How to share screenshots safely — the four layers most people miss
You take a screenshot, drag it into Slack, hit send. Five seconds, done. Most of the time it's fine. But there are four layers of leakage that any screenshot carries by default, and the costliest leaks usually come from the layer you didn't think about.
This guide covers each layer, what leaks at each, and how to neutralize it without slowing yourself down.
What's actually pictured in the screenshot
The most obvious. Customer emails, API keys, balance figures, internal Slack messages, sidebar autocomplete suggestions, browser bookmarks bar.
Risk level: high — this is what gets you fired.
Fix:
- Use RedactPro to redact in-browser before screenshot (3 seconds)
- Or edit the screenshot in macOS Preview / Skitch / Photoshop after
- Always check sidebars, breadcrumbs, recently-viewed lists
- Close every unrelated tab before screenshotting
What's embedded in the file
Modern screenshot tools embed EXIF data: device model, OS version, screen resolution, sometimes app name, sometimes geolocation if the source was a photo. Tools like exiftool or any forensic image viewer can read this in 2 seconds.
Risk level: medium — leaks your device details and OS to the recipient and any platform that hosts the image.
Fix:
- macOS: Preview → Tools → Show Inspector → remove location/EXIF before saving
- Windows: right-click → Properties → Details → "Remove Properties"
- Or pipe through
exiftool -all= screenshot.png - Many SaaS tools (Slack, Twitter, Discord) auto-strip EXIF — but don't assume
What's in the filename you don't notice
macOS names screenshots Screenshot 2026-04-30 at 14.32.18.png by default. Some screenshot tools include the active window title, the URL, or the username. Filenames travel with the file by default in most messaging platforms.
Risk level: low-medium — leaks timestamps and sometimes app names, occasionally usernames.
Fix: rename to something neutral before sharing — screenshot.png, preview.png. Especially if the original filename includes "Stripe Dashboard" or a customer name.
What the platform does after you send
This is the layer almost no one thinks about:
- Slack: images are stored on Slack CDN with permanent URLs accessible to anyone with the link, even after you delete the message
- Discord: same — images are public via direct CDN URL
- Twitter: public images can be downloaded and re-shared even after you delete the tweet
- Notion: images embedded in pages remain accessible by URL even after you remove them from the page
- Pastebin / Imgur / etc: default-public, indexed by search engines
Risk level: high — the recipient is not the only one who sees the image.
Fix:
- Assume any image you send is permanent and potentially public
- For private screenshots, share a link that requires authentication (Notion private page, Gmail attachment, encrypted file)
- Don't paste sensitive screenshots in public Slack channels even if "the channel is internal" — Slack URLs are accessible without authentication if you have them
The 30-second pre-share checklist
- Use RedactPro or your editor to hide sensitive content (Layer 1)
- Strip EXIF if your destination is public or untrusted (Layer 2)
- Rename the file to something neutral (Layer 3)
- Choose a destination that requires authentication for sensitive content (Layer 4)
- Final spot-check: zoom into the corners and edges of the screenshot for things you missed
Tools we recommend by layer
- Layer 1 (visible content): RedactPro for in-browser, CleanShot X for post-screenshot
- Layer 2 (EXIF): built-in Preview / Properties dialog, or
exiftoolfor power users - Layer 3 (filename): just rename — no tool needed
- Layer 4 (hosting): default to authenticated channels (Notion, Gmail) over public CDNs (Slack, Discord) for sensitive content