacy shouldn't require a law degree. When users easily identify privacy-invasive services, companies gain business incentives to improve practices. This creates market pressure for better privacy by default—small steps toward an internet where users have both legal rights and practical ability to control their data.
The EU Privacy/GDPR Analyzer lets you paste website domains and get structured privacy recommendations for EU users. You can check it out here: Privacy/GDPR Domain Analyzer - Claude Artifact