Understand what your child
is posting online
IdentiScope is a safeguarding tool that analyses public Twitter/X activity for harmful language and patterns of behavioural red flags. Results are written in plain English with specific actions for parents to take.
No download required. Sign in with Twitter takes 30 seconds. Public accounts only.
What IdentiScope detects
24 risk categories, scored and explained
Every risk category comes with a layperson's explanation and actionable advice for parents. There's no jargon to decipher, just useful advice and findings.
Click here for a more in depth explanation on keywords, examples, and what to do
IdentiScope detects crisis indicators, coded language (algospeak/leetspeak), eating disorder terminology, and suicide-related phrases. Also provides crisis line links if triggered.
Detects inappropriate meeting requests and secretive contact, and suspicious following/follower patterns. Wordlist informed by CEOP and Barnardos research.
Language associated with Child Sexual Abuse Material (CSAM), non-consensual image sharing and coercion, using consideration from relevan Irish cases such as Coco's Law.
Covers far-right, far-left, incel and femcel ideology, neo-nazi language, nationalist and religious extremism.
Identifies drug references including, substance slang/terminology, and algospeak terms used to evade content filters.
Recognises language associated with drug running, financial exploitation, and county lines recruitment targeting young people.
Each post is passed through Natural Language Processing (NLP) neural models trained specifically on Twitter data to detect sarcasm, context, sentiment, capitalisation patterns, and emojis.
Tracks late-night activity, posting bursts, bio description, and follower/following lists to identify patterns of low mental health or indications of a burner account.
How it works
Four steps, under two minutes
Your Twitter account is used to verify your identity and create an accountability record for each scan. IdentiScope only requests read access to public data.
Type in the public Twitter/X handle you want to review. The account must be publicly visible and mutually following. Up to the last 100 recent posts are fetched and analysed.
Get a risk score (0-100), category breakdown, flagged posts with the matched keywords highlighted, and prioritised recommendations in plain English.
Export the report to PDF or print, view previous alerts and export or delete all data from the app in compliance with GDPR.
How it was built
Technology and design decisions
IdentiScope was designed from the ground up as a tool not for surveillance, but for accessibility and risk mitigation. Every decision was made with safety, privacy, ethics, and usability in mind.
Fluent development and a small footprint. Deployed to Azure App Service with Gunicorn.
All three collections use MongoDB TTL indexes to auto-delete data after 24 hours in accordance with GDPR
The Twitter/X free API tier limits tweet retrieval to 10 posts per request and restricts follower lookups. Apify provides reliable access to public tweet timelines without those constraints, allowing up to 100 posts per scan.
The twitter-roberta-base-sentiment model was trained on 124 million tweets and handles abbreviations, emoji, and informal language that generic NLP models miss. A second Cardiff model detects irony and sarcasm to reduce false positives.
PKCE (Proof Key for Code Exchange) OAuth 2.0 is industry standard and best practice for public clients. No client secret is stored in the browser. Tokens are scoped to read-only public data and auto-refresh.
24 wordlists (hard and soft tiers) are combined with ML sentiment scores and behavioural profile signals. Each category has a weighted score with caps to prevent skew. Final score: 0-100 across low, medium, high, and urgent bands.
Security hardening follows OWASP Top 10 guidelines: rate limiting on all API endpoints, input sanitisation, CSRF protection, secure session handling, and dependency scanning. All routes enforce authentication where required.
Every push to main triggers an automated pipeline that deploys the app to Azure App Service via a GitHub Actions publish profile.
Design principles
-
Open-source and respect for privacy
IdentiScope uses OSINT techniques to analyse public Twitter/X activity only, and cannot access private accounts or personal messages. Only posts already publicly visible are analysed. Licensed under GPL-3.0.
-
Consent
Every user must read and accept an ethical use agreement before accessing the tool, and has export and deletion tools available. This is a risk mitigation tool, not a surveillance tool.
-
Context
Keywords are checked against contextual signals before scoring. Saying "I'd kill for a chipper" is not treated the same as a direct threat. Gaming, news, and educational contexts are recognised.
-
Sovereignty
Target usernames are SHA-256 hashed in the audit log, raw post data is discarded after report generation and Saved reports auto-delete after 24 hours. Users can export or delete all their data at any time. Right to erasure is fully implemented.
-
Accountability
To prevent misuse, IdentiScope only allows scanning accounts that the signed-in parent already follows. This limits the tool to genuine safeguarding relationships and creates an accountability trail for every scan.
-
Accessibility
Full WCAG 2.2 AA compliance including screen reader support, keyboard navigation, skip links, live region announcements, and an in-page accessibility panel for text size, contrast, motion, dyslexia font, and letter spacing. All content is written in plain English at a reading level accessible to non-technical parents.
FYP | CW_KCCYB_B | 2026