UseToolSuite UseToolSuite

How to Redact a Screenshot or Photo (and Not Leak the Hidden Parts)

A step-by-step guide to redacting images safely: black box vs blur vs pixelate, why destructive redaction matters, how to also strip the metadata, and a ten-second check that nothing was uploaded.

Necmeddin Cunedioglu Necmeddin Cunedioglu 4 min read
Part of the The Complete Guide to Browser-Based Image Editing series

Practice what you learn

Image Redaction Tool

Try it free →

How to Redact a Screenshot or Photo (and Not Leak the Hidden Parts)

You need to share a screenshot — a bug report, an invoice, a chat thread, a dashboard — but part of it is sensitive: an email address, an API key, a customer’s name, a bank balance. So you cover it up and send it. The question that decides whether you actually protected anything is: is the hidden content still in the file?

Plenty of famous leaks were “redacted” documents where the black bar sat on top of selectable text, or a blurred number that got reconstructed. Images fail the same way. This guide walks through redacting an image so the sensitive part is genuinely gone, picking the right style for the job, and the two checks people skip.

What redaction actually has to do

There’s a real difference between covering content and removing it.

  • Covering draws a shape over the sensitive area. If that shape is a separate layer — in a design app, a slideshow, or a tool that overlays a box — the original pixels are still in the file, and anyone can move or delete the layer to reveal them.
  • Removing (destructive redaction) replaces the underlying pixels and flattens everything into a new, single-layer image. There’s no layer to peel back and no original hiding underneath.

Only the second one is safe. When you export, the covered area must be baked into the pixels of a freshly encoded file. The image redaction tool on this site works this way: each region is rasterized into the output at full resolution, so the hidden content can’t be recovered from the downloaded image.

Step by step

  1. Open the image in a redaction tool. Use one that processes the file in your browser — you’re about to handle the sensitive version, so it shouldn’t be uploaded anywhere. The Image Redaction tool loads it locally.
  2. Pick a redaction style for the regions you’re about to draw (more on choosing below).
  3. Draw a box over each sensitive area. Cover everything that identifies a person or a secret — not just the obvious field, but also reflections, autofill dropdowns, browser tabs, and notification previews that crept into the screenshot.
  4. Tune the intensity if you’re using blur or pixelate, until the content is genuinely unreadable rather than just fuzzy.
  5. Export and download. The tool flattens the regions into the pixels and hands you a new file. That downloaded file is the one to share.

Check the edges of the screenshot

Most accidental leaks aren’t the main field you redacted — they’re the things around it: an email in a browser tab title, a name in a sidebar, an amount in a chart legend, a notification that popped in. Scan the whole frame before you export, or crop the screenshot down to just what you need first.

Choosing a redaction style

Not every cover-up is equally safe. The right choice depends on whether the hidden value is something an attacker could guess and verify.

StyleReversible?Use it for
Black boxNo — pixels overwrittenIDs, account numbers, keys, signatures — anything guessable
White boxNo — pixels overwrittenThe same, on white documents where black looks heavy
PixelateSometimes, for simple contentFaces, logos, backgrounds where a hint is acceptable
BlurSometimes, at low strengthSoftening backgrounds and bystanders

The rule of thumb: if someone could brute-force the hidden value — try every six-digit code, pixelate each the same way, and match it to your image — then only a flat box is safe. Blur and pixelate protect appearance, not low-entropy secrets. A blurred face in a crowd is fine; a blurred PIN is not.

Don’t forget the metadata

Redacting the visible content solves half the problem. If you’re sharing a photo (rather than a screenshot), the file may also carry EXIF metadata — the GPS coordinates where it was taken, the device, and the exact timestamp. You can black out a face and still broadcast the address it was shot at.

A browser-based redactor that re-encodes the image usually drops this metadata automatically, but it’s worth confirming. If you only need to strip metadata without covering anything, the EXIF Viewer shows what a photo contains and removes it with one click. (For the full picture of what photos reveal, see EXIF data and privacy.)

Confirm nothing was uploaded

The entire point of redacting is to avoid handing the sensitive version of a file to someone else. So it’s worth ten seconds to confirm the tool didn’t upload it before you redacted:

  1. Open your browser’s developer tools and go to the Network tab.
  2. Add your image and run the redaction.
  3. You should see no upload request carrying the file. The image is read into memory, processed, and offered back as a download — all locally.

This is also why a client-side tool is the right choice for redaction specifically: a server-side editor would receive your un-redacted image first, which is exactly the thing you’re trying not to share. (More on that trade-off in why your browser is the safest image editor.)

The takeaway

Safe redaction comes down to three habits: make it destructive so the hidden pixels are truly gone, pick a black box for anything guessable rather than trusting blur, and remember the metadata on photos. Do it locally, glance at the Network tab, and the redacted file you share won’t have the original quietly riding along underneath.

Necmeddin Cunedioglu
Necmeddin Cunedioglu Author
4 min read
-- views

Software developer and the creator of UseToolSuite. I write about the tools and techniques I use daily as a developer — practical guides based on real experience, not theory.