Skip to main content

Your Windows 11 screenshots may not be as private as you thought

When you capture a screenshot and crop out sensitive information, it’s still possible to recover a portion of the image that was supposedly removed in some circumstances.

This isn’t the first time redacted documents have turned out to have left hidden data intact and readable with the right tools and knowledge. A recent bug in Google’s Markup tool for the Pixel phone, humorously dubbed the “Acropalypse,” shows this issue might be surprisingly common.

Recommended Videos

In a comment on the tweet about the Pixel bug, Chris Blume shared a similar discovery about the Windows Snipping Tool. A PNG image that requires 198 bytes grows to a much larger 4.7kB file when saved over an existing image. When saved as a new file, it increases by only 56 bytes, probably adding some metadata.

I've got a fun one for you all to look at.

I opened a 198 byte PNG with Microsoft's Snipping Tool, chose "Save As" to overwrite a different PNG file (no editing), and saves a 4,762 byte file with all that extra after the PNG IEND chunk.

Sounds similar :D

— Chris Blume (@ProgramMax) March 21, 2023

The implication is that Windows Snipping Tool overwrites files without reallocating storage. Instead, the new image data overwrites the existing file, followed by an end-of-file marker, and the rest of the old content remains.

While this might not sound like a common occurrence, consider the scenario Bleeping Computer described. You take a screenshot with the Windows Snipping Tool and save it. Realizing some sensitive data is visible, you crop it out and save over the original file.

In a Windows File Explorer preview pane and the Photos app, it looks like the crop is successful. In truth, the file size will be the same as that of the uncropped version, and parts of the old image are still there.

It isn’t easy to see the old data, but not that hard if you are looking for it and have some developer tools or a specialized app made to take advantage of this vulnerability.

Microsoft is aware of the issue and is currently investigating. In the meantime, you can protect yourself by cropping with the Photos app or other Windows photo editor. You can keep using the Snipping Tool safely if you save cropped screenshots as new files instead of overwriting existing data.

Alan Truly
Former Digital Trends Contributor
Alan Truly is a Writer at Digital Trends, covering computers, laptops, hardware, software, and accessories that stand out as…
The latest Windows 11 build has a surprising bug — it gets rid of Copilot
Copilot key on the Asus ROG Falchion HFX.

Microsoft has updated the support page for the Windows 11 build it released last week to reveal a rather amusing bug -- it seems to have caused some devices to automatically uninstall the Copilot app and unpin it from the taskbar.

At the time of writing, Microsoft is still working on a resolution to the issue spotted by Windows Latest, recommending affected users reinstall the app and pin it back to the taskbar manually. It looks like the bug can occur on any device if it updates to build KB5053598 from Windows 11 24H2, 23H2, or 22H2, along with Windows 10 22H2 or 21H2.

Read more
Windows 11 to simplify battery monitoring with mobile-inspired icons
Windows 11 logo on a laptop.

Microsoft is preparing changes to its laptop battery charge indicators, which should be coming to future versions of Windows 11 in the coming months. 

The updates are set to make clear distinctions between the different battery states, such as an unplugged battery, a charging battery, or a battery with an unknown status. While all Windows 11 users are scheduled to get the new battery-level icons, Windows 11 Insiders are set to get first dibs. According to Windows Latest, Microsoft previewed the battery icons to pre-release users in a video conference in early March. This conference revealed the icon images but did not give much further information about the coming design changes, such as a release timeline. 

Read more
Latest Windows 11 update slows Intel’s newest desktop processors
Windows 11 logo on a laptop.

Microsoft's latest Windows 11 24H2 (KB5050094 and KB5051987) updates are causing some serious performance issues, especially for Intel Core Ultra 9 285K users, as Neowin reports. The updates interfere with CPU speeds when a user minimizes a program or the app is out of focus. However, older Intel processors remain unaffected.

It's reported that apps are "massively throttled," causing the CPU's clock rate to drop significantly and deteriorating overall performance. Some users have resorted to using beta BIOS or changing power settings to preserve CPU performance during background processes. The Intel Core Ultra 9 285K slowdown is causing some major headaches as the issues occur across various apps, including Prime95 and 7Zip. This suggests that the 24H2 performance issues are not limited to one app but are linked to KB 5050094 and KB5051987 updates.

Read more