We audited 12 screenshot extensions' network requests
The short answer
Of twelve screenshot extensions, five uploaded captures to a server by default, three did so only for "cloud" features, and four processed everything locally. Permissions rarely matched behavior. If a screenshot tool requests broad host access and phones home, treat your captures as shared.
Why screenshot tools deserve scrutiny
A capture can contain anything on screen — tokens, private messages, unreleased work. An extension that uploads by default is a data-exfiltration path most users never notice.
What we measured
For each extension we captured one full-page screenshot on a test page and recorded outbound requests. We compared observed behavior to the declared permissions.
| Behavior | Count |
|---|---|
| Uploads captures by default | 5 / 12 |
| Uploads only for cloud features | 3 / 12 |
| Fully local | 4 / 12 |
The takeaway
Permissions are a ceiling, not a description. Prefer tools that state local-only processing and back it with an audit you can reproduce.
Methodology. Method: each extension on a fresh profile, one capture on a controlled page, requests logged via mitmproxy. Names withheld pending disclosure; full dataset on request. Collected 2026-06-05.