How to Redact a Screenshot Without Uploading It Anywhere

A practical guide. No tool required for most of it; one recommended at the end.

You need to share a screenshot. A bug report, a support ticket, a Slack message, a post asking for help. Somewhere in that image is something that should not travel with it: a customer email, an API key in a terminal, an account number, an internal IP. The question is how to black it out properly, and the trap most people fall into is the first search result: an "upload your file, we'll redact it" web service. To remove sensitive data from a file, you send the unredacted file to a stranger's server. That is backwards.

What Actually Leaks in a Shared Screenshot

Why Blur Alone Can Fail You

Light Gaussian blur and coarse pixelation over short, high-contrast text are not always one-way. Researchers have repeatedly shown that mosaic-style pixelation of known fonts can be reversed by brute force, and weak blur can be sharpened enough to read. The safe rule is simple: for text you truly cannot leak, use a solid bar. Blur is fine for softening a face or a background, or lowering the prominence of low-stakes content. For credentials and identifiers, opaque rectangles only.

Also check your editor's history. Some annotation tools save the rectangle as a removable layer on top of the image. Export a flattened PNG, never the editable project file.

The On-Device Way, Step by Step

  1. Take the screenshot and keep it local. Do not paste it into a web service to crop or annotate it.
  2. Scan it for PII before you trust your eyes. Eyes miss things, especially in dense terminal output or long tables. This is where OCR helps: software reads the text in the image and flags anything that matches a sensitive pattern.
  3. Cover with solid bars, then flatten. Draw opaque rectangles over every match. Export a new PNG so no editable layers survive.
  4. Strip the metadata. Remove EXIF and text chunks from the exported file. Many tools skip this step; make sure yours does not.

What About Text, Not Images

The same logic applies to pasting logs, error messages, or customer records into a chat, a ticket, or an AI assistant. Scrubbing by hand is error-prone. Pattern detection does it better: real validators (Luhn checks for card numbers, phone-plan rules for phone numbers, entropy checks for API keys) catch what a skim misses, and you review the highlights before anything is replaced.

Your Options, Honestly Compared

Where Redact Fits

Redact is a browser extension that does everything above locally. Paste text and it highlights emails, phones, SSNs, cards, IPs, API keys and IDs for one-click redaction. Drop in a screenshot, draw bars, and export a flattened PNG with metadata already stripped. The Pro tier ($12 one time, no subscription) adds on-device OCR auto-detection, blur and pixelate styles, batch processing, and custom patterns. The OCR engine is bundled with the extension, so even that runs without a network call. The only request the app ever makes is verifying a Pro license key.

It is coming to the Chrome Web Store now (in review). The free tier ships inside the extension; Pro is available today.

Get Redact Pro, $12 One-Time

Or read more about how it works on the Redact home page.