VerifingCitation checks • Plagiarism • AI text signals
Abstract illustration: browser privacy
Privacy-first habits

Browser privacy basics for online tools (practical, not paranoid)

Jan 11, 202610 min readprivacy · productivity · web
privacyproductivityweb
RSS: /insights/rss.xml

Most web tools need your input to compute an output. That doesn’t mean you must paste sensitive content. A few small habits dramatically reduce risk.

The goal isn’t paranoia. It’s controlled sharing: you want the tool to see enough to help, but not enough to create unnecessary exposure if logs, screenshots, analytics, or third-party services exist.

A realistic threat model

  • Assume anything you paste is transmitted to a server to compute results.
  • Assume logs exist (for uptime/security), even if content is not “stored as a dataset.”
  • Assume third-party services may be involved (e.g., metadata lookups, ads if enabled).

The four categories of “sensitive” content

  • Personal data: names, emails, phone numbers, addresses, IDs.
  • Credentials/secrets: API keys, tokens, password resets, access links.
  • Confidential business data: contracts, customer lists, incident reports.
  • Regulated data: health, financial, government, or data under strict policy.
Safe default

If you would not paste it into a public issue tracker, don’t paste it into a web tool. Use identifiers, excerpts, or local workflows instead.

What to do before you paste
  • Remove personal data (emails, phone numbers, addresses, account ids).
  • Use minimal excerpts when you only need structure, not full text.
  • Prefer identifiers over full documents (DOI/PMID/URL instead of the whole PDF).
  • If it’s confidential, don’t paste it—verify using original sources locally.

Practical workflows that preserve privacy

  • Redaction workflow: replace names with placeholders (Person A, Org B) before pasting.
  • Identifier workflow: paste only DOI/PMID/ISBN/URL and fetch metadata from public sources.
  • Excerpt workflow: paste the smallest paragraph that contains the signal you want checked.
  • Separate profiles: use one browser profile for tools, another for personal accounts.
Good default: paste the minimum that still works

For verification-style tools, identifiers are often enough. For text tools, short excerpts often produce the same signal as full documents.

How to read “privacy-first” claims

  • Look for concrete defaults (“we do not store inputs by default”) rather than slogans.
  • Look for retention language (“logs kept for X days”).
  • Look for third-party disclosures (analytics, error reporting, hosting, ads).
  • If it’s ambiguous, treat it as “unknown” and adjust what you paste.

Next steps

More posts