Workflow guide · Privacy
Redact a screenshot so the exported pixels—not an overlay—carry the evidence
A defensible workflow has four separate jobs: identify every sensitive region, rasterize destructive fills, verify the encoded output bytes, and review the entire image in its intended sharing context.
1. Prepare the least-sensitive source
Crop away irrelevant areas before loading the screenshot. Prefer synthetic examples for support documentation. If a real screenshot is necessary, confirm authority to process it and identify names, email addresses, account IDs, tokens, QR codes, avatars, timestamps, browser chrome, notification previews, and background windows.
2. Use a deliberate region-review loop
- Inspect at 100% zoom and then zoom in. OCR is not a substitute for manual review and is disabled in the FastTool workbench.
- Add a rectangle with margin around each sensitive item. Name the region by type, not by the secret value.
- Reject zero-size, overlapping-by-mistake, or out-of-bounds coordinates before export.
- Rasterize opaque solid fills into a fresh canvas and encode a new PNG.
- Decode the exact exported bytes and verify dimensions, opacity, uniformity, and PNG metadata boundaries.
- Open the final PNG independently and perform a whole-image review before sharing.
3. Wrong approaches
Annotation overlay
A removable shape, PDF annotation, or document layer can leave original pixels recoverable. The output must be a newly rasterized image.
Blur or pixelation
Transformations preserve structured clues and can be reversible in some contexts. Use opaque fills for declared secret regions.
Only inspect the canvas
The proof target is the encoded file that will be shared. Decode and inspect those exact bytes.
Receipt equals legal certification
Hashes bind bytes and declared checks. They cannot certify that every sensitive context was identified or that sharing is lawful.
4. Reproduce the synthetic source and accepted regions
sips -s format png \
app/fixtures/flagship-editorial-20260713/screenshot/safe-synthetic-screenshot-source.svg \
--out /tmp/fasttool-safe-synthetic-screenshot.png
shasum -a 256 \
app/fixtures/flagship-editorial-20260713/screenshot/safe-synthetic-screenshot-source.svg \
app/fixtures/flagship-editorial-20260713/screenshot/accepted-zones.jsonSynthetic sourcebf54a471127ed73367d85b1cacf6c00fa936db191c252aa1f51340a365465c89
Accepted zones8c8e9a7e7c4fee1c5af416203f989aea8b62429976e5e7b3580eb96a9e2eb963
The source is passive build material and must be converted to PNG before loading. The three coordinates are manual inputs, not an import contract. Run the tool to obtain actual output hashes.
5. Verify the export packet
| Check | What it establishes | What it does not establish |
|---|---|---|
| Dimensions match | No accidental crop or scale in the encoded output | Correct region selection |
| Zone pixels opaque and uniform | Declared rectangles are solid in re-decoded bytes | Undeclared sensitive content is absent |
| Sensitive PNG chunks absent | Declared metadata boundary for the new PNG | No information remains visually |
| SHA-256 receipt matches | Artifacts are byte-identical to the reviewed export | Deletion, recipient behavior, or legal approval |
Method, limits, and privacy
Method: manual discovery, in-bounds regions, destructive rasterization, re-decode checks, whole-image review. Limits: no OCR, legal certification, recipient-state proof, or guarantee that an omitted secret will be found. Privacy: use an approved trusted device and minimize the source before loading; browser-local processing does not eliminate local-device or sharing risk.
Official sources
Correction channel
Send a source, coordinate, privacy-boundary, or method correction to [email protected] with evidence and the proposed change. FastTool is the accountable publisher; material changes appear in the changelog. Reviewed 2026-07-13.