ALEKSEI ALEINIKOV

Chrome & Safari extension that keeps secrets out of AI prompts.

I built a privacy-first browser extension that scans messages before they reach ChatGPT, Claude, Gemini and other AI tools. It detects API keys, passwords, tokens, PII and other sensitive data - then lets you redact or block the message. 100% local, zero data leaves your machine.

Executive value delivered:

• Detection engine: 110+ regex patterns (AWS, GCP, GitHub, Stripe, Slack, OpenAI, PEM keys, JWTs, DB URLs) + Shannon entropy analysis across ENV, JSON, YAML, TOML, XML, CLI flags
• PII protection: credit cards, SSN, IBAN, passport numbers, email+password combos — all detected and blocked before sending
• Privacy-first: 100% local scanning, zero telemetry, no servers, no data collection — auto-redact mode replaces secrets with [REDACTED] tags instantly

Chrome extension for learning new words while browsing the web.

I built a privacy-first browser extension that turns everyday reading into a language learning experience - instant translation across 39 languages, personal vocabulary, spaced repetition flashcards, interactive statistics, side panel mode, and text-to-speech - all without leaving the page.

Executive value delivered:

• Learning system: Anki-style flashcards with 5-box Leitner spaced repetition algorithm, interactive statistics, and multiple input modes (auto-translate, shortcut, double-click)
• User experience: 4 themes, 6 highlight colors, side panel mode, text-to-speech, accessibility mode, and 39 fully translated interface languages
• Privacy-first: 100% local storage, no accounts, no tracking, no data collection — with JSON import/export for portability

Quantitative model for human-centric cyber risk and organizational resilience.

I designed and shipped a full analytics product that gives leadership measurable visibility into key-person dependency risk, decision bottlenecks, and human control bypass patterns.

Executive value delivered:

• Decision-grade metrics: Bus Factor, Decision Concentration, and Bypass Risk combined into a practical risk model
• Adoption-ready delivery: PyPI package, CLI + Python API, and JSON/Markdown/HTML reports with interactive graph visualization
• Trust and rigor: DOI citation, security-focused CI/CD, and strong automated test coverage for repeatable results

Experimental userspace IPv8 toolkit implementing draft-thain-ipv8-02 — address parsing, packet building, routing simulation, and more.

I built a pure-Python toolkit for experimenting with Internet Protocol Version 8 (draft-thain-ipv8-02). It covers 58 modules, 35 CLI commands, and 1 827 tests - from address parsing and packet construction to full routing simulation, security filtering, companion protocols (WHOIS8, NetLog8, BGP8), and a TUI dashboard.

Executive value delivered:

• Protocol stack: IPv8 64-bit addressing, 28-byte packet header, fragmentation/reassembly, two-tier routing with VRF, ICMPv8, multicast/anycast/broadcast, 8to4 tunnelling
• Security & companion protocols: RINE prefix protection, interior link protection, /16 prefix enforcement, WHOIS8, NetLog8, BGP8 path selection with Cost Factor metric
• Ops tooling: PCAP export for Wireshark with custom dissector, Traceroute8, NetFlow8, QoS shaping, packet fuzzer, Docker multi-node testbed, Textual TUI dashboard

VS Code extension that kills "works on my machine" — one-click env snapshot, diff, and Markdown fix report.

I built a VS Code extension that captures a full snapshot of your dev environment - runtimes, Docker, ports, env vars, scripts, lockfiles, git state, VS Code extensions, shell config, and PATH - then diffs it against a teammate's or a previous snapshot and generates a Markdown report with concrete shell commands to fix the drift. 100% local, no telemetry, no network calls (except the explicit Import from URL command).

Executive value delivered:

• Full env capture: runtimes (node, python, go, java, ruby, rustc, dotnet, git), Docker containers + ports, listening TCP ports, env var keys, scripts, lockfile SHA-256 hashes, git branch/commit/dirty state, VS Code extensions, shell rc fingerprints, and ordered PATH entries
• A/B diff workflow: pin any two snapshots as A and B with one click — color-coded diff opens automatically; tag snapshots (e.g. before-upgrade, prod-mirror) and export a Markdown report with actionable nvm install / npm ci commands
• Privacy & security: 100% local, no telemetry, env values are keys-only by default, secrets masked by pattern (token, api_key, password…), home paths replaced with ~, all commands run without sudo with 4 MB output cap

Modern encrypted network tool with post-quantum crypto, zero-config VPN, anti-censorship, and multi-platform deployment.

I evolved a legacy Cryptcat concept into a full-featured encrypted networking toolkit (v2.8) - covering TUN VPN with UDP transport, encrypted chat with session fingerprints, reverse tunnels, SOCKS5 proxy, stealth port scanning, resumable file transfer, TLS camouflage, post-quantum key exchange, and persistent auto-reconnect. Published on Docker Hub, AUR, and GitHub Container Registry with shell completions for bash/zsh/fish.

Executive value delivered:

• Crypto stack: AES-256-GCM + X25519 ECDHE + PBKDF2 (100K iterations), optional post-quantum hybrid (X25519 + ML-KEM-768)
• Anti-censorship: TLS 1.3 camouflage, browser fingerprint mimicry (JA3/JA4), ECH, REALITY-like fallback, packet padding & timing jitter
• Networking: TUN VPN (--tun) with UDP transport, full tunnel (--default-route), NAT/masquerade, encrypted chat with session fingerprints & read receipts, reverse tunnels (-R), SOCKS5 proxy, port forwarding (-L), stream multiplexing (--mux), stealth port scan with banner grabbing
• Ops readiness: Docker Hub / AUR / GHCR packages, bash/zsh/fish completions, persistent auto-reconnect, resumable encrypted file transfer with SHA-256 verification, 65+ integration tests