Photo Censor

What this tool does

Photo Censor lets you draw rectangles over an image, pick a censor mode for each rectangle, and export a new PNG with the rectangles applied. The censor modes are:

• Pixelate — replace the pixels under the rectangle with large uniform-colour cells. Configurable cell size (4 to 64 px).
• Blur — apply a Gaussian blur to the pixels under the rectangle. Configurable radius.
• Black bar — fill the rectangle with solid black.

The original file you upload is never modified — the tool produces a new image. The output is a fresh PNG built from the censored canvas; you keep the source file untouched and save the redacted version separately.

How it works

The image is loaded into a <canvas> at its native pixel dimensions. When you draw a rectangle on the preview, the rectangle is mapped from CSS coordinates back to the canvas’s native pixel coordinates. Applying a censor mode means:

• Pixelate: read the rectangle as an ImageData block, divide it into N × N cells, average each cell’s pixels, then fill each cell with its average colour. Write the result back.
• Blur: read the rectangle, run a separable Gaussian convolution (two passes — horizontal then vertical — for efficiency), write the result back.
• Black bar: fill the rectangle on the canvas context with #000000.

When you click Export PNG, the canvas is encoded via canvas.toBlob('image/png') and handed to you as a download. The exported file contains only the censored pixel grid — the original pixel values under the rectangles are not stored anywhere in the output and cannot be recovered from the PNG alone.

Common use cases

• Personal info in screenshots. Email addresses, account numbers, phone numbers, postal addresses, full names — all the things you mean to hide before sharing a screenshot of an app, a settings page, or a billing statement on social media.
• Bug reports and support tickets. A screenshot demonstrating a UI bug often contains your own real data (cart contents, message history, profile information). Redact those bits before uploading the screenshot to a public issue tracker or a vendor support portal.
• Faces in candid photos. Before posting a photo of a public space or event, censor any bystanders’ faces. Black-bar mode is the strongest option; pixelate is the friendlier visual compromise.
• Confidential documents in photos. A photo of a printed contract, an invoice, or a screen behind someone in a podcast setup — redact the sensitive lines before sharing.
• License plates, ID numbers, signatures. Anything that uniquely identifies a person or vehicle in an otherwise shareable photo.

How to use this Photo Censor

1. Drop an image onto the dropzone, or click to pick from your file system. PNG, JPG, WebP and most common formats are accepted.
2. Pick a censor mode — pixelate, blur, or black bar — and adjust the strength (cell size for pixelate, radius for blur).
3. Click and drag on the preview to draw a rectangle. The selected area is censored immediately at the chosen mode and strength.
4. Draw more rectangles as needed. Each rectangle can use a different mode — pixelate one face, black-bar an email address, blur a phone number — by changing the mode between draws.
5. Made a mistake? Click Undo to remove the last rectangle, or Reset to start over from the original.
6. When you’re happy with the result, click Export PNG. The censored PNG is built and a Download button appears.

Security considerations

The output file is the only thing you share. Once exported, the PNG contains exactly the pixel grid you see on the preview — no hidden layer, no undo history, no original-pixel backup. A recipient of the file cannot peel the censor off because the original pixel values are simply not there.

A few caveats worth understanding:

• Pixelate is not cryptographically secure. As covered in the FAQ, an attacker who already has a candidate plaintext (e.g. they suspect the censored field reads “balance: $12,345.67”) can verify their guess by running the same pixelate operation on their candidate and comparing. They can’t recover unknown information, but they can confirm a guess. For data where the attacker may have or guess the plaintext, prefer black bar.
• Surrounding context can leak. A perfectly censored credit- card number doesn’t help if the same screenshot shows your full name and billing address uncensored. Censor every identifying field, not just the most obvious one.
• EXIF is stripped — usually a good thing. The exported PNG contains no EXIF, so GPS coordinates and timestamps from the original are gone. If you needed them, this tool isn’t the right choice; for redaction, this is the safer default.

Privacy

Image loading, censor application and PNG export all happen in your browser. The dropped file is read by the File API directly into a canvas — no upload, no temporary storage on any server, no analytics on the image contents. Confirm in the browser Network panel; the only requests this page makes are when it first loads its JavaScript bundle.

Compatibility notes

The output is a standard PNG. Every image viewer, social platform, chat app, and CMS displays it correctly. The tool needs a browser that supports canvas.toBlob, ImageData manipulation, and the File API — every browser released since 2019. Very large images (over ~20 megapixels) may take a moment to encode the final PNG; the in-browser editing remains responsive throughout.