Workflow guide · Privacy

Redact a screenshot so the exported pixels—not an overlay—carry the evidence

A defensible workflow has four separate jobs: identify every sensitive region, rasterize destructive fills, verify the encoded output bytes, and review the entire image in its intended sharing context.

Worked sample, not a live result.This page does not accept or process images. The synthetic fixture demonstrates a review procedure; the canonical workbench produces the actual PNG and proof packet.

1. Prepare the least-sensitive source

Crop away irrelevant areas before loading the screenshot. Prefer synthetic examples for support documentation. If a real screenshot is necessary, confirm authority to process it and identify names, email addresses, account IDs, tokens, QR codes, avatars, timestamps, browser chrome, notification previews, and background windows.

2. Use a deliberate region-review loop

  1. Inspect at 100% zoom and then zoom in. OCR is not a substitute for manual review and is disabled in the FastTool workbench.
  2. Add a rectangle with margin around each sensitive item. Name the region by type, not by the secret value.
  3. Reject zero-size, overlapping-by-mistake, or out-of-bounds coordinates before export.
  4. Rasterize opaque solid fills into a fresh canvas and encode a new PNG.
  5. Decode the exact exported bytes and verify dimensions, opacity, uniformity, and PNG metadata boundaries.
  6. Open the final PNG independently and perform a whole-image review before sharing.

3. Wrong approaches

Annotation overlay

A removable shape, PDF annotation, or document layer can leave original pixels recoverable. The output must be a newly rasterized image.

Blur or pixelation

Transformations preserve structured clues and can be reversible in some contexts. Use opaque fills for declared secret regions.

Only inspect the canvas

The proof target is the encoded file that will be shared. Decode and inspect those exact bytes.

Receipt equals legal certification

Hashes bind bytes and declared checks. They cannot certify that every sensitive context was identified or that sharing is lawful.

4. Reproduce the synthetic source and accepted regions

sips -s format png \
  app/fixtures/flagship-editorial-20260713/screenshot/safe-synthetic-screenshot-source.svg \
  --out /tmp/fasttool-safe-synthetic-screenshot.png

shasum -a 256 \
  app/fixtures/flagship-editorial-20260713/screenshot/safe-synthetic-screenshot-source.svg \
  app/fixtures/flagship-editorial-20260713/screenshot/accepted-zones.json

Synthetic sourcebf54a471127ed73367d85b1cacf6c00fa936db191c252aa1f51340a365465c89

Accepted zones8c8e9a7e7c4fee1c5af416203f989aea8b62429976e5e7b3580eb96a9e2eb963

The source is passive build material and must be converted to PNG before loading. The three coordinates are manual inputs, not an import contract. Run the tool to obtain actual output hashes.

5. Verify the export packet

CheckWhat it establishesWhat it does not establish
Dimensions matchNo accidental crop or scale in the encoded outputCorrect region selection
Zone pixels opaque and uniformDeclared rectangles are solid in re-decoded bytesUndeclared sensitive content is absent
Sensitive PNG chunks absentDeclared metadata boundary for the new PNGNo information remains visually
SHA-256 receipt matchesArtifacts are byte-identical to the reviewed exportDeletion, recipient behavior, or legal approval

Method, limits, and privacy

Method: manual discovery, in-bounds regions, destructive rasterization, re-decode checks, whole-image review. Limits: no OCR, legal certification, recipient-state proof, or guarantee that an omitted secret will be found. Privacy: use an approved trusted device and minimize the source before loading; browser-local processing does not eliminate local-device or sharing risk.

Official sources

Correction channel

Send a source, coordinate, privacy-boundary, or method correction to [email protected] with evidence and the proposed change. FastTool is the accountable publisher; material changes appear in the changelog. Reviewed 2026-07-13.