Back

Show HN: I made a Chrome extension to clean up your Gmail inbox locally

79 points8 hoursinboxpurge.com

Hi everyone,

My motivation for building this was to address the trouble of mass unsubscribing from unwanted emails and deleting bulk emails while ensuring privacy and control over the process. With this Chrome extension, emails are not sent to any external servers. All calls to the Gmail API happen locally on your device.

Feedback and suggestions are welcome!

lxe6 hours ago

When you say "locally" it usually means it uses the browser's API to navigate the inbox and perform whatever actions necessary. This extension instead requires pretty intrusive permissions, just like the alternative competitors (which are under fire for selling your data).

I appreciate that you state that "data doesn't leave your device", but the whole point of "local" extension is that I don't have to take your word for it.

thefisola5 hours ago

"Locally" here means, calls to the Gmail API are triggered directly from your browser(device) not on any third-party servers.

I totally understand your concern. Unfortunately, to perform those actions(unsubscribe/delete etc..) on your behalf while using the API, those "intrusive" permissions are required. If it wasn't needed, Google oauth verification team would not have approved.

I tried to explain the usage for each permission here: https://www.inboxpurge.com/permissions

saurik4 hours ago

But if you are a browser extension I would have expected you wouldn't need your own permissions at all: you would either be scripting the UI of the client to accomplish your goals or stealing its authentication.

AgentME1 hour ago

As someone with a lot of experience in working on a Chrome extension that interacts with Gmail specifically, there are two reasons I'd expect an extension like OP's to integrate with the official Gmail API instead of poking the Gmail web app's internal API directly: 1) the official Gmail API is stable, documented, and doesn't take reverse-engineering to use, and 2) the Gmail web app's internal API is pretty strongly rate-limited for some actions.

If an extension only does actions involving the UI and data visible on screen within the Gmail webpage at a regular user pace, then I wouldn't expect it to strictly need the official Gmail API much. But this would mean the extension can't operate on emails that aren't on the current visible page, etc.

lanternfish3 hours ago

Stealing the authentication is arguably way more invasive than this strategy.

saurik3 hours ago

I mean, we can argue lots of things, I guess ;P, but an extension already has access to that authentication token, and pretending otherwise is a bit... "performative"? The expectation I have with an extension--as someone who used to manage an entire ecosystem of such extensions of native software for a decade--is that it is a true extension of the application that it is extending, similar to if we had the original source code to patch.

thefisola3 hours ago

Tbh I didn't really consider this approach as I didn't think it was possible (that's if it is). Also I'm not so comfortable with hijacking authentication session. I very much prefer making the user actually grant permissions to the required scopes and making it clear what the access is used for.

alimbada43 minutes ago

I use a Google Apps Script to clean up my Gmail inbox. It runs daily, searches for various senders and/or subject lines which are older than a certain amount of time and moves them to the Trash/Bin. It runs without intervention and I've got it set up to report any failures back to my inbox. Since my workplace also uses Google I've even set up a Script for my work inbox on my work account. Various notification emails, e.g. from Slack get cleaned up if older than 3 days old.

oski29 minutes ago

Can you share the code for this?

JZL0033 hours ago

I go through a lot of emails and what I love recently is being able to sort by sender - then all the emails from the same person are together and it's easier to skim through ("yup, all these are uneeded except this unusual one")

Annoyingly thunderbird allow but not gmail, so I wanted to use thunderbird. But it doesn't easily allow archive-ing, like GMail does.

Contrived but still easy solution: tag all your inbox you want to go through with two labels SetA and SetB. Open SetA in thunderbird, using `a` to remove emails from SetA as if you archived. Then in GMail, use the search `label:setB - label:SetA` and it gives all the emails you wanted to archive. Archive those and done

siscia38 minutes ago

If you go through a lot of emails, you may be interested in a small product I have developed.

GabrielAI (https://getgabrielai.com) can filter your emails given a GPT prompt and then make a special action, like drafting a reply or apply a label.

I am now introducing a digest if emails. So that every 6 hours (or whatever time) you receive an email with the summary of all the unread emails in your inbox.

It is free for now, but the summary feature is hide by a feature flag.

If you are interested, I can ungate your account.

aragonite3 hours ago

I believe it's technically possible in Gmail by turning off conversation threading in the settings.

Unfortunately there doesn't seem to be any quick way of toggling between threaded and non-threaded.

birdman31312 hours ago

So this give very little info on how the bulk email deletion works.

For instance at last look I had north of 40k emails from ebay. I can't just delete them all as I want to keep anything that is related to either an order I placed or an item I sold. I have went back 15+ years before to find part numbers before.

But I have no interest in the 38000+ marketing emails from them. (I kinda wanna keep getting them but don't want them a week after I get them.

And if I recall correctly the emails have often come from the same accounts so I can't even filter by that.

siscia42 minutes ago

Would you pay for that?

I developed GabrielAI (https://getgabrielai.com) an assistant for Gmail.

You provide a GPT prompt and it scan all the new emails. If the email matches the prompt it will do an action. Either drafting a reply for you or set a label.

It will be trivial to go through the whole inbox. But expensive.

It is a nice feature to add though...

kleiba4 hours ago

I recently made my first Firefox extension and was surprised how simple it actually was (just for personal use: I had to repeatedly copy lots of data which I already had in a spread sheet into a web form - the extension lets you copy a whole row of data from the sheet and paste in into consecutive form fields on the website). As usual, it's not clear whether it was actually less work to develop the extension than it would have been to just manually put in all the data, but it was definitely better for my mental health.

Perhaps I will look into developing more serious extensions in the future, it was actually a quite pleasant experience.

Is it fair to say that developing extensions for Chrome is comparable?

insin3 hours ago

For extensions which primarily add functionality to a target site, you can usually run the exact same extension code in Chrome, Firefox and Safari.

The latter two have API differences from Chrome - e.g. using the `browser` namespace for extension APIs instead of `chrome`, and Promises instead of callbacks for async functionality - but for the sake of compatibility they also implement Chrome's version of these APIs [1][2], so if you just use the Chrome APIs and don't venture into the more browser-internal APIs such as bookmarks, the same extension code will likely run everywhere, with some specific differences/incompatibilities noted in the docs below.

If you were to create a new cross-browser extension today, one of the main issues would be that Chrome Web Store no longer accepts new MV2 extensions so you have to use MV3 for it, but MV3 in Firefox currently has some serious usability issues around permissions which are being addressed in upcoming releases [3] so you'll want to use MV2 for it, however this likely just means you'd need to have separate MV2 and MV3 manifest.json files which get bundled into different zip files for submission to the different browser extension stores. I had to do this recently for one of my extensions [4]

[1] https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...

[2] https://developer.apple.com/documentation/safariservices/saf...

[3] https://blog.mozilla.org/addons/2024/05/14/manifest-v3-updat...

[4] https://github.com/insin/control-panel-for-twitter/commit/59...

thefisola4 hours ago

Cool!

Yes it's pretty similar. There just some minor API differences. e.g

Chrome - chrome.tabs.query(queryInfo) Firefox - browser.tabs.query(queryInfo)

So you could easily port any firefox extension to chrome and vice-versa using the same codebase.

kleiba3 hours ago

Oh, it's that similar? That's actually really cool then.

hansoolo6 hours ago

Funny! I am working on something similar for myself. But not restricted to just Gmail. I really want to clean up this mess in my accounts.

How did you go about the unsubscribe functionality? Also, I think I saw that Gmail has that feature themselves now.

thefisola6 hours ago

Oh that's cool!

As at Febuary, Gmail introduced new guidelines for bulk email senders to make it easy unsubscribe from by adding a value for "List-Unsubscribe"

https://support.google.com/a/answer/81126?hl=en&visit_id=638...

So unsubscribing is simply a POST request to the value of this email header (List-Unsubscribe) - which is a link and comes as part of the email headers in the Gmail API response

The alternative approach is to parse the content of the email and use regex to get the unsubscribe link using the likely words. e.g links with words like: unsubscribe, opt-out etc..

Yes, Gmail has the unsubscribe functionality. Unfortunately, you cannot mass unsubscribe. If you have over 100 unwanted subscriptions you would have to unsubscribe from each one at a time.

Hope that helps you

hansoolo5 hours ago

>Yes, Gmail has the unsubscribe functionality. Unfortunately, you cannot mass unsubscribe. If you have over 100 unwanted subscriptions you would have to unsubscribe from each one at a time.

That is a valuable info. Thank you!

>The alternative approach is to parse the content of the email and use regex to get the unsubscribe link using the likely words. e.g links with words like: unsubscribe, opt-out etc..

That's how I started to implement it. But then again you will need to go through every unsubscribing process manually...

Best of luck with your extension!

thefisola5 hours ago

Thank you!

pugworthy1 hour ago

If data doesn't leave my device, how can you claim "37,414,937 emails with our privacy-focused cleaner"? How do you know that number?

thefisola1 hour ago

We store stats like "unsubscription count" and "deletion count". Your emails do not need to leave your device for that data.

jokoon5 hours ago

I would rather be able to see statistics about the domains of the email I receive instead, to see offenders etc. I already created a lot of filters for that, which helps a lot do some cleanup.

Also, I seem to have a lot of attachments, like a lot, and I can't clean them up, because gmail doesn't let me see the datasize clearly.

I downloaded my mail as an export, I think EML, I wanted to build a mail list myself to see attachments with a python script, but I think gmail doesn't export all the metadata of how mail are chained with each other and such.

Unfortunately, I think your extension cannot really do statistics on an existing mailbox, to see a map of mail counts per domain.

siscia35 minutes ago

Gmail API gives you the email file as MIME file.

From there is a bit up to you and depending on actually what data you get.

But I had a reasonable simple time with parsing it and getting data out of it while building https://getgabrielai.com

thefisola4 hours ago

At the moment the extension's side bar shows mail count per sender, not domain. You can also order from highest to lowest. Does that suffice for you?

You're right Gmail does not show the datasize clearly, but to get emails with large attachments, you can use search filters like: "larger:15M", where 15M is 15 megabytes. It's not exactly what you want but might help

JoBrad4 hours ago

That reminds me of xobni, which MS acquired years ago. It was pretty awesome, when it first came out.

mateus12 hours ago

I was looking for this for some time. Bought the 7-day license and it was useful.

I would love to preview some emails (are these just promos or do they include receipts?), perhaps by hovering or clicking the sender.

thefisola2 hours ago

Thank you!

Yes this is the actual working flow. When you click on a sender it should show the emails sent by that sender. Unfortunately, at the moment there's a bug. I'm waiting for a Chrome store review approval for the version with the fix to be published.

I will reply here once it's approved

netsharc6 hours ago

I don't get it...

> With this Chrome extension, emails are not sent to any external servers.

Don't you have to send an "Unsubscribe" email? To an external server?

> All calls to the Gmail API happen locally on your device.

Aha, you mean in comparison to a "SaaS" where these things happen on a third party server...

thefisola5 hours ago

I assume you've answered your question but just to explain further:

So generally in order to actually help you mass unsubscribe from unwanted emails, most email cleaning tools handle your email data on their server. The process of parsing email data to fetching unsubscribe links or unsubscribe instructions etc..

So there's a trust problem where some tools have been caught selling user data: https://www.nytimes.com/2017/04/24/technology/personal-data-...

So the goal here with InboxPurge is to move all these processes related to your email data to your device(browser), ensuring your privacy.

philsnow4 hours ago

In another post, you mention that there’s a header that can include an https link to POST a request to unsubscribe. So this extension and anything like it must be able to read email and send POSTs to arbitrary endpoints[0].

> ensuring your privacy

But only if we trust the extension author (and the authors of all of the transitive dependencies) to be neither malicious nor incompetent… right? I don’t know of resources that explain exactly what actions each permission in the manifest grants the extension to perform, nor a characterization of the execution environment of extensions. Do all browsers handle these matters similarly? Does some browser provide any more isolation or sandboxing than any other?

Edit: by no means did I mean to throw shade or cast doubt on your extension, I’m just grumpy in general and in particular about browser extensions, since nowadays “the browser is the OS”.

[0] or maybe there’s a gmail api that does it for you, and this extension actually can’t make arbitrary http connections?

thefisola2 hours ago

I might be misinterpreting your question but I'll try to explain further, hopefully it makes sense:

So the way most email cleaning tools work is:

- Scan your emails for all your subscriptions - via Gmail API - Each subscription has a link, that link is what is used to unsubscribe the link can either be in the email header or email body - This can be a POST request or a GET request, in some complex cases a mail send to unsubscribe - With this link for each mailing list, mass unsubscription can happen

So the main difference here is, other tools do this on the third-party servers. InboxPurge does this on your browser/device (specifically the email scanning bit). Making HTTP requests to the Gmail API from your device.

Yes, it's also possible to build a browser extension that does this on a third-party server.

*Other things happen depending on the email cleaning tool but I've tried to simplify to explain better.

Hope it was helpful.

You can find the list of browser permissions a Chrome extension can request for here: https://developer.chrome.com/docs/extensions/reference/manif...

nokun72 hours ago

Can I use your extension to run stats on my inbox? Like I want to find which sender has been hogging my inbox space, by size and by frequency etc.

thefisola2 hours ago

The extension lists the mailing lists you're subscribed ordered by the frequency (the amount of emails the sender has sent), does that handle your usecase?

nokun72 hours ago

Yes, that is exactly what I want. Super cool.

Ahmd724 hours ago

Nice extension, though due to the permissions it asks for its not for me. I did browse around the CRX source code and would have to say the license part is easy to bypass. You might want to work on that if you don't want to miss on some of your sales.

thefisola4 hours ago

Thank you

toisanji6 hours ago

nice work, I wouldn't pay monthly for this, but I would buy a one time license.

thefisola6 hours ago

Thank you! I appreciate. I'm happy to help if you have any questions or feedback.

pspeter34 hours ago

I still wish GMail supported deleting attachments without deleting the whole email.

RyanShook3 hours ago

I wish it were clear this was a paid subscription up-front.

thefisola3 hours ago

It's free for up to 20 mailing list unsubscribes/deletes per month. You only have to pay if you want unlimited access. It's made clear on the landing page. Sorry if 20 was not enough for you.

ssernikk5 hours ago

I like your attitude, but this statement:

> while ensuring privacy

...is rather contrary to gmail's whole business model.

dvh6 hours ago

I've set up a filter that moves emails that contains word "unsubscribe" to trash.

jabroni_salad4 hours ago

Unfortunately I have found that a lot of transactional mails include unsub links even on things that maybe I should not unsubscribe from, like receipts and billing statements and customer service interactions that I initiated and thought had gone unanswered.

thefisola5 hours ago

Filters only affects new incoming emails. If that's your intention, then that works perfectly. Of course this also means you never want to see a newsletter in your Inbox.

In cases where you want to mass delete older emails that you previously subscribed to, you might find InboxPurge useful.

ncocacola5 hours ago

You can apply filters to older emails.

thefisola5 hours ago

Oh interesting, didn't know this

fckgw5 hours ago

Did you know you can just click the unsubscribe button and then you won't need a filter?

abirch5 hours ago

I assumed that if you hit unsubscribe they would immediately sell your email. I've seen a lot of spam sent with an unsubscribe option.

cynicalsecurity4 hours ago

Don't click on unsubscribe, click on report spam instead, without unsubscribing.

hiatus2 hours ago

Your privacy policy says this:

> InboxPurge will only use your Gmail data accessed via the Gmail API to read or control Gmail message metadata (including attachment information), headers, and message content, to enable you to process (delete/move/archive/unsubscribe from) emails. It will not share this Gmail data with others unless required by law.

But how can you share data if required by law when in a previous paragraph you say you are not collecting this data and it never leaves my device?

thefisola2 hours ago

All these processes happen on your browser(device). The extension uses the Gmail API locally on your browser to perform all the necessary tasks. Your emails never get sent to any external server.

I hope that answers your question.

Edit: Just to add more context. The Google Oauth verification team requires that statement in the privacy policy.

parker-34612 hours ago

So what information “can” be shared with law enforcement agencies?

And which jurisdiction is this service governed in?

I think there is just many ambiguities which do not seem clear to me at all.

thefisola1 hour ago

I've added edit to explain why that particular statement is in the privacy policy

It's technically not possible from InboxPurge's perspective. As there'd be no email information to share

hiatus34 minutes ago

Just a heads up, you did not update the date of last update at the top of the policy following the changes you made.

mock-possum2 hours ago

I can’t tell whether you’re being cheekily obtuse or missing the point -

If required by law to share that information, what steps would you take to fulfill that legal requirement?

Is the implication that despite you being legally obligated to do so, you would in actuality have no method for sharing said information, and would therefore have nothing to offer law enforcement?

thefisola1 hour ago

I'm sorry if you felt like I was intentionally missing the point.

I've added edit to explain why that particular statement is in the privacy policy

It's technically not possible from InboxPurge's perspective. As there'd be no email information to share.

parker-34612 hours ago

Thanks for picking this up, I thought about trying it out and am very glad that you did go through it.

I don’t think I would touch it anymore.

thefisola2 hours ago

I already explained in a reply:

"All these processes happen on your browser(device). The extension uses the Gmail API locally on your browser to perform all the necessary tasks. Your emails never get sent to any external server."

Hope you give it a try.

parker-34612 hours ago

Sorry I feel like you really need to make the FAQ and legal terms a lot clearer.

Otherwise I think a lot of people would be easily deterred by the current/similar statements.

Thank you for sharing and taking the time to answer questions though.

thefisola1 hour ago

I totally understand. Unfortunately, that particular statement was required by Google OAuth verification team to verify InboxPurge. I'll figure out a way to make it clearer. Thank you.