
Show HN: Chrome extension to blur personal data before screen capture - v3nom
https://datamask.tech
======
jve
Oh, this seems like HTML-aware stuff, so has it's niche.

For others that want to supercharge screenshotting capabilities, look at
Greenshot ([https://getgreenshot.org/](https://getgreenshot.org/)) You can
mask whatever you want right away. Torn edges. Highlight. Conveniently set
numbers, add text, upload to web and get URL in your clipboard. Or save
locally and have File path in your clipboard.

By default, When I press print screen, I get the crosshair to crop some region
of my screen. Super fast, super convenient. What a time saver. Just a happy
user.

~~~
v3nom
There are many screenshot tools, Windows OS has probably the most out of the
box. But there are very little which would be geared towards web content and
HTML manipulation. And hopefully I can provide the best experience by focusing
on one niche first.

~~~
ThePowerOfFuet
>Windows OS has probably the most out of the box

Are you sure about that?

[https://support.apple.com/guide/mac-help/take-screenshots-
or...](https://support.apple.com/guide/mac-help/take-screenshots-or-screen-
recordings-mh26782/mac)

~~~
detaro
What do you think the word "probably" implies about that?

------
v3nom
Maker here. I have built the DataMask Chrome extension out of personal
frustration when manually hiding private data in screenshots for my blog
articles. I was spending a lot of time opening Chrome Dev tools manipulating
website content and then finishing the job with Sketch. I wanted a tool which
would let me do this work without leaving the browser and remove the need to
use dev tools or design software all together. With this in mind DataMask was
born. After several iterations it can now automatically scramble all text on a
website, draw blur rectangles and enable basic HTML edit capabilities.

Give DataMask a go and let me know how I can improve it further.

~~~
zamalek
This is a great idea! You might reconsider using blur to obscure the
information, as it is trivial to defeat [1] (no ML required!).

[1]: [http://dheera.net/projects/blur](http://dheera.net/projects/blur)

~~~
v3nom
True, blur on large areas is reversible, even visually user can see the text
true and I hope that users will recognise that. That's why I also added
scramble option which replaces all text with random characters. Combining
scramble for data protection and blur for visual affect is the best
combination

~~~
rhizome
How about two blurs? I've thought that a rotational blur followed by a
gaussian or similar would be pretty secure.

~~~
ohazi
"pretty secure"

It's either completely secure or it isn't secure at all.

Blurs can be deconvolved if the point spread function is known or can be
guessed. Two blurs is just security through obscurity and hoping that
numerical precision / stability issues work out in your favor.

Just black out sensitive areas.

[https://en.m.wikipedia.org/wiki/Deconvolution](https://en.m.wikipedia.org/wiki/Deconvolution)

[http://refocus-it.sourceforge.net/](http://refocus-it.sourceforge.net/)

------
gnicholas
When you click to install, it says the extension can _" read and change your
data on www.googleapis.com"._

Can't it read and change your data on any site where you invoke it, not just
www.googleapis.com? This seems like an interesting conundrum — the only pages
where you would invoke it are pages that have information you'd like to keep
private. But you're granting the developer of the extension read/write access
to the content on these pages, which seems unwise unless you know and trust
the dev.

As someone with an accessibility-related extension that needs broad access, I
can say that some folks are hesitant to install any extensions that have broad
read/write access. Some companies (including Google, I'm told) forbid
employees from installing extensions that have global read/write access, and
would presumably feel the same way about this extension since it is intended
to be invoked on pages with private content. I wish the creator the best of
luck — this seems like a cool tool! — but I wonder about how this will pan
out.

A couple pricing suggestions, since I also started out at $10/yr: set your
price higher and offer coupons. I thought the affordability and simplicity of
$10/yr would be a winner, but it isn't. People expect discounts on software,
so they'll wait until they get one. If you don't give a coupon, many of them
will give up and uninstall. You'll have more revenue AND more customers if you
price at $15 and give random $5-off coupons.

Also, it appears this is a free trial that becomes paid, with no free
functionality past the expiration of the trial. I would suggest allowing some
functionality (perhaps 2x uses per month?) to post-trial users, so they have a
reason to stick around instead of just uninstalling.

It would also provide a greater inducement for people to sign up — I like the
idea of your extension, but I won't install because I don't value it at $10/yr
— and I don't want to spend time learning how to use a tool that I'm only
going to have access to for a short time. If there were an ongoing-but-usage-
limited functionality, I would be much more likely to install.

I'm happy to share more learnings from 7 years in the Chrome Store, if you
find any of this helpful. Contact info is in my profile.

~~~
v3nom
Trial licence is implemented using the canonical way provided by Google. This
was a big mistake from my side, don't get me started how bad the entire flow
is. Google could have solved this with one API call but they chose to leave it
to the maker to combine different Google services to achieve this. This is why
it needs access to googleapis.com to check for licence. For all other pages,
extension uses activetab permission which allows to modify content of the
current tab.

I am learning as I go about extensions and building a product in general. So
far I am learning mostly from my mistakes as some of it is specific to Chrome
Web Store. It would be really great to connect and chat. I will reach out.

~~~
gnicholas
> _For all other pages, extension uses activetab permission which allows to
> modify content of the current tab._

Very interesting that the permissions request on install doesn't mention this.
I mean, it should be obvious that something that takes screenshots needs to
know what it's screenshotting, but the bits about text-scrambling (which I
only learned of via the HN discussion) reveal that it needs more access than
just the image of the page.

~~~
v3nom
Maybe extension install UI changes once more permissions are requested. I
definitely remember seeing activeTab listed for other extensions

------
sbassi
I get a nasty warning from Ethereum:

This domain is currently on the MetaMask domain warning list. This means that
based on information available to us, MetaMask believes this domain could
currently compromise your security and, as an added safety feature, MetaMask
has restricted access to the site. To override this, please read the rest of
this warning for instructions on how to continue at your own risk.

There are many reasons sites can appear on our warning list, and our warning
list compiles from other widely used industry lists. Such reasons can include
known fraud or security risks, such as domains that test positive on the
Ethereum Phishing Detector. Domains on these warning lists may include
outright malicious websites and legitimate websites that have been compromised
by a malicious actor.

To read more about this site please review the domain on Etherscam.

Note that this warning list is compiled on a voluntary basis. This list may be
inaccurate or incomplete. Just because a domain does not appear on this list
is not an implicit guarantee of that domain's safety. As always, your
transactions are your own responsibility. If you wish to interact with any
domain on our warning list, you can do so by continuing at your own risk.

If you think this domain is incorrectly flagged or if a blocked legitimate
website has resolved its security issues, please file an issue.

~~~
v3nom
See other comment about this for details. Hopefully I can get them to
whitelist the domain. My landing page or extension has nothing to do with
crypto.

------
alphast0rm
Just an FYI but clicking on the link triggers Metamask's [1] Ethereum Phishing
Detection, here's a screenshot:

[https://i.imgur.com/p2m8nil.png](https://i.imgur.com/p2m8nil.png)

[1] [https://metamask.io/](https://metamask.io/)

~~~
v3nom
Thanks, I will look into that. Not sure why it does not like my landing page
:)

~~~
jneplokh
Probably has something to do with the domain being similar. That is what is
says here too: [https://metamask.github.io/eth-phishing-
detect/](https://metamask.github.io/eth-phishing-detect/)

"This domain was blocked for its similarity to metamask.io, a historical
phishing target."

It also seems like someone has already filed an issue on their Github
([https://github.com/MetaMask/eth-phishing-
detect/issues/3762](https://github.com/MetaMask/eth-phishing-
detect/issues/3762)) a month ago.

------
notRobot
Chrome and privacy don't go together. Are you planning on releasing a version
for Firefox?

Porting extensions to FF is very easy because of how similar WebExtensions is
to the Chrome extension API:
[https://wiki.mozilla.org/WebExtensions](https://wiki.mozilla.org/WebExtensions)

------
zndr
I normally run a [https://crxcavator.io/](https://crxcavator.io/) check on any
extension, but cannot because it's free. I'm assuming this is all done
locally?

~~~
v3nom
You can can see content of any extension via chrome dev tools. Not sure what
are the limitations of the tool you are referencing.

