The latest articles on DEV Community by ai_pmer (@hunkwu). https://dev.to/hunkwu https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3928908%2Fe5f8dc25-b985-464e-834c-4d0f5925ecea.jpeg https://dev.to/hunkwu en ai_pmer Wed, 13 May 2026 09:25:07 +0000 https://dev.to/hunkwu/image-compression-privacy-why-you-shouldnt-upload-private-photos-to-online-tools-1aij https://dev.to/hunkwu/image-compression-privacy-why-you-shouldnt-upload-private-photos-to-online-tools-1aij <p>Every day, millions of people drag photos into online compression tools without thinking about where those images actually go. The answer, for most popular tools, is: <strong>to someone else's server</strong>.</p> <p>For generic photos this may be acceptable. For private images, it's a risk worth understanding.</p> <ol> <li>Your image is uploaded via HTTPS to the tool's servers (or a third-party CDN)</li> <li>The image is processed by their algorithm on their hardware</li> <li>The compressed result is returned to your browser for download</li> <li>The original and/or processed image is stored temporarily (duration varies by policy)</li> <li>Depending on the tool, your image data may be logged, analyzed, or used for model training</li> </ol> <p>Most reputable tools delete files within 1–24 hours. But "temporarily stored" still means your image existed on their infrastructure — subject to their security practices, their data residency, and their privacy policy.</p> <h2> Which Images Should You Never Upload? </h2> <ul> <li>🛂 <strong>Passport &amp; ID photos</strong> — Biometric data. Use a local tool.</li> <li>🏥 <strong>Medical images</strong> — May be subject to HIPAA or GDPR</li> <li>🏢 <strong>Unreleased product designs</strong> — Proprietary IP</li> <li>📋 <strong>Signed contracts &amp; legal documents</strong> — Confidential PII</li> <li>💳 <strong>Financial statements</strong> — Account numbers, balances</li> <li>👤 <strong>Photos of children</strong> — Parental responsibility</li> <li>🔐 <strong>NDA-covered client work</strong> — You may be contractually prohibited</li> </ul> <h2> Tool-by-Tool Privacy Comparison </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tool</th> <th>Processing</th> <th>Uploaded?</th> <th>Safe for Private Photos</th> </tr> </thead> <tbody> <tr> <td>TinyPNG</td> <td>Server-side</td> <td>✅ Yes</td> <td>⚠️ Use with caution</td> </tr> <tr> <td>Compressor.io</td> <td>Server-side</td> <td>✅ Yes</td> <td>⚠️ Use with caution</td> </tr> <tr> <td>iLoveIMG</td> <td>Server-side</td> <td>✅ Yes</td> <td>⚠️ Use with caution</td> </tr> <tr> <td>Squoosh</td> <td>Browser (WASM)</td> <td>❌ Never</td> <td>✅ Safe</td> </tr> <tr> <td>ImgMin</td> <td>Browser (Canvas API)</td> <td>❌ Never</td> <td>✅ Safe</td> </tr> </tbody> </table></div> <h2> How to Verify a Tool Processes Locally (30 seconds) </h2> <p>You don't have to take anyone's word for it:</p> <ol> <li>Open the image compression tool in your browser</li> <li>Open <strong>DevTools</strong> (<code>F12</code> / <code>Cmd+Option+I</code> on Mac)</li> <li>Click the <strong>Network</strong> tab and clear the log</li> <li>Drop an image to compress</li> <li>Watch the Network tab — if your image is sent anywhere, you'll see it here</li> </ol> <p>For browser-only tools like Squoosh or <a href="https://imgmin.pro" rel="noopener noreferrer">ImgMin</a>, you'll see <strong>zero upload requests</strong>. Your image never leaves your browser.</p> imgmin tinypng tinyimg