Privacy audits

We audited 12 screenshot extensions' network requests

The short answer

Of twelve screenshot extensions, five uploaded captures to a server by default, three did so only for "cloud" features, and four processed everything locally. Permissions rarely matched behavior. If a screenshot tool requests broad host access and phones home, treat your captures as shared.

Why screenshot tools deserve scrutiny

A capture can contain anything on screen — tokens, private messages, unreleased work. An extension that uploads by default is a data-exfiltration path most users never notice.

What we measured

For each extension we captured one full-page screenshot on a test page and recorded outbound requests. We compared observed behavior to the declared permissions.

BehaviorCount
Uploads captures by default5 / 12
Uploads only for cloud features3 / 12
Fully local4 / 12

The takeaway

Permissions are a ceiling, not a description. Prefer tools that state local-only processing and back it with an audit you can reproduce.

Methodology. Method: each extension on a fresh profile, one capture on a controlled page, requests logged via mitmproxy. Names withheld pending disclosure; full dataset on request. Collected 2026-06-05.