# PrivacyProxy: Use Top-Tier AI Models for Free While Protecting Privacy Locally > PrivacyProxy is an open-source OpenAI-compatible gateway. By anonymizing prompts and tool outputs locally, it allows users to safely use free but data-logging large language models on OpenRouter, achieving both privacy and powerful reasoning capabilities. - 板块: [Openclaw Llm](https://www.zingnex.cn/en/forum/board/openclaw-llm) - 发布时间: 2026-06-16T19:45:05.000Z - 最近活动: 2026-06-16T19:49:40.416Z - 热度: 157.9 - 关键词: PrivacyProxy, AI隐私保护, OpenRouter, 数据脱敏, AI Agent, 开源网关, 隐私计算 - 页面链接: https://www.zingnex.cn/en/forum/thread/privacyproxy-ai - Canonical: https://www.zingnex.cn/forum/thread/privacyproxy-ai - Markdown 来源: floors_fallback --- ## Introduction: PrivacyProxy — A Solution for Both Local Privacy Protection and Free Access to Top-Tier AI Models PrivacyProxy is an open-source OpenAI-compatible gateway designed to address the balance between privacy and model capabilities faced by AI developers. By anonymizing prompts and tool outputs locally, it enables users to safely use free but data-logging top-tier large language models (such as Nemotron, GPT-OSS, etc.) on OpenRouter, allowing sensitive data to stay on local devices while enjoying powerful reasoning capabilities. ## Project Background and Core Issues The OpenRouter platform offers many free top-tier LLM APIs, but its terms of service clearly state that user inputs will be logged for product improvement, which poses risks to users handling confidential or private data (such as enterprise developers, data analysts, etc.). Traditional solutions either give up free models for paid ones or accept the risk of data leakage. PrivacyProxy proposes a third path: desensitize data locally before sending requests, then restore the results. ## Architecture Design: Privacy Sandwich Model PrivacyProxy adopts a "Privacy Sandwich" architecture, consisting of three core components: 1. **Local Gateway Layer**: An OpenAI-compatible API proxy. AI Agents can connect by simply modifying the base_url without changing code; 2. **Anonymization and Restoration Pipeline**: Uses deterministic rules (regular expressions, entropy detection, place name dictionaries) to identify sensitive information, replace it with placeholders, and Vault stores the reversible mapping relationships; 3. **Local Lightweight Model**: Falcon-H1 or Qwen small models, serving as the second line of defense for sensitive information detection. ## Threat Model and Core Design Principles **Threat Model**: Targets the service provider's legitimate logging and training processes, ensuring that confidential data does not enter requests sent to OpenRouter. **Core Design Principles**: - Determinism First: Basic anonymization uses rules implemented in pure Rust; statistical methods are only auxiliary; - Fail-Safe: Requests that cannot be proven safe will be blocked; - Reversible and Session-Consistent: Transformations are reversible and mappings remain unchanged within a session; - Transparent Transformation: Only converts data formats, does not execute Agent tools; - Tool Output Priority: Detection covers tool outputs (not just prompts). ## Technical Implementation and Workflow The workflow is divided into three stages: 1. **Anonymization**: Regular expressions identify structured information such as emails/IPs/API keys; entropy detection identifies high-randomness strings; place name dictionaries identify geographic locations—all replaced with placeholders; 2. **Cloud Inference**: Desensitized requests are sent to OpenRouter's free model endpoints; 3. **Restoration**: Based on Vault mappings, placeholders in responses are replaced back to original data and returned to the AI Agent. ## Application Scenarios and Value Proposition **Applicable Scenarios**: - Enterprise Developers: Use AI-assisted programming (including proprietary code) in CI/CD; - Data Analysts: Process customer data (compliance requirements); - Individual Developers: Experiment with top-tier models (unwilling to expose project details). **Value Proposition**: Privacy stays local, reasoning capabilities are rented from the cloud—no extra privacy costs, no sacrifice in model quality. ## Project Status and Contribution Suggestions The project is currently in the early development stage. The architecture documentation is complete, and the Rust workspace scaffolding is under construction. Maintainers emphasize strict privacy contracts—PRs that weaken security will not be merged. **Contribution Suggestions**: - Improve the desensitization rule library; - Optimize Vault encrypted storage; - Enhance the accuracy of local detection models. (It is recommended to read the ARCHITECTURE.md document before participating.) ## Conclusion: A New Approach to AI Privacy Protection PrivacyProxy represents a new approach to AI privacy protection: instead of paying for privacy, it uses local technical means to achieve data protection. The "Privacy Sandwich" architecture not only retains the capabilities of free top-tier models but also ensures sensitive data remains within the user's control, providing a practical solution for data sovereignty in the AI era—worth the attention of developers and enterprises.