How to Redact a Screenshot or Photo (and Not Leak the Hidden Parts)
You need to share a screenshot — a bug report, an invoice, a chat thread, a dashboard — but part of it is sensitive: an email address, an API key, a customer’s name, a bank balance. So you cover it up and send it. The question that decides whether you actually protected anything is: is the hidden content still in the file?
Plenty of famous leaks were “redacted” documents where the black bar sat on top of selectable text, or a blurred number that got reconstructed. Images fail the same way. This guide walks through redacting an image so the sensitive part is genuinely gone, picking the right style for the job, and the two checks people skip.
What redaction actually has to do
There’s a real difference between covering content and removing it.
- Covering draws a shape over the sensitive area. If that shape is a separate layer — in a design app, a slideshow, or a tool that overlays a box — the original pixels are still in the file, and anyone can move or delete the layer to reveal them.
- Removing (destructive redaction) replaces the underlying pixels and flattens everything into a new, single-layer image. There’s no layer to peel back and no original hiding underneath.
Only the second one is safe. When you export, the covered area must be baked into the pixels of a freshly encoded file. The image redaction tool on this site works this way: each region is rasterized into the output at full resolution, so the hidden content can’t be recovered from the downloaded image.
Step by step
- Open the image in a redaction tool. Use one that processes the file in your browser — you’re about to handle the sensitive version, so it shouldn’t be uploaded anywhere. The Image Redaction tool loads it locally.
- Pick a redaction style for the regions you’re about to draw (more on choosing below).
- Draw a box over each sensitive area. Cover everything that identifies a person or a secret — not just the obvious field, but also reflections, autofill dropdowns, browser tabs, and notification previews that crept into the screenshot.
- Tune the intensity if you’re using blur or pixelate, until the content is genuinely unreadable rather than just fuzzy.
- Export and download. The tool flattens the regions into the pixels and hands you a new file. That downloaded file is the one to share.
Check the edges of the screenshot
Most accidental leaks aren’t the main field you redacted — they’re the things around it: an email in a browser tab title, a name in a sidebar, an amount in a chart legend, a notification that popped in. Scan the whole frame before you export, or crop the screenshot down to just what you need first.
Choosing a redaction style
Not every cover-up is equally safe. The right choice depends on whether the hidden value is something an attacker could guess and verify.
| Style | Reversible? | Use it for |
|---|---|---|
| Black box | No — pixels overwritten | IDs, account numbers, keys, signatures — anything guessable |
| White box | No — pixels overwritten | The same, on white documents where black looks heavy |
| Pixelate | Sometimes, for simple content | Faces, logos, backgrounds where a hint is acceptable |
| Blur | Sometimes, at low strength | Softening backgrounds and bystanders |
The rule of thumb: if someone could brute-force the hidden value — try every six-digit code, pixelate each the same way, and match it to your image — then only a flat box is safe. Blur and pixelate protect appearance, not low-entropy secrets. A blurred face in a crowd is fine; a blurred PIN is not.
Don’t forget the metadata
Redacting the visible content solves half the problem. If you’re sharing a photo (rather than a screenshot), the file may also carry EXIF metadata — the GPS coordinates where it was taken, the device, and the exact timestamp. You can black out a face and still broadcast the address it was shot at.
A browser-based redactor that re-encodes the image usually drops this metadata automatically, but it’s worth confirming. If you only need to strip metadata without covering anything, the EXIF Viewer shows what a photo contains and removes it with one click. (For the full picture of what photos reveal, see EXIF data and privacy.)
Confirm nothing was uploaded
The entire point of redacting is to avoid handing the sensitive version of a file to someone else. So it’s worth ten seconds to confirm the tool didn’t upload it before you redacted:
- Open your browser’s developer tools and go to the Network tab.
- Add your image and run the redaction.
- You should see no upload request carrying the file. The image is read into memory, processed, and offered back as a download — all locally.
This is also why a client-side tool is the right choice for redaction specifically: a server-side editor would receive your un-redacted image first, which is exactly the thing you’re trying not to share. (More on that trade-off in why your browser is the safest image editor.)
The takeaway
Safe redaction comes down to three habits: make it destructive so the hidden pixels are truly gone, pick a black box for anything guessable rather than trusting blur, and remember the metadata on photos. Do it locally, glance at the Network tab, and the redacted file you share won’t have the original quietly riding along underneath.